r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9436
Expires: Sat, 10 Dec 2022 03:57:37 GMT
Date: Sat, 10 Dec 2022 01:20:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6543
Expires: Sat, 10 Dec 2022 03:09:24 GMT
Date: Sat, 10 Dec 2022 01:20:21 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 10 Dec 2022 01:08:22 GMT
content-type: application/json
age: 719
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17045
Expires: Sat, 10 Dec 2022 06:04:26 GMT
Date: Sat, 10 Dec 2022 01:20:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: S5XjHTilLCtJieErsqkwB8ruPr57ZgrTOq2g5uJjFU2LVDPGMAcJvOki+3PuvZiyNPrpB6Z5oMx85HJga8fLqw==
x-amz-request-id: 53S30F3MT56BVQS6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 10 Dec 2022 00:48:35 GMT
age: 1906
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8039e9d3b1a32f1e888cb2fc8099e137
a88806b0c05f58ae9b4e4cbc4f3a0c6855bed0c4
3e2b0ce30a35659a9d210eb0efcb88b2809f4a78ef9d3296cc8e26e8cb156979
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E2B0CE30A35659A9D210EB0EFCB88B2809F4A78EF9D3296CC8E26E8CB156979"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 10 Dec 2022 07:20:21 GMT
Date: Sat, 10 Dec 2022 01:20:21 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:21 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
91.218.65.6200 OK 25 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
IP 91.218.65.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (25275)
Hash c3ad8bed4be6b88306758a24f449ad6d
2981037a823e0a069f8a6f574f3481461c3b941f
083cc18b9b49d6c87379d3357fb256067f851c626d9ccf7528f6f0a7b90817c0
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
openphish Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/ HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:21 GMT
content-type: text/html; charset=UTF-8
content-length: 24808
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; path=/
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource
91.218.65.6200 OK 1.5 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource
IP 91.218.65.6:0
Hash ce3962ff61c64d30be05d0f57e8bf3d0
948c113428bd8e071c89fbcbe0cbd1f303b4207d
54f983fd69daf585022ea02914e6bbbec2fee235b78ddfaf0874e96f39462e87
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/saved_resource HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/octet-stream
content-length: 1463
last-modified: Fri, 09 Dec 2022 00:03:11 GMT
etag: "63927b3f-5b7"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/js
91.218.65.6200 OK 98 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/js
IP 91.218.65.6:0
File type ASCII text, with very long lines (2127)
Hash 4fcf33a7bfcedeb356402b3dcb8a7941
e52add890e8b9486cafdcf737737f873b2fddf2d
b2e61bfff0b05ab82eddd27e37e0bbcd067980982ecb72284afae5c576792c0a
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/js HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/octet-stream
content-length: 98236
last-modified: Fri, 09 Dec 2022 00:03:10 GMT
etag: "63927b3e-17fbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/456228845279132
91.218.65.6200 OK 261 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/456228845279132
IP 91.218.65.6:0
File type ASCII text, with very long lines (64471)
Size 261 kB (260964 bytes)
Hash 9eb15265ebeec54fad2c80298b8b5989
dcaf33bd450152f7c6f5bdc5c61dfd112ed0f6c1
667b0a2734580b913c271c71708d39c2fb527a79edd19f1ba4d4de26c382203d
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/456228845279132 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/octet-stream
content-length: 260964
last-modified: Fri, 09 Dec 2022 00:03:05 GMT
etag: "63927b39-3fb64"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource(1)
91.218.65.6200 OK 82 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource(1)
IP 91.218.65.6:0
File type HTML document, ASCII text, with very long lines (558)
Hash a2a82860a6ff16765a4e5302b7df6ef8
e119c23241e2e865362a7d93e77652cc03fb2867
e900793533d5a24861457658acd88eefaf284309e5e5f8a049b9468af341abf2
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/saved_resource(1) HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/octet-stream
content-length: 81728
last-modified: Fri, 09 Dec 2022 00:03:11 GMT
etag: "63927b3f-13f40"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/j.php
91.218.65.6200 OK 2.0 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/j.php
IP 91.218.65.6:0
File type ASCII text, with very long lines (2535)
Hash 68252acac8879c2fa1189d45b23b5ed6
f2a407e2ea95c719885c231c9ddd8b20f36740df
ac0866f3eabac6c7a50864fe3de79c0339c1cc984a0141bc06502a4c75ba7539
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/j.php HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/html; charset=UTF-8
content-length: 2007
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/cs
91.218.65.6200 OK 66 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/cs
IP 91.218.65.6:0
File type ASCII text, with no line terminators
Hash 5745fbf6759e6c2e17a379d6c54aa610
612fb56b2636e1da2f93e94c2e84ace08be5c190
2047b330025aeb9baf6d8899f3c024cfb94b30c2aade6348bc5538c89b1f46bd
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/cs HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-length: 66
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:06 GMT
etag: "42-5ef59e0c9dbbe"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/SsoKeepAlive.aspx
91.218.65.6200 OK 665 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/SsoKeepAlive.aspx
IP 91.218.65.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c9e7bbf8e4f0db12c1fb302ff61d97a7
4e7702417228017514c7299c72f56ad46102ba55
d2edd898d01f9497f81b4433d604796a1f459c3356c8359d510f304d3b95c2ec
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/SsoKeepAlive.aspx HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-length: 665
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:12 GMT
etag: "299-5ef59e12b45d6"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource(2)
91.218.65.6200 OK 35 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource(2)
IP 91.218.65.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/saved_resource(2) HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-length: 35
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:11 GMT
etag: "23-5ef59e12152e7"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/0
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/0
IP 91.218.65.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/0 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-length: 0
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:05 GMT
etag: "0-5ef59e0bc4ee9"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/linkid.js.download
91.218.65.6200 OK 799 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/linkid.js.download
IP 91.218.65.6:0
File type ASCII text, with very long lines (1335)
Hash 7c805abf82a7e4711225238b16e592d1
bc1ad3e30d8e0ca1c14c2d8f23381cd3660505cb
2f716c383859b9b102a77997bc664d2437fa3a4332df9663d0f8400db8e4b9d7
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/linkid.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:10 GMT
etag: W/"63927b3e-621"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/static/t-mobile-logo.svg
20.56.240.229200 OK 243 B URL HTTP/2 www.t-mobile.nl/Assets/static/t-mobile-logo.svg
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 548720ab0e5bf4372a45ffe8b48db416
0283a50ccce31e104e679ee254154de8be9e2317
ff94370a161bbc40727c4313fe5e68fa0842835a0a80b6773b7ce69339e3f19d
GET /Assets/static/t-mobile-logo.svg HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: image/svg+xml
content-length: 243
