Report - web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6

Report Overview

Submitted URL
web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
IP
109.71.253.24
ASN
#44486 SYNLINQ
Submitted
2022-12-10 03:35:46
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.216.88.5
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	33 kB	34.120.237.76
web9259.web07.bero-webspace.de	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	158 kB	109.71.253.24
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-10	medium	web9259.web07.bero-webspace.de/in/login/ING_Deutschland_Claim.svg	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/login/INGMeWeb-Bold.woff2	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/login/INGMeWeb-Regular.woff2	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/login/icons.woff	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/login/token/token.js?v=6393fe889a36c	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/core/form/core_form.js	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/login/form/form.js?v=6393fe889a36a	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/bower_components/jquery/dist/jquery.min.js	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/bower_components/ua-parser-js/dist/ua-parser.min.js	Phishing
2022-12-10	medium	web9259.web07.bero-webspace.de/in/core/token/core_token.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	web9259.web07.bero-webspace.de/in/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-04-20
Pretty URL web9259.web07.bero-webspace.de/in/bower_components/jquery/dist/jquery.min.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-20 04:04:31 Times Seen61231 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	web9259.web07.bero-webspace.de/in/bower_components/ua-parser-js/dist/ua-parser.min.js	17 kB	2023-03-07	2024-04-19
Pretty URL web9259.web07.bero-webspace.de/in/bower_components/ua-parser-js/dist/ua-parser.min.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-04-19 23:46:08 Times Seen666 Hash e0ae48c8ebbe57edeacb5b02f16d0df9 0c5a29a88add39486162e0c16f23e2e06fc7842e 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896 Loading...

	web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6	588 B	2023-03-09	2023-03-09
Pretty URL web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6 IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:53:50 Last Seen2023-03-09 03:16:36 Times Seen1 Hash 5e92bd9cb46cb7ac317959063b0f7945 abba2b4fa957818fd7782398429a045e4b2b3b9e ee7535fbf40cef52019a6848c712c9bb57f71c8740a0f3d9a4757dc9a3e7bf9a Loading...

	web9259.web07.bero-webspace.de/in/login/token/token.js?v=6393fe889a36c	1.8 kB	2023-03-08	2024-04-09
Pretty URL web9259.web07.bero-webspace.de/in/login/token/token.js?v=6393fe889a36c IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:45 Last Seen2024-04-09 13:48:51 Times Seen405 Hash 0828a5ef870544c37fdd11d7017c4a4f 61527e6d537edb90252421c7e603be6194438848 35ed0b385aa991d3c95c1c5b2f39986000e0bb3ddba79566c53220bb4db4f403 Loading...

	web9259.web07.bero-webspace.de/in/core/form/core_form.js	21 kB	2023-03-09	2023-03-11
Pretty URL web9259.web07.bero-webspace.de/in/core/form/core_form.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:53:50 Last Seen2023-03-11 18:55:20 Times Seen1 Hash 54824e2814d7f538e80678503f55d0db 81dc12c15cb06e0fe4df53230fa5b16c2437c913 3515bc2ca0476729ca6d96a9aafb13f5d9a23f6ecf37192561876cc5b1934ea1 Loading...

	web9259.web07.bero-webspace.de/in/core/token/core_token.js	19 kB	2023-03-09	2023-03-11
Pretty URL web9259.web07.bero-webspace.de/in/core/token/core_token.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:53:50 Last Seen2023-03-11 18:55:20 Times Seen1 Hash 4cfdcf6f8d53b56bdc5be34074a34a99 f9df64ab61958635b915c956bbba48ad790e7d03 4af2db2c2c91e489c536738b662b410c1e21ab13463d41d69b24965d8304e128 Loading...

	web9259.web07.bero-webspace.de/in/login/form/form.js?v=6393fe889a36a	3.4 kB	2023-03-08	2024-04-09
Pretty URL web9259.web07.bero-webspace.de/in/login/form/form.js?v=6393fe889a36a IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:45 Last Seen2024-04-09 13:48:51 Times Seen416 Hash 447e6553465a1a8462bccb5fea09d4ef d2945cfd3664e39bc7780d394db6fb459aa92d18 c1005b74fbab6be82c27178528f1af32dbf3b8c80c3c49837a803b52bd2c14c5 Loading...

	web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-09	2023-03-09
Pretty URL web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:53:50 Last Seen2023-03-09 00:53:50 Times Seen1 Hash 75d4ee596ab034b7c8215e442a71c1c0 09a08568c7f9dce5817cee7ce329cdb1e84c0cf3 437e68939928ad3079b90aadeea5e9f60b2fe0da064479e20c5319e8cc53f7c4 Loading...

	web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-09	2023-03-09
Pretty URL web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:53:50 Last Seen2023-03-09 00:53:50 Times Seen1 Hash 50e37c09e60ab9cebff16ae7aebffdd6 ed3584cfa0ff1ca7567c2ee337ff536ad554ca21 23d80f12467178b4256179b11e4173634a50e2107f8a73ef2791a2623daf6104 Loading...

HTTP Transactions (39)

URL IP Response Size

web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6

109.71.253.24

301 Moved Permanently

162 B

URL HTTP/1.1
web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6 HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 10 Dec 2022 03:35:35 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20768
Expires: Sat, 10 Dec 2022 09:21:44 GMT
Date: Sat, 10 Dec 2022 03:35:36 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3028
Expires: Sat, 10 Dec 2022 04:26:04 GMT
Date: Sat, 10 Dec 2022 03:35:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 10 Dec 2022 03:33:18 GMT
content-type: application/json
age: 138
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14732
Expires: Sat, 10 Dec 2022 07:41:08 GMT
Date: Sat, 10 Dec 2022 03:35:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: dSjCStCiUsxhEv61zfJlORGsjX28hwsqR/hCNPy+a9H1dGtx1bD9df2t1rrD4/wRFz0CzZR+N2c=
x-amz-request-id: ZSSG3KQRHNXGPMYP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 10 Dec 2022 02:48:37 GMT
age: 2819
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
da7931c14b4e052823e23fdfed49b869
58cee2f2b167654492468e8cb0df008dd624c2cc
2dc0bc079e16f74f7680707333f2e660ef9281732995e715fe02f91e53758cca

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2DC0BC079E16F74F7680707333F2E660EF9281732995E715FE02F91E53758CCA"
Last-Modified: Thu, 08 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21543
Expires: Sat, 10 Dec 2022 09:34:39 GMT
Date: Sat, 10 Dec 2022 03:35:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 03:07:55 GMT
age: 1661
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6

109.71.253.24

200 OK

4.8 kB

URL HTTP/2
web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (591)
Size
4.8 kB (4768 bytes)
Hash
731b03fc328086c2535f770952830f2c
f8751de9d952a44cbe94a44e9195da6a14fccb28
98350545ec3171b7e96f989bd08ad36d35c14ed16d38ef43fbfe09513259d285

HTTP Headers

GET /in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6 HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: text/html; charset=UTF-8
content-length: 4768
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/form/css.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/form/css.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/login/form/css.css HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: text/css
content-length: 0
x-accel-version: 0.01
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: "0-5ec2c12761d00"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3188
Cache-Control: max-age=109467
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 03:35:36 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 10:00:03 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

web9259.web07.bero-webspace.de/in/login/ING_Deutschland_Claim.svg

109.71.253.24

200 OK

21 kB

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/ING_Deutschland_Claim.svg
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
21 kB (20856 bytes)
Hash
5dd5d510109fe4d0e8ea8d6988b76805
2793df60c869776d2fdb5ed4316e599e12150792
f41428bb3f8bd412eed7e59325ab789007fb6362ec5f06da18c67e5bb7639114

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/login/ING_Deutschland_Claim.svg HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: image/svg+xml
content-length: 20856
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: "635d25d4-5178"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/INGMeWeb-Bold.woff2