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b76baca110487e4389424f1415b7d570; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b76baca110487e4389424f1415b7d570; Path=/
cache-control: max-age=31536000
last-modified: Fri, 02 Dec 2022 10:37:40 GMT
accept-ranges: bytes
etag: "0321b1a3a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
20.56.240.229200 OK 240 B URL HTTP/2 www.t-mobile.nl/Assets/static/t-mobile-logo-white.svg
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 02c9f01b4726c74fa72f55c79eb3b4b7
fe7cbf43d20ee438193e98d3b3fcbf591665714f
d0166f644d8d61d76ae32bb06d71231f23d8447dc3e9e329ce98e65624e12648
GET /Assets/static/t-mobile-logo-white.svg HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: image/svg+xml
content-length: 240
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=acdccb7780f22517ae04e679b6b982b5; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=acdccb7780f22517ae04e679b6b982b5; Path=/
cache-control: max-age=31536000
last-modified: Fri, 02 Dec 2022 10:37:40 GMT
accept-ranges: bytes
etag: "0321b1a3a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-medium.woff2
20.56.240.229200 OK 43 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-medium.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 43424, version 1.0\012- data
Hash 75f1236f41f04366b0831c6214d88e60
9a93a0336fea9ef4e15882a4855e228763481ce5
726419fe5c7c9ac329980a8ca1c940ecf108d83ec2f9a5f9246a2028dbc314f9
GET /Assets/fonts/teleneo-medium.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/x-font-woff2
content-length: 43424
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b76baca110487e4389424f1415b7d570; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b76baca110487e4389424f1415b7d570; Path=/
cache-control: max-age=31536000
last-modified: Fri, 02 Dec 2022 10:37:38 GMT
accept-ranges: bytes
etag: "05ea183a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-extrabold.woff2
20.56.240.229200 OK 45 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-extrabold.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 45280, version 1.0\012- data
Hash 0cd6336ea943729127d85cf7fb0dd221
bdc2b0a4caece4f1d934828a74806f2a84c7ffac
764e82bdd36d6484aaee4d1bdcdaf19f0bab21ca54c134c87e544196e1781e8f
GET /Assets/fonts/teleneo-extrabold.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/x-font-woff2
content-length: 45280
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=acdccb7780f22517ae04e679b6b982b5; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=acdccb7780f22517ae04e679b6b982b5; Path=/
cache-control: max-age=31536000
last-modified: Fri, 02 Dec 2022 10:37:38 GMT
accept-ranges: bytes
etag: "05ea183a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531
20.56.240.229200 OK 12 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 12156, version 1.0\012- data
Hash 12391f283fec0a67620589ea75a74ded
35314b8037a94286731cd2fdb660c6be008dafa0
fbb766b01cad036ff678f0120ff9ebee74704917f6e44f23262dbb6a5bab442e
GET /Assets/fonts/teleicon-ui.woff2?h=43240be67945d5a24a759bffd6bbf531 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/x-font-woff2
content-length: 12156
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=8f3fdf3a50e0d539d73523d2abcd63ac; Path=/
cache-control: max-age=31536000
last-modified: Fri, 02 Dec 2022 10:37:38 GMT
accept-ranges: bytes
etag: "05ea183a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-bold.woff2
20.56.240.229200 OK 43 kB URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-bold.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format (Version 2), TrueType, length 43420, version 1.0\012- data
Hash 0995525e8fccca524b245e828f6032d2
5021ac4ae3272367246e030fd48cc1fc43711c9e
9e748f9462ea64f78d1b928c4f6f71d430e1f78ec324e6f725994dc95199912a
GET /Assets/fonts/teleneo-bold.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/x-font-woff2
content-length: 43420
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/
cache-control: max-age=31536000
last-modified: Fri, 02 Dec 2022 10:37:38 GMT
accept-ranges: bytes
etag: "05ea183a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/help-tip.svg
91.218.65.6200 OK 486 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/help-tip.svg
IP 91.218.65.6:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (486), with no line terminators
Hash 4d96dbbf6ef6fae6bf73494cd4b5f485
50f7a10deb38af77b4665a915fde6ac311e14e07
87e946f3cf423b9be2b52d90a0a9d4e9f6dd815f964ffd0c0962fb7ca9c1bcaf
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/help-tip.svg HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: image/svg+xml
content-length: 486
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:09 GMT
etag: "1e6-5ef59e1053f3b"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/service.svg
91.218.65.6200 OK 22 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/service.svg
IP 91.218.65.6:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (21702), with no line terminators
Hash cf3a634d8ca76c0e96d7c9abadf06767
211868f43b2e3a9fcf180404f06b2baccda04e1b
f04f698de192c79b8710580277c5001e153bfbca997fe9341f4b05b760eed096
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/service.svg HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: image/svg+xml
content-length: 21702
last-modified: Fri, 09 Dec 2022 00:03:12 GMT
etag: "63927b40-54c6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/t-mobile-logo.svg
91.218.65.6200 OK 455 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/t-mobile-logo.svg
IP 91.218.65.6:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (455), with no line terminators
Hash 064fbd1126e17c68886137554600bec0
bcb9e3a933f877bce70ec2a084877aeedaa6f3da
c1a60e60a303b0a287c8a32e5538c6d79814c120fbbbdd82e29411272c941590
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/t-mobile-logo.svg HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: image/svg+xml
content-length: 455
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:12 GMT
etag: "1c7-5ef59e130859e"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/password-visible.svg
91.218.65.6200 OK 520 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/password-visible.svg
IP 91.218.65.6:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (520), with no line terminators
Hash 3e85f308dff85584aa28a6b56bb79446
c5f4f199cbcf5165e311cee561990fed668d3311
b1fe151c052fda7b315efa93296fd926f6c6d817bbb9a92e3639559cd75db033
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/password-visible.svg HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: image/svg+xml
content-length: 520
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:10 GMT
etag: "208-5ef59e1153d14"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
91.218.65.6200 OK 12 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2
IP 91.218.65.6:0
File type Web Open Font Format (Version 2), TrueType, length 11452, version 1.0\012- data
Hash 10f73228373cb0aab0b046cd73773f8d
e619917e1aec14c58baf4c2e88565105a50baa61
ba734482c11fc34553bb4938ac10b2a7be4cae10200ff112369fd41b9a7edb01
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/teleicon-ui.woff2?h=a85ea83a7656b8d1744d7a13e4b395b2 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: font/woff2
content-length: 11452
last-modified: Fri, 09 Dec 2022 00:03:13 GMT
etag: "63927b41-2cbc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-medium.woff2
91.218.65.6200 OK 43 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-medium.woff2
IP 91.218.65.6:0
File type Web Open Font Format (Version 2), TrueType, length 43424, version 1.0\012- data
Hash 75f1236f41f04366b0831c6214d88e60
9a93a0336fea9ef4e15882a4855e228763481ce5
726419fe5c7c9ac329980a8ca1c940ecf108d83ec2f9a5f9246a2028dbc314f9
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/teleneo-medium.woff2 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: font/woff2
content-length: 43424
last-modified: Fri, 09 Dec 2022 00:03:14 GMT
etag: "63927b42-a9a0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-regular.woff2
91.218.65.6200 OK 42 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-regular.woff2
IP 91.218.65.6:0
File type Web Open Font Format (Version 2), TrueType, length 42484, version 1.0\012- data
Hash b98e83c526edfde70471d7ffaec30bd5
42cc68a16b2906a1a9d54d99ff70ea13a83a8cda
ce0c7cdaa1383a3289869599a393ce7654c81d779f1b1a5b86535fcfe1d71dfb
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/teleneo-regular.woff2 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: font/woff2
content-length: 42484
last-modified: Fri, 09 Dec 2022 00:03:14 GMT
etag: "63927b42-a5f4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 01:07:55 GMT
age: 747
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-bold.woff2
91.218.65.6200 OK 43 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-bold.woff2
IP 91.218.65.6:0
File type Web Open Font Format (Version 2), TrueType, length 43420, version 1.0\012- data
Hash 0995525e8fccca524b245e828f6032d2
5021ac4ae3272367246e030fd48cc1fc43711c9e
9e748f9462ea64f78d1b928c4f6f71d430e1f78ec324e6f725994dc95199912a
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/teleneo-bold.woff2 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: font/woff2
content-length: 43420
last-modified: Fri, 09 Dec 2022 00:03:13 GMT
etag: "63927b41-a99c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b5162477351d6d5dd09f5bf1c3d7e65a
ee16d5936dc2bcc9309d065fdd92672ed4968fee
d2e2e08f046fa81c63c5181b91a9401c809a382e89ab3a1b80db91ca0a52294a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 91
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:22 GMT
Last-Modified: Sat, 10 Dec 2022 01:18:51 GMT
Server: ECS (amb/6BBD)
X-Cache: HIT
Content-Length: 280
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-extrabold.woff2
91.218.65.6200 OK 45 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/teleneo-extrabold.woff2
IP 91.218.65.6:0
File type Web Open Font Format (Version 2), TrueType, length 45280, version 1.0\012- data
Hash 0cd6336ea943729127d85cf7fb0dd221
bdc2b0a4caece4f1d934828a74806f2a84c7ffac
764e82bdd36d6484aaee4d1bdcdaf19f0bab21ca54c134c87e544196e1781e8f
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/teleneo-extrabold.woff2 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: font/woff2
content-length: 45280
last-modified: Fri, 09 Dec 2022 00:03:13 GMT
etag: "63927b41-b0e0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
siteimproveanalytics.com/js/siteanalyze_6004843.js
172.67.128.109200 OK 5.1 kB URL HTTP/2 siteimproveanalytics.com/js/siteanalyze_6004843.js
IP 172.67.128.109:0
File type ASCII text, with very long lines (14675), with no line terminators
Hash 769777d50bb72795a5d8a4836add502d
dc53659c9be64be3d7c21e99027c163ad51a1e89
3e576443bf9986536d87e0acc20d04026c69e5850294126bf4165253fd3c219c
GET /js/siteanalyze_6004843.js HTTP/1.1
Host: siteimproveanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 5129
x-amz-id-2: eJrglcLosKdkxPvKdZ1J1DKpB81MxRhqrtdkFgYcx9AVW4fgFrkqP52pDuZPc+z9JhFopCB1Lnw=
x-amz-request-id: NB2QHVH8AZK6YKXE
cache-control: max-age=86400, no-transform
content-encoding: gzip
last-modified: Mon, 16 May 2022 09:11:01 GMT
etag: "769777d50bb72795a5d8a4836add502d"
cf-cache-status: HIT
age: 5807
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FK0ue9Qq9hSuZZgFkxvEG5g1GfZHf2%2FAovrzagmN3NYhWZ%2BlAIR%2BOD2%2BXXtAzM4WSz1Qz%2FIHHJUMYlnVur82kjk2x1ZzPv9a6KTjkGfWPs5xj8hTVIEa9%2FjlfiZtQBF3bIAp%2BtEo8%2FyEfQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7772285e7b56b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource.html
91.218.65.6200 OK 145 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/saved_resource.html
IP 91.218.65.6:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5e610eda263540ba05be0d6b5cf807a2
269663c27bdb68d880847d4f7bd4b62796926c93
682e5b3b42807f8a40d9f12d20c12a824dbf1dfcda7fefab7c81a08a35c9bfca
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/saved_resource.html HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh; bc_tstgrp=13; _vwo_uuid_v2=D36E42FE74918CC78CB38D8FCE8E8B2F6|afd7c97746ef5bd04d32334bb7eb5ff6; zakelijkeSurveyInvitation=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/html
content-length: 145
x-accel-version: 0.01
last-modified: Fri, 09 Dec 2022 00:03:11 GMT
etag: "95-5ef59e1248f0c-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b5162477351d6d5dd09f5bf1c3d7e65a
ee16d5936dc2bcc9309d065fdd92672ed4968fee
d2e2e08f046fa81c63c5181b91a9401c809a382e89ab3a1b80db91ca0a52294a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 91
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:22 GMT
Last-Modified: Sat, 10 Dec 2022 01:18:51 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 280
img.en25.com/i/elqCfg.min.js
104.88.9.26200 OK 2.2 kB URL HTTP/1.1 img.en25.com/i/elqCfg.min.js
IP 104.88.9.26:0
File type ASCII text, with very long lines (6080), with no line terminators
Hash 653932b9065b662394993fd19677a932
854c6c3b96fc647f07bf9a1698387d1253bcb61c
ba8a6983167c051ebdd701cb59293a88346b84f2a9802f59ecc75ca49f383a7d
GET /i/elqCfg.min.js HTTP/1.1
Host: img.en25.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: application/x-javascript
Last-Modified: Mon, 03 Oct 2022 17:55:36 GMT
Accept-Ranges: bytes
ETag: "ff37a05751d7d81:0"
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: no-store
Expires: Sat, 10 Dec 2022 01:20:22 GMT
Date: Sat, 10 Dec 2022 01:20:22 GMT
Content-Length: 2183
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1674
Cache-Control: max-age=116067
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:22 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:34:49 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/ec.js.download
91.218.65.6200 OK 133 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/ec.js.download
IP 91.218.65.6:0
File type ASCII text, with very long lines (523)
Size 133 kB (132908 bytes)
Hash e2812002e098a38edc81ce46e701de25
ac6452a560e6ecf4b300a59fb3e8670ef59ce770
e24af359760e9b37885883435de3c7b41315bd72fa4951ab66abc190f835c3be
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/ec.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:07 GMT
etag: W/"63927b3b-adb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 66b6ed44d8288f00f3d0c72110632e8c
adba9875c5396f3bbf7bdccccf8bf308c91b014b
a9b01ed323c49217e3da29f72415babeb10859397dd0931918298ebd35b07187
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=142496
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:22 GMT
Etag: "63936876-1d7"
Expires: Sun, 11 Dec 2022 16:55:18 GMT
Last-Modified: Fri, 09 Dec 2022 16:55:18 GMT
Server: nginx
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash fa7097f3bc9215d1ac6676c3adfc3ecb
cd0b83b428e9bf3a4e0ab81a3cdc5d870748c7a6
2ac403f055d27605ba86d9efa29e9957389251ba5618da73f2e740ecf8806947
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=99200
Date: Sat, 10 Dec 2022 01:20:22 GMT
Etag: "6392aa74-1d7"
Expires: Sun, 11 Dec 2022 04:53:42 GMT
Last-Modified: Fri, 09 Dec 2022 03:24:36 GMT
Server: ECS (dcb/7EED)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sN-6i0n5KuHhNkjezNR0iKEP-fh2NM0PkHDeU-atIidi1kZP63hU6Q==
Age: 5346
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/analytics.js.download
91.218.65.6200 OK 19 kB URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/analytics.js.download