109.71.253.24

200 OK

30 kB

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/INGMeWeb-Bold.woff2
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format (Version 2), TrueType, length 30456, version 1.0\012- data
Size
30 kB (30456 bytes)
Hash
126c1fdeee5cc17fef5f5909ebb5c86f
e2676a4a0c0f88ad2f33fe8acefc038073785de3
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/login/INGMeWeb-Bold.woff2 HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: font/woff2
content-length: 30456
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: "635d25d4-76f8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/INGMeWeb-Regular.woff2

109.71.253.24

200 OK

30 kB

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/INGMeWeb-Regular.woff2
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format (Version 2), TrueType, length 29616, version 1.0\012- data
Size
30 kB (29616 bytes)
Hash
97205b19383b6a85ef38eb0997c23c35
f7e0af7cfde57e454dde3a2a0c878cc37de5841e
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/login/INGMeWeb-Regular.woff2 HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:37 GMT
content-type: font/woff2
content-length: 29616
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: "635d25d4-73b0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/icons.woff

109.71.253.24

200 OK

40 kB

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/icons.woff
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format, TrueType, length 40128, version 1.0\012- data
Size
40 kB (40128 bytes)
Hash
bbf967c24ec9deda08e3ecef994bffb8
963b670dbe0d1d025dab9a1180bae0be469ec519
b5042719aa693ccb50ddf9bb7a99d2df224389b5e8dbf4c2bb3b385b8e63bdd9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/login/icons.woff HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:37 GMT
content-type: font/woff
content-length: 40128
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: "635d25d4-9cc0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.216.88.5

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.216.88.5:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vFZYRM/9hIMuN1SUrF38Sw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1f+mdrY0YKHeMN3pjAwGltvnfOQ=

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14701
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 03:35:38 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14701
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 03:35:38 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14701
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 03:35:38 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14701
Expires: Sat, 10 Dec 2022 07:40:39 GMT
Date: Sat, 10 Dec 2022 03:35:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c3a6c54-dd12-46c8-8acb-7c425ab40af5.jpeg

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c3a6c54-dd12-46c8-8acb-7c425ab40af5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7811 bytes)
Hash
052b61a3bd1c839e1f5ce37834cad817
1fbbf8fb328a1406904d6346004e2c89c6ba2419
96dcb266eaec98f6305071598df3b49ca93234e0e8b1c8c9801a1a99d7f5c817

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c3a6c54-dd12-46c8-8acb-7c425ab40af5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7811
x-amzn-requestid: dc97f86e-a29c-4139-887a-e775a0327280
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eK4EH_oAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa45-3a38086160ac180b3f8cf5d8;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TM_0Q_GmJDuXth6JpRvm_JAZXwT-xFZEjzuMeIzfzBu1J5jQ_Tng9A==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:53:25 GMT
age: 20533
etag: "1fbbf8fb328a1406904d6346004e2c89c6ba2419"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7535 bytes)
Hash
a81548132f6f176f60e4fc278114ff84
3f330d6c27242cc3d65b975ab4a1c39b08fb69de
82095572be60a13b933293fa38a956e366a854becc5532dfccbf5893366ab702

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4acdd84d-55dd-4e5d-bcf3-ab9d63566335.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7535
x-amzn-requestid: 9c904976-42b9-40c9-aefa-201f0f84358f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMUHw7IAMFSng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-3a601e621f9f31c7509f4e52;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lqpcbADJan6TfJwh4c4A0pn6R11QwnLRxtyxQgFLLcCVvyVDMERfRg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:09 GMT
age: 20489
etag: "3f330d6c27242cc3d65b975ab4a1c39b08fb69de"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/token/token.js?v=6393fe889a36c

109.71.253.24

200 OK

13 kB

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/token/token.js?v=6393fe889a36c
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (1837), with no line terminators
Size
13 kB (12760 bytes)
Hash
7945f9f40fdfb7d43f844e8abec15a58
9cb6c87cf928f6911e36a9b43033fa7d07e9f5a9
c3b032ec5ed2dd90a9c03c52268b75d9d40c032528c68e3a53a54c10c02fa466