IP 91.218.65.6:0
File type ASCII text, with very long lines (1325)
Hash 3517195ab1c921e5aa60fb233102b494
ab912dc83aa957182b31de40257313e22b1872e5
b1519d89bc84f10231e74d6389a6de831b60b30c3cddc3cfeeb7c5de41507a00
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/analytics.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:05 GMT
etag: W/"63927b39-be77"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
globessl.ocsp.sectigo.com/
104.18.32.68200 OK 472 B URL HTTP/1.1 globessl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash d6d4f38f09623717c053584f75a0f10b
646caf739c78d07ab8bb3e647fcc2dd5c9cb283b
93be8ad46bb5fed17a94c8110346389c64232b94b6680f253155b704bfdecc2e
POST / HTTP/1.1
Host: globessl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 01:20:22 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 23:03:29 GMT
Expires: Thu, 15 Dec 2022 23:03:28 GMT
Etag: "646caf739c78d07ab8bb3e647fcc2dd5c9cb283b"
Cache-Control: max-age=509585,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7772285f5fadfabc-OSL
tmobile.blueconic.net/DG/DEFAULT/rest/rpc/141?referer=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-12-10T01%3A20%3A21%2B00%3A00&ts=1670635221520
52.48.24.160200 OK 22 B URL HTTP/2 tmobile.blueconic.net/DG/DEFAULT/rest/rpc/141?referer=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-12-10T01%3A20%3A21%2B00%3A00&ts=1670635221520
IP 52.48.24.160:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 24d0a027ba0f276ca66203026eecc338
d8d90d5038e96fc52f8f06da5ca5c0d0cb1d927d
2e4f23de4086a47e7d4f246638bbe838e34a17b8de971d719f93ef940ad46f2c
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
POST /DG/DEFAULT/rest/rpc/141?referer=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&bcsessionid=&bctempid=&overruleReferrer=&time=2022-12-10T01%3A20%3A21%2B00%3A00&ts=1670635221520 HTTP/1.1
Host: tmobile.blueconic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 827
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-length: 22
set-cookie: AWSALB=QFwjVGOTnVZvkuXB/YiYRz6mDPR/0UQNBSWSzdpM5gtcbPmV/aIlOAZFklJzSPPg5Gv1+H48PL8B9f3aElrxt+D3stRYDpY5jsyGTXOQq8/aC1wTjEkSLDkl1Z8B; Expires=Sat, 17 Dec 2022 01:20:22 GMT; Path=/
AWSALBCORS=QFwjVGOTnVZvkuXB/YiYRz6mDPR/0UQNBSWSzdpM5gtcbPmV/aIlOAZFklJzSPPg5Gv1+H48PL8B9f3aElrxt+D3stRYDpY5jsyGTXOQq8/aC1wTjEkSLDkl1Z8B; Expires=Sat, 17 Dec 2022 01:20:22 GMT; Path=/; SameSite=None; Secure
server: -
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block
p3p: policyref="", CP="DSP"
content-encoding: gzip
X-Firefox-Spdy: h2
founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=429&optin=disabled&elq1pcGUID=90D12AD8200A49BCB12EE159255EF139
192.29.192.112200 OK 49 B URL HTTP/1.1 founders.t-mobile.nl/visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=429&optin=disabled&elq1pcGUID=90D12AD8200A49BCB12EE159255EF139
IP 192.29.192.112:0
ASN #31898 ORACLE-BMC-31898
File type GIF image data, version 89a, 1 x 1\012- data
Hash dbefe00673f01d8b0f2791f3e30565cc
6b3227ad1a39504f155cb0117293a44ab3cbec3a
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
GET /visitor/v200/svrGP?pps=3&siteid=164251491&ref2=elqNone&tzo=0&ms=429&optin=disabled&elq1pcGUID=90D12AD8200A49BCB12EE159255EF139 HTTP/1.1
Host: founders.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://22245-4644.s3.webspace.re/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-store
Pragma: no-cache
Content-Type: image/gif
Expires: -1
X-Robots-Tag: noindex, nofollow
X-Xss-Protection: 1; mode=block
Set-Cookie: ELOQUA=GUID=90D12AD8200A49BCB12EE159255EF139; domain=t-mobile.nl; expires=Wed, 10-Jan-2024 01:20:23 GMT; path=/
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options: nosniff
Date: Sat, 10 Dec 2022 01:20:22 GMT
Content-Length: 49
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash abe93608bee9b6051e8d1eed4126b8c4
7b99d454a3d1e284eae6076980f7f8d970a03479
ee0a544373bb88d9008f16dfcef3131f89fba430187607326e44031d5f4df090
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 01:20:23 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 06:14:36 GMT
Expires: Thu, 15 Dec 2022 06:14:35 GMT
Etag: "7b99d454a3d1e284eae6076980f7f8d970a03479"
Cache-Control: max-age=449051,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7772285f5f6e1c0e-OSL
push.services.mozilla.com/
100.20.30.105101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 100.20.30.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dM/VvPW/HCrP1Ob9kWftOA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1diX+YgGVgdaZh9JbqqD/tmdUnk=
tracking001.piwikpro.com/piwik.js
52.166.179.92200 OK 24 kB URL HTTP/2 tracking001.piwikpro.com/piwik.js
IP 52.166.179.92:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash f10140bea7d220a209b42363dc97ff25
38f39eedf92d366318686bb22831c21242567029
b81f68108a07be4841ff451c14bff61e09e8fa41a9383f03950439574453e29c
GET /piwik.js HTTP/1.1
Host: tracking001.piwikpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 08:51:54 GMT
vary: Accept-Encoding
etag: W/"6253ec2a-11e9b"
expires: Sat, 10 Dec 2022 07:20:23 GMT
cache-control: max-age=21600
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 109ddf36a77894c3f2a0e7e8d72d68bb
134f624524dbec1e1b98605ecf7447aff2cf8d07
81b055ada1d2a772857746ac67c673d7ef247f01731858ec0a132560a10afb63
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 10 Dec 2022 01:20:23 GMT
Last-Modified: Fri, 09 Dec 2022 23:34:55 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ot0KJl7aEaXAJ-mkMVxlEKUIoMSuRGUAfEZyi5EmdTm70uU3J-xU5A==
Age: 6328
6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1506&prev=1670635320370&luid=c82d0641-9e5a-0ccd-80ec-bd31f7f817c5&rnd=44821
3.123.165.229200 OK 34 B URL HTTP/2 6004843.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1506&prev=1670635320370&luid=c82d0641-9e5a-0ccd-80ec-bd31f7f817c5&rnd=44821
IP 3.123.165.229:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
GET /image.aspx?url=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&title=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&res=1280x1024&accountid=6004843&rt=1506&prev=1670635320370&luid=c82d0641-9e5a-0ccd-80ec-bd31f7f817c5&rnd=44821 HTTP/1.1
Host: 6004843.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=4Z217w5b5HIa/zfUgux69QHVDWPF8a0zMWa1Z3y3ymF2ZEEsNsws1OYBz5JbHkmVxS6hgW3BfSPPtUY87fMFKodl80q+uCMvZhcZvJevDs0NkyMBSRJ73zIPie8B; Expires=Sat, 17 Dec 2022 01:20:23 GMT; Path=/
AWSALBCORS=4Z217w5b5HIa/zfUgux69QHVDWPF8a0zMWa1Z3y3ymF2ZEEsNsws1OYBz5JbHkmVxS6hgW3BfSPPtUY87fMFKodl80q+uCMvZhcZvJevDs0NkyMBSRJ73zIPie8B; Expires=Sat, 17 Dec 2022 01:20:23 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Sat, 10 Dec 2022 01:20:23 UTC
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/Icons/favicon-16x16.png
20.56.240.229200 OK 353 B URL HTTP/2 www.t-mobile.nl/Assets/Icons/favicon-16x16.png
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 5b6ecdca49f836b8b107f22fcc4a9aa0
541307d5bbd92e81a63817f67d2584baf6e90541
86fd31831eeb75a2d2efe569da286f8d766004bc433681b94f897e3e0d72527a
GET /Assets/Icons/favicon-16x16.png HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=acdccb7780f22517ae04e679b6b982b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: image/png
content-length: 353
last-modified: Fri, 02 Dec 2022 10:37:38 GMT
accept-ranges: bytes
etag: "05ea183a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/Icons/favicon-196x196.png
20.56.240.229200 OK 16 kB URL HTTP/2 www.t-mobile.nl/Assets/Icons/favicon-196x196.png
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type PNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced\012- data
Hash d7d78ef91cb5d6bb980fbd6a7c56967f
e4723fa7917e47974e499ed60794e7f460052944
fd4baf2fba1106e46df6e5fccb130d95a5097d414bff1f4f1d86c2c48b373bf0
GET /Assets/Icons/favicon-196x196.png HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=acdccb7780f22517ae04e679b6b982b5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: image/png
content-length: 16259
last-modified: Fri, 02 Dec 2022 10:37:38 GMT
accept-ranges: bytes
etag: "05ea183a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.min.js
95.101.11.57200 OK 4.6 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 95.101.11.57:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12961)
Hash c1a25b303b61b25e995516f5559bcdea
3c16a6fa3a2a6dc59d57a9ea1588c4f259884688
2063d2d1415ce9437e9331cb9a798714a5b2e106a65d6dc0ef0d426a5a4c30f2
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14741
date: Sat, 10 Dec 2022 01:20:23 GMT
content-length: 4581
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 101b88a5a141e4659cc3150b7ca565b6
898ea48b6bb3c316e651cb4bc6451be06c050ab9
5ae54f788fa6724f16af03528f24db2ecbbefd8e5fc9af7fb2a79551911ca09f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4746
Cache-Control: max-age=144690
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Etag: "63935e7f-1d7"
Expires: Sun, 11 Dec 2022 17:31:53 GMT
Last-Modified: Fri, 09 Dec 2022 16:12:47 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 8105b33e4e3af998e9d016e156205c22
dfa2f5cecd72be8ec63d5f833b82cd993a5ce8b9
4a682a72e5d599d48706927cbc0852df5ac36dbb57747681cc2ee91c719c7ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/gtm/optimize.js?id=GTM-WD46K5L
142.250.74.46200 OK 44 kB URL HTTP/2 www.google-analytics.com/gtm/optimize.js?id=GTM-WD46K5L
IP 142.250.74.46:0
File type ASCII text, with very long lines (1921)
Hash 01d996d419e60b4e71478ddde3764cca
0d13b62fe28e9ccee5a7c3dc21b5ff478a1439e0
01149e1e33dc24a7db6f1669074bd04bad668ebaaf9c764335459c7e70ffafde
GET /gtm/optimize.js?id=GTM-WD46K5L HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 Dec 2022 01:20:23 GMT
expires: Sat, 10 Dec 2022 01:20:23 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43978
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 5U2hNIl3RozlIrvUFpzbaceR4AuBKTU8FM8dCz+ElAfD0SINnuCiKsU6DyLAeUgfwFw7CoOFjPNdL/B+rnlaXw==
content-length: 27340
x-fb-trip-id: 1904183273
date: Sat, 10 Dec 2022 01:20:23 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 67f6e27dc4a44695770978e7097e3c58
61978eb6b8dd6bf5b700b4f1a3c9ec83bbcf4d1b
cf65d8e6bc79dcce2b0bdaa8da15652535664aa5dfa3b1e6430037b6c8c7115d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210414.26562&adurl=
142.250.74.162200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210414.26562&adurl=
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjstKIrG9jumAmrBZaoBdOlt7SteafUP1qKNc9_7ed4RsEW_uuQgVnW2Gq242yDfmrjNHgu5Ee3GQI1pfrIMmJClUZYNnA4C0uC9PPLdEfwO_4HCPO_rTpijfk_BROMPe-cNWkkW-AjPMYcs&sig=Cg0ArKJSzLAXdzXeHpi4EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210414.26562&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 10 Dec 2022 01:20:23 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 10-Dec-2022 01:35:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 10 Dec 2022 01:20:23 GMT
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 12 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39124), with no line terminators
Hash d925a898de26295fdebfc90203ef46fa
77dd3f5893b76530e08058d50e8f9aef017e80c7
8f4a413fec7e48f5ac290f4596fef33b6396e7fb31080ec0203a5ec817d140c8
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11460
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ranges: bytes
etag: "027e538cd8d91:0"
vary: Accept-Encoding
set-cookie: MUID=02B6F4256D666CA820D9E6536C936D60; domain=.bing.com; expires=Thu, 04-Jan-2024 01:20:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 92429673104B44C6819E886479943EBA Ref B: OSL30EDGE0215 Ref C: 2022-12-10T01:20:23Z
date: Sat, 10 Dec 2022 01:20:23 GMT
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash a26430da3367e365f425b76e524e5910
1c401a9152be2570bbe571f39f1519bec604c7dd
30aca1c0e1d76ec16a2e9472a9e61c47d4224b336bad97e1aed88a4d8a37f1cf
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 10 Dec 2022 01:20:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 09 Dec 2022 21:49:56 GMT
Expires: Sat, 10 Dec 2022 21:49:56 GMT
ETag: "1c401a9152be2570bbe571f39f1519bec604c7dd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1670635221292&url=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1670635221292&url=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=&time=1670635221292&url=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&0b419c51-422d-4b53-8046-66569a4a0a86"; domain=.linkedin.com; Path=/; Secure; Expires=Sun, 10-Dec-2023 01:20:23 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2395:u=1:x=1:i=1670635223:t=1670721623:v=2:sig=AQFTInI0ftB-GKf11C-D9DUgemIFYjxl"; Expires=Sun, 11 Dec 2022 01:20:23 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXvbxMLkzX9MBeRNkBUgg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 70E876F238644451A53AD0A0741A01DB Ref B: OSL30EDGE0507 Ref C: 2022-12-10T01:20:23Z
date: Sat, 10 Dec 2022 01:20:23 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash a26430da3367e365f425b76e524e5910
1c401a9152be2570bbe571f39f1519bec604c7dd
30aca1c0e1d76ec16a2e9472a9e61c47d4224b336bad97e1aed88a4d8a37f1cf
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 10 Dec 2022 01:20:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 09 Dec 2022 21:49:56 GMT
Expires: Sat, 10 Dec 2022 21:49:56 GMT
ETag: "1c401a9152be2570bbe571f39f1519bec604c7dd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash a26430da3367e365f425b76e524e5910
1c401a9152be2570bbe571f39f1519bec604c7dd
30aca1c0e1d76ec16a2e9472a9e61c47d4224b336bad97e1aed88a4d8a37f1cf
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 10 Dec 2022 01:20:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 09 Dec 2022 21:49:56 GMT
Expires: Sat, 10 Dec 2022 21:49:56 GMT
ETag: "1c401a9152be2570bbe571f39f1519bec604c7dd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
142.250.74.98200 OK 3.0 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20210414/r20110914/elements/html/omrhp.js
IP 142.250.74.98:0
File type ASCII text, with very long lines (2812)
Hash 4eb6ea786b3ccb9a391ae42a87bd2464
e732e5d07807f747b24f6e4ec07a6974712e1f2c
13c2ff9f7ca635fdd1172a2a836df15ea2ddfa0cc0d2f24dc89ff215d0703c77
GET /pagead/js/r20210414/r20110914/elements/html/omrhp.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 2986
x-xss-protection: 0
date: Fri, 09 Dec 2022 06:31:50 GMT
expires: Fri, 23 Dec 2022 06:31:50 GMT
cache-control: public, max-age=1209600
etag: 3296546412363819624
content-type: text/javascript; charset=UTF-8
age: 67713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 101b88a5a141e4659cc3150b7ca565b6
898ea48b6bb3c316e651cb4bc6451be06c050ab9
5ae54f788fa6724f16af03528f24db2ecbbefd8e5fc9af7fb2a79551911ca09f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4746
Cache-Control: max-age=144690
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Etag: "63935e7f-1d7"
Expires: Sun, 11 Dec 2022 17:31:53 GMT
Last-Modified: Fri, 09 Dec 2022 16:12:47 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.nl/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 01:20:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash a49ab5ecc317aa7e4724050053737549
3ffff77715bf8c5dbcbb5e17abbbc2c683c36f60
844f25237f9906c3fb977d58259e132c41dacbbe546adc8b45e9992e6ee711c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/991336003/?random=1618610198722&cv=9&fst=1618606800000&num=1&label=S_SqCPWmsQUQw6za2AM&guid=ON&eid=2505059651&u_h=854&u_w=1280&u_ah=814&u_aw=1280&u_cd=24&u_his=5&u_tz=120&u_java=false&u_nplug=3&u_nmime=4>m=2wg472&sendb=1&frm=0&url=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&ref=https%3A%2F%2Fwww.t-mobile.nl%2Fzakelijk%2Flogin&tiba=Log%20in%20op%20My%20T-Mobile%20of%20T-Mobile%20Beheer%20%7C%20T-Mobile%20Zakelijk&async=1&fmt=3&is_vtc=1&random=4147309232&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Dec 2022 01:20:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js
34.96.102.137200 OK 50 kB URL HTTP/2 dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js
IP 34.96.102.137:0
File type ASCII text, with very long lines (47951)
Hash a784fbbff6d138826c8cb222a8a59e77
14f21ed04993d7ad0f3a6efd0cce11f79915ae09
26eca49f25e4b019a1fb4f4d980e975993cbb09c78ae691373113d3d4598a32f
GET /web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: text/javascript; charset=UTF-8
content-length: 49772
last-modified: Fri, 09 Dec 2022 14:07:58 GMT
content-encoding: br
etag: "6393413e-c26c"
server: gams1
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/2438124/domain/22245-4644.s3.webspace.re/token
54.230.111.8200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/2438124/domain/22245-4644.s3.webspace.re/token
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
OPTIONS /partner/2438124/domain/22245-4644.s3.webspace.re/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://22245-4644.s3.webspace.re/
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Sat, 10 Dec 2022 00:29:55 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tCaA8hLbVeUFiRRi4mFNAVk34RIWg8xwAQqwjpo7DiezVRCDiUvhiw==
age: 3028
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 8105b33e4e3af998e9d016e156205c22
dfa2f5cecd72be8ec63d5f833b82cd993a5ce8b9
4a682a72e5d599d48706927cbc0852df5ac36dbb57747681cc2ee91c719c7ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 8105b33e4e3af998e9d016e156205c22
dfa2f5cecd72be8ec63d5f833b82cd993a5ce8b9
4a682a72e5d599d48706927cbc0852df5ac36dbb57747681cc2ee91c719c7ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 67f6e27dc4a44695770978e7097e3c58
61978eb6b8dd6bf5b700b4f1a3c9ec83bbcf4d1b
cf65d8e6bc79dcce2b0bdaa8da15652535664aa5dfa3b1e6430037b6c8c7115d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5496e18a30e039b44989d9a0e932d4bc
c5bfb1b9ce711e38d69e78486017f07cc47fe04a
26a3ad286e479cdabfcbb5a9d3fada211c73650628a35c80944b0e7e8aad27e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=22245-4644.s3.webspace.re&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.31150147090740166
34.96.102.137200 OK 35 B URL HTTP/2 dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=22245-4644.s3.webspace.re&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.31150147090740166
IP 34.96.102.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /v.gif?cd=0&a=545796&d=22245-4644.s3.webspace.re&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=false&r=0.31150147090740166 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
expires: Mon, 10 Jan 2005 00:00:01 GMT
pragma: no-cache
x-content-type-options: nosniff
content-length: 35
server: gnv1c
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/2438124/domain/22245-4644.s3.webspace.re/token
54.230.111.8200 OK 62 B URL HTTP/2 cdn.linkedin.oribi.io/partner/2438124/domain/22245-4644.s3.webspace.re/token
IP 54.230.111.8:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d39abb34da93ec5faa48669ac4788977
cc2627a86b99e91540251b6fb7e17a9b1faa1ee7
b329d16bd7e06de93beac4a9e4d67b8be6d1c944b7b8e398b929460f73b7c4ce
Analyzer Verdict Alert urlquery phishing Phishing - Deutsche Telekom
GET /partner/2438124/domain/22245-4644.s3.webspace.re/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Sat, 10 Dec 2022 00:29:55 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6VK7RY1THkmd8QY-Vwv9ou_g9aFPv2cY9RXLEXy85wznRGiSAfgMNA==
age: 3028
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash a26430da3367e365f425b76e524e5910
1c401a9152be2570bbe571f39f1519bec604c7dd
30aca1c0e1d76ec16a2e9472a9e61c47d4224b336bad97e1aed88a4d8a37f1cf
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 10 Dec 2022 01:20:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 09 Dec 2022 21:49:56 GMT
Expires: Sat, 10 Dec 2022 21:49:56 GMT
ETag: "1c401a9152be2570bbe571f39f1519bec604c7dd"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
bat.bing.com/p/action/5318565.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/5318565.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5318565.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=1B604F161E3C6278396A5D601FC963C7; domain=.bing.com; expires=Thu, 04-Jan-2024 01:20:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4813AC53884741FE93AE2E1FE8127D56 Ref B: OSL30EDGE0215 Ref C: 2022-12-10T01:20:23Z
date: Sat, 10 Dec 2022 01:20:23 GMT
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=22245-4644.s3.webspace.re&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.5759991313347517
34.96.102.137200 OK 35 B URL HTTP/2 dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=545796&d=22245-4644.s3.webspace.re&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.5759991313347517
IP 34.96.102.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /v.gif?cd=0&a=545796&d=22245-4644.s3.webspace.re&u=D36E42FE74918CC78CB38D8FCE8E8B2F6&h=afd7c97746ef5bd04d32334bb7eb5ff6&t=true&r=0.5759991313347517 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
expires: Mon, 10 Jan 2005 00:00:01 GMT
pragma: no-cache
x-content-type-options: nosniff
content-length: 35
server: gnv1c
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&rl=&if=false&ts=1670635223132&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670635223131.1269218298&it=1670635222531&coo=false&exp=b3&rqm=GET&cd[rex]=%7B%22uid%22%3A%22dd49933sd-6ddb-4797-a26e-b91d5cd69508%22%2C%22retry%22%3A0%7D
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&rl=&if=false&ts=1670635223132&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670635223131.1269218298&it=1670635222531&coo=false&exp=b3&rqm=GET&cd[rex]=%7B%22uid%22%3A%22dd49933sd-6ddb-4797-a26e-b91d5cd69508%22%2C%22retry%22%3A0%7D
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=456228845279132&ev=PageView&dl=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&rl=&if=false&ts=1670635223132&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670635223131.1269218298&it=1670635222531&coo=false&exp=b3&rqm=GET&cd[rex]=%7B%22uid%22%3A%22dd49933sd-6ddb-4797-a26e-b91d5cd69508%22%2C%22retry%22%3A0%7D HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: https://22245-4644.s3.webspace.re
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 10 Dec 2022 01:20:24 GMT
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-1208.min.js
151.101.2.137200 OK 12 kB URL HTTP/2 js-agent.newrelic.com/nr-1208.min.js
IP 151.101.2.137:0
File type ASCII text, with very long lines (31332), with no line terminators
Hash c735cd7fe713b55dd0c4883942c69c47
18d612de412704af277e2aa683e7ce9cad1a07da
3b72e1bc9807808e66e46b42c44dce929d01e63ebe34bc00e3d84acaffd5d94d
GET /nr-1208.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 9ucjyYq+Tgy0zGJbJrrFGjqAY8A6m9XFcz9w8yqTBBXEgN/VEyCj390gCtT5sFKVrtxLs9iJuJc=
x-amz-request-id: VP05F5QGFGN6FQTW
last-modified: Wed, 10 Mar 2021 16:24:28 GMT
etag: "1a71e4208296f97b465116492f59124d"
x-amz-version-id: RGJXhnJ2IqU3nLrOoxetOoKLCG4kx4sX
content-type: application/javascript
server: AmazonS3
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sat, 10 Dec 2022 01:20:24 GMT
via: 1.1 varnish
x-served-by: cache-bma1652-BMA
x-cache: HIT
x-cache-hits: 9
x-timer: S1670635224.318772,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 11777
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0294064d3de6e13cfd311559eede4141
bc1a07b4cc593183b1dbec7c2bb36cbde9eb8963
bf9a6265521a89d6c7d15073bbad37098043b63d75a12abfae3e2490ee264f37
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4476
Cache-Control: max-age=167122
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 01:20:24 GMT
Etag: "6393b72e-1d7"
Expires: Sun, 11 Dec 2022 23:45:46 GMT
Last-Modified: Fri, 09 Dec 2022 22:31:10 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17194
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 01:20:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17194
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 01:20:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17194
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 01:20:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17194
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 01:20:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17194
Expires: Sat, 10 Dec 2022 06:06:58 GMT
Date: Sat, 10 Dec 2022 01:20:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 76397
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 44ee520c9a084ee2a04638b6abbb2b0b
ed170b8b964db1163e02c21fe4e9dbfe58e9d42d
e4f33f6556c414b498f99d6b43c4d94fa15e9b235596647d4a8513c78c21e6eb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5302
x-amzn-requestid: ababe39a-ea1a-4a20-9de4-ad71500d9c59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWE-eoAMFZJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-19c2e2c1445527c13b4b66e0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G0r_Ee6CpwUq2liNhnyGfUlqS8aW8IM-gAkk7X7k5e6aI2akS3N1Pg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:00:13 GMT
age: 12011
etag: "ed170b8b964db1163e02c21fe4e9dbfe58e9d42d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fdfa83b-145c-4be3-a6b8-f5793f03bb94.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fdfa83b-145c-4be3-a6b8-f5793f03bb94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2670e991a43d526b00562ed6451dd0aa
7ba541ab2af223148304d413e8a19d9e55d9ed7a
f703500f0bcef3b64f97fa17d6d6bb510b71d1fe43098964ff028de8155f1291
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fdfa83b-145c-4be3-a6b8-f5793f03bb94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7933
x-amzn-requestid: a1238d4e-29a4-433f-89a0-7f5e1c9d380f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eVeHUXoAMF4xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa89-26d996ae7911586c07a35c6d;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:37:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fy-bTx9oWNuna7uk2Pwv_4tvujkQPBrLsXiRj4ptMQFhtcmRYTA9JA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:55:31 GMT
etag: "7ba541ab2af223148304d413e8a19d9e55d9ed7a"
content-type: image/jpeg
age: 12293
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1618f8bc-582d-4a89-9fdb-2bf8a448f429.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1618f8bc-582d-4a89-9fdb-2bf8a448f429.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e8e86712ca485e90f958dc16ec8dbff
78de6033ca9bca46953483801f19591c2ff47bbe
2984d8b533e095654d5e1c5fa826dc93cbd16ac8bdb5d974fd2d283a86f44874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1618f8bc-582d-4a89-9fdb-2bf8a448f429.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9084
x-amzn-requestid: 80dfc074-73f4-4b47-95fb-57169d32cf6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNbHhYoAMF2Kw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa55-6f54d0bf6d9246cd48d44352;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: O3gPppRKbJb__o2lo3RsvabqgptV-zvDLbm1AweL11hrZxfOev6kvA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:00:34 GMT
age: 11990
etag: "78de6033ca9bca46953483801f19591c2ff47bbe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0df452512aae4c4c1f4a2cd263b16dfd
68bac75574641febc463bd0819392dae2da15811
e0a9301c5be849e116f1d98b819c2eb91f73e74d836f3e099f2cd266e8f0bb36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8732123d-ded0-4486-9019-0d87264f6c0e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12743
x-amzn-requestid: 6ed8a5f4-45cd-45bd-9820-df450f612c34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eK4E_-IAMFf3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa45-31d928fc430577b463a68bd0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nD0bWCjTU6LNSsNYCNqT4rt7okG1dmPPWiw4FXSi_uNWpcZnxhZgKw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:03:37 GMT
age: 11807
etag: "68bac75574641febc463bd0819392dae2da15811"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34fa3dbc-1a29-4161-8687-d9c7b1b04f14.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34fa3dbc-1a29-4161-8687-d9c7b1b04f14.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 386207bd6fea7388d5df993a32147431
d513b937a9be6e95bfe0fcea0f3f0cb7e611c0de
40fa6a8207008d1fceb11fc9fb37c458e1ed2deac83a2fb5fcac80d9b7ca32fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34fa3dbc-1a29-4161-8687-d9c7b1b04f14.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9592
x-amzn-requestid: 1a8dca24-1776-4407-84d4-33fb975e49cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c3fOXFSxoAMF-EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6392df28-5ab03a853cf9c5ca57f4391f;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 07:09:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RmUsaiXxrKPHLNRZgIBd44p5MHFNnoHZCEQK500KNwHOP9-eE8NmDg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:25:02 GMT
age: 64522
etag: "d513b937a9be6e95bfe0fcea0f3f0cb7e611c0de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2826&ck=1&ref=https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/&ap=36&be=814&fe=2705&dc=1310&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1670635220429,%22n%22:0,%22f%22:-6,%22dn%22:83,%22dne%22:89,%22c%22:89,%22s%22:121,%22ce%22:444,%22rq%22:444,%22rp%22:498,%22rpe%22:528,%22dl%22:520,%22di%22:1267,%22ds%22:1310,%22de%22:1314,%22dc%22:2704,%22l%22:2704,%22le%22:2707%7D,%22navigation%22:%7B%7D%7D&fcp=1280&jsonp=NREUM.setToken
162.247.241.2200 OK 77 B URL HTTP/1.1 bam-cell.nr-data.net/1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2826&ck=1&ref=https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/&ap=36&be=814&fe=2705&dc=1310&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1670635220429,%22n%22:0,%22f%22:-6,%22dn%22:83,%22dne%22:89,%22c%22:89,%22s%22:121,%22ce%22:444,%22rq%22:444,%22rp%22:498,%22rpe%22:528,%22dl%22:520,%22di%22:1267,%22ds%22:1310,%22de%22:1314,%22dc%22:2704,%22l%22:2704,%22le%22:2707%7D,%22navigation%22:%7B%7D%7D&fcp=1280&jsonp=NREUM.setToken
IP 162.247.241.2:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/49ecee70e8?a=48732199&v=1208.49599aa&to=MwAAZEcFXkRUVkddXwpKMkVXCFlUZVpBQFEISiNTVgtFWUEbf1tXDQtNdFACUUJZQQ%3D%3D&rst=2826&ck=1&ref=https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/&ap=36&be=814&fe=2705&dc=1310&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1670635220429,%22n%22:0,%22f%22:-6,%22dn%22:83,%22dne%22:89,%22c%22:89,%22s%22:121,%22ce%22:444,%22rq%22:444,%22rp%22:498,%22rpe%22:528,%22dl%22:520,%22di%22:1267,%22ds%22:1310,%22de%22:1314,%22dc%22:2704,%22l%22:2704,%22le%22:2707%7D,%22navigation%22:%7B%7D%7D&fcp=1280&jsonp=NREUM.setToken HTTP/1.1
Host: bam-cell.nr-data.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 10 Dec 2022 01:20:24 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 777228687a7db4f7-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=ffc122a682742426; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JfscG%2BaVap7kqdtN%2FP7H2X%2B5fpTkHMYr4y0HqLx4C3cIDxPiQiFVyalKI2myMzwnsry3FoElAkKnCC%2BjsVeCzJTfwiAcS8rY4WhVUtcaJ%2BtTa0viPLOonf8kQQCT2kGdfRIiAYoX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f(2).txt
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f(2).txt
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/f(2).txt HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/plain
last-modified: Fri, 09 Dec 2022 00:03:08 GMT
etag: W/"63927b3c-9c5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem(1)
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem(1)
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/DesignSystem(1) HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/octet-stream
content-length: 348290
last-modified: Fri, 09 Dec 2022 00:03:07 GMT
etag: "63927b3b-55082"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/tmobile.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/tmobile.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/tmobile.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:14 GMT
etag: W/"63927b42-22fa1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/insight.min.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/insight.min.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/insight.min.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:10 GMT
etag: W/"63927b3e-10e2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f(1).txt
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f(1).txt
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/f(1).txt HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/plain
last-modified: Fri, 09 Dec 2022 00:03:08 GMT
etag: W/"63927b3c-8e43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/siteanalyze_6004843.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/siteanalyze_6004843.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/siteanalyze_6004843.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:12 GMT
etag: W/"63927b40-2f30"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f(3).txt
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f(3).txt
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/f(3).txt HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/plain
last-modified: Fri, 09 Dec 2022 00:03:08 GMT
etag: W/"63927b3c-4aac"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/op.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/op.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/op.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:10 GMT
etag: W/"63927b3e-1440"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f.txt
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/f.txt
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/f.txt HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/plain
last-modified: Fri, 09 Dec 2022 00:03:08 GMT
etag: W/"63927b3c-1f15"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/piwik.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/piwik.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/piwik.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:11 GMT
etag: W/"63927b3f-11b60"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/tag-c9d810bc9adac9b6c876bfeeb0f74b35.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:13 GMT
etag: W/"63927b41-26ed0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/DesignSystem.css
IP 91.218.65.6:0
GET /aanmeldenklantnr5265732/Tmob/DesignSystem.css HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/css
last-modified: Fri, 09 Dec 2022 00:03:08 GMT
etag: W/"63927b3c-62fc4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.t-mobile.nl/Assets/fonts/teleneo-regular.woff2
20.56.240.229200 OK 0 B URL HTTP/2 www.t-mobile.nl/Assets/fonts/teleneo-regular.woff2
IP 20.56.240.229:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /Assets/fonts/teleneo-regular.woff2 HTTP/1.1
Host: www.t-mobile.nl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://22245-4644.s3.webspace.re
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/x-font-woff2
content-length: 42484
set-cookie: afck-httpsetting-backendpool-tmobile-publicweb-main-httpsCORS=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/; SameSite=None; Secure
afck-httpsetting-backendpool-tmobile-publicweb-main-https=b6a7dd6f280c4c04c1a83c3653976a2f; Path=/
cache-control: max-age=31536000
last-modified: Fri, 02 Dec 2022 10:37:38 GMT
accept-ranges: bytes
etag: "05ea183a6d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET, ARR/2.5, ASP.NET
X-Firefox-Spdy: h2
dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&f=1&r=0.6083077680037168
34.96.102.137200 OK 0 B URL HTTP/2 dev.visualwebsiteoptimizer.com/j.php?a=545796&u=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&f=1&r=0.6083077680037168
IP 34.96.102.137:0
GET /j.php?a=545796&u=https%3A%2F%2F22245-4644.s3.webspace.re%2Faanmeldenklantnr5265732%2F&f=1&r=0.6083077680037168 HTTP/1.1
Host: dev.visualwebsiteoptimizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 10 Dec 2022 01:20:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=0, no-cache, must-revalidate
etag: W/"1670594939"
server: gams1
timing-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/bat.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/bat.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/bat.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:05 GMT
etag: W/"63927b39-7571"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/15258
91.218.65.6404 Not Found 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/15258
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/15258 HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: text/html
last-modified: Thu, 08 Dec 2022 23:28:18 GMT
etag: W/"328-5ef59645af98a"
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/survey_tmnl_zakelijk.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/survey_tmnl_zakelijk.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/survey_tmnl_zakelijk.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:12 GMT
etag: W/"63927b40-122e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/fbevents.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/fbevents.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/fbevents.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:09 GMT
etag: W/"63927b3d-16e78"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/elqCfg.min.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/elqCfg.min.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/elqCfg.min.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:08 GMT
etag: W/"63927b3c-17c0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/gtm.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/gtm.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/gtm.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:10 GMT
etag: W/"63927b3e-6f7f5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/uwt.js.download
91.218.65.6200 OK 0 B URL HTTP/2 22245-4644.s3.webspace.re/aanmeldenklantnr5265732/Tmob/uwt.js.download
IP 91.218.65.6:0
Analyzer Verdict Alert fortinet Phishing
GET /aanmeldenklantnr5265732/Tmob/uwt.js.download HTTP/1.1
Host: 22245-4644.s3.webspace.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://22245-4644.s3.webspace.re/aanmeldenklantnr5265732/
Cookie: PHPSESSID=d1ho9ehkfvma74gv1fafa2h1qh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 01:20:22 GMT
content-type: application/javascript
last-modified: Fri, 09 Dec 2022 00:03:14 GMT
etag: W/"63927b42-1428"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2