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/login/token/token.js?v=6393fe889a36c HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: application/javascript
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: W/"635d25d4-72d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/core/form/core_form.js

109.71.253.24

200 OK

14 kB

URL HTTP/2
web9259.web07.bero-webspace.de/in/core/form/core_form.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text
Size
14 kB (14410 bytes)
Hash
6b0c6c8eda00fbfab8d2b85eceb98346
2f01db2caf786e44ce89a10cb10e56cc16eb44de
fc3a606d1013ce33709ba0243762a7f727a421e16a6bf1eddd21dbb59b3557b6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/core/form/core_form.js HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: application/javascript
last-modified: Sat, 29 Oct 2022 13:08:34 GMT
etag: W/"635d25d2-5180"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5702 bytes)
Hash
15e70ae6d020b468c84816939a4329aa
be4d2e27d7d6041b17a4f3490126e4b73c68b8c1
188259d91d75505f7ee2253f80075b56174569b669ad17adbd88a06759a5f5aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68ffa2a-4440-4407-bedf-7e7bf7afdcba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5702
x-amzn-requestid: 0bd029d4-2c3b-4c62-ba67-4e28de3c0c6d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWF2woAMFq8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-34d8de9e4505e5d214083b44;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zQmBFpbXw0_W5_3CURt2oxwMCTsNPuTwYnBLdE4-UOVFDv4T0eMKmg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:13 GMT
age: 20485
etag: "be4d2e27d7d6041b17a4f3490126e4b73c68b8c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 84511
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: text/css
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: W/"635d25d4-bb690"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/form/form.js?v=6393fe889a36a

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/form/form.js?v=6393fe889a36a
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/login/form/form.js?v=6393fe889a36a HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: application/javascript
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: W/"635d25d4-d67"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /in/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: text/css
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: W/"635d25d4-43c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/favicon.ico

109.71.253.24

404 Not Found

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/favicon.ico
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 10 Dec 2022 03:35:37 GMT
content-type: text/html
last-modified: Mon, 05 Dec 2022 12:51:53 GMT
etag: W/"328-5ef1426d188cf"
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335733&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670643335735

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335733&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670643335735
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335733&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670643335735 HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:42 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/bower_components/font-awesome/css/font-awesome.min.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/bower_components/font-awesome/css/font-awesome.min.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /in/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: text/css
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: W/"635d25d4-7918"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/bower_components/jquery/dist/jquery.min.js

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/bower_components/jquery/dist/jquery.min.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: application/javascript
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: W/"635d25d4-15283"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335733&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1670643335734

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335733&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1670643335734
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335733&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1670643335734 HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:37 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/bower_components/ua-parser-js/dist/ua-parser.min.js

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/bower_components/ua-parser-js/dist/ua-parser.min.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: application/javascript
last-modified: Sat, 29 Oct 2022 13:08:36 GMT
etag: W/"635d25d4-4298"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/core/form/core_form.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/core/form/core_form.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /in/core/form/core_form.css HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: text/css
last-modified: Sat, 29 Oct 2022 13:08:34 GMT
etag: W/"635d25d2-12af"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/core/token/core_token.js

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/core/token/core_token.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /in/core/token/core_token.js HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:36 GMT
content-type: application/javascript
last-modified: Sat, 29 Oct 2022 13:08:34 GMT
etag: W/"635d25d2-4898"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9259.web07.bero-webspace.de/in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335731&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670643335732

109.71.253.24

200 OK

0 B

URL HTTP/2
web9259.web07.bero-webspace.de/in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335731&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670643335732
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /in/home.php?pl=token&link=ing.de&bid=48b7969ce140cb012903b177581cc976&callback=jQuery32108255304532002039_1670643335731&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670643335732 HTTP/1.1
Host: web9259.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9259.web07.bero-webspace.de/in/a1b2c3/48b7969ce140cb012903b177581cc976/login/?index=83580&feeder=3409ab0542dd0fae9d5dae600064daa1adbacea6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 03:35:37 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations