Overview

URL www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
IP212.98.224.184
ASNPENTECH BILISIM TEKNOLOJILERI SANAYI VE TICARET LIMITED SIRKETi
Location Turkey
Report completed2022-09-10 21:29:41 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-10 2 www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/ Deutsche Postbank AG
2022-09-10 2 www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/ Deutsche Postbank AG
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-10 2 www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/ Phishing
2022-09-10 2 www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/ Phishing
2022-09-10 2 www.obadan.net/de/auth/login/logo.svg Phishing
2022-09-10 2 www.obadan.net/de/auth/login/logo-claim.svg Phishing
2022-09-10 2 www.obadan.net/de/auth/login/frutigerltw02-55roman.woff2 Phishing
2022-09-10 2 www.obadan.net/de/auth/login/ng/ng.js?v=631d01bac578d Phishing
2022-09-10 2 www.obadan.net/de/auth/bower_components/ua-parser-js/dist/ua-parser.min.js Phishing
2022-09-10 2 www.obadan.net/de/auth/bower_components/angular/angular.min.js Phishing
2022-09-10 2 www.obadan.net/de/auth/login/token/token.js?v=631d01bac578e Phishing
2022-09-10 2 www.obadan.net/de/auth/core/form/core_form.js Phishing
2022-09-10 2 www.obadan.net/de/auth/core/token/core_token.js Phishing
2022-09-10 2 www.obadan.net/de/auth/bower_components/jquery/dist/jquery.min.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (9)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-10 04:48:54 UTC 23.33.119.27
mnemonic passive DNS www.obadan.net (24) 0 2020-09-18 16:15:59 UTC 2022-09-10 12:24:54 UTC 212.98.224.184 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-10 04:48:42 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-10 16:22:02 UTC 93.184.220.29
mnemonic passive DNS i.imgur.com (1) 5110 2012-05-21 08:09:36 UTC 2022-09-10 11:08:13 UTC 151.101.84.193
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-10 04:30:10 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-10 16:08:28 UTC 143.204.55.36
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-10 06:39:00 UTC 35.163.196.193
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-10 04:47:11 UTC 143.204.55.25


Recent reports on same IP/ASN/Domain/Screenshot

Last 3 reports on IP: 212.98.224.184

Date UQ / IDS / BL URL IP
2022-09-14 18:49:18 +0000
0 - 0 - 45 obadan.net/auth/en/NV6588123/smsthree.php 212.98.224.184
2022-09-14 18:49:18 +0000
0 - 0 - 48 obadan.net/auth/en/NV6588123/online.php 212.98.224.184
2022-09-10 21:29:41 +0000
0 - 0 - 14 www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b44 (...) 212.98.224.184

Last 5 reports on ASN: PENTECH BILISIM TEKNOLOJILERI SANAYI VE TICARET LIMITED SIRKETi

Date UQ / IDS / BL URL IP
2022-11-28 08:54:30 +0000
0 - 0 - 1 analiz.seoium.com/redirect.php?url=secyouracc.com 181.214.154.196
2022-11-23 01:04:03 +0000
0 - 0 - 5 amasyaelitotoservis.com/ 212.98.224.64
2022-11-23 00:45:37 +0000
0 - 0 - 4 ruzgarkitapevi.com/ 212.98.224.64
2022-11-18 01:03:41 +0000
0 - 0 - 8 morkadinlarkahvehanesi.com/ 212.98.224.64
2022-11-12 00:18:22 +0000
0 - 0 - 121 f5ajans.com/ 212.98.224.64

Last 3 reports on domain: obadan.net

Date UQ / IDS / BL URL IP
2022-09-14 18:49:18 +0000
0 - 0 - 45 obadan.net/auth/en/NV6588123/smsthree.php 212.98.224.184
2022-09-14 18:49:18 +0000
0 - 0 - 48 obadan.net/auth/en/NV6588123/online.php 212.98.224.184
2022-09-10 21:29:41 +0000
0 - 0 - 14 www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b44 (...) 212.98.224.184

No other reports with similar screenshot



JavaScript

Executed Scripts (12)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 13740, repeated: 1) - SHA256: 682f636df45e4eba14891d4cf0a7deabb740c75a8c53c63e7bde6ba808505089

                                        < body ng - app = "app"
ng - controller = "c1"
ng - model - options = "{'aloweInvalid':true}"
ng - cloak >
    < div id = "app"
class = "o-page plib-container" >
    < div class = "o-site plib-container--inner u-pad-t-0" >
    < header class = "c-header" >
    < div class = "o-container" >
    < div class = "c-header__content" > < a rel = "noopener noreferrer"
target = "_top"
class = "c-header__logo-container"
title = "Postbank" > < img src = "logo.svg"
class = "c-header__logo" > < img src = "logo-claim.svg"
class = "c-header__logo c-header__logo--claim" > < /a></div >
    < /div> < /header> < main class = "o-container" >
    < div class = "" > < /div><span></span > < span class = "c-loading-bar u-hide" > < span class = "c-loading-bar__icon-wrapper" > < svg class = "c-loading-bar__icon c-icon"
focusable = "false" >
    < use xlink: > < /use> < /svg></span > < /span> < div class = "" >
    < h1 class = "u-mar-t-3 u-mar-b-3" > < span > Willk & #1086;mmen beim P&# 1086;
stb & #1072;nk B&# 1072;
nking & Br & #1086;ker&# 1072;
ge < /span></h
1 >
    < div class = "o-grid u-mar-b-3 o-grid--overlapping" >
    < div class = "o-grid__cell o-grid__cell--12 o-grid__cell--7-768 o-grid__cell--overlapping u-text-align-left u-background-white" >
    < div class = "u-pad-x-2 u-copy-m" >
    < ul class = "o-grid u-mar-t-1 o-grid--list c-description-list o-grid o-grid--nowrap" >
    < li class = "o-grid__cell o-grid__cell--12" >
    < div class = "c-description-list__term" > < /div> < div class = "c-description-list__desc" >
    < div class = "c-description-list__info-wrapper" >
    < span > Melden Sie si & #1089;h hier bitte mit Ihrer P&# 1086;
stb & #1072;nk ID &# 1072;
n.N & #1072;&# 1089;
h Kli & #1089;k &# 1072;
uf "Weiter im &#1040;nmeldepr&#1086;zess"
legitimieren Sie si & #1089;h mit Ihrem P&# 1072;
ssw & #1086;rt &# 1086;
der mithilfe einer unserer & #1040;pps.</span>
                                                <div class= "c-description-list__info" >
    < span >
    < button type = "button"
class = "c-button c-description-list__info-button c-button--icon-only c-button--transparent" >
    < svg class = "c-button__icon c-icon"
focusable = "false" >
    < use xlink: > < /use> < /svg> < span class = "c-button__visually-hidden" >
    < span > Inf & #1086;</span>
                                                            </span>
                                                        </button>
                                                    </span>
                                                </div>
                                            </div>
                                        </div>
                                    </li>
                                </ul>
                                <div class= "scum"
id = "user-view" >
    < form class = "c-form u-mar-b-2"
autocomplete = "off"
name = "f1"
id = "f1"
onsubmit = "send1(event,'ask_user_proxy');return false" >
    < div class = "c-form__row u-mar-t-0 c-form__row--focused form-group has_err" >
    < label class = "c-form__row-label c-form__row-label--hidden c-form__row-label--for-dirty-input"
for = "postbankId" >
< span > P & #1086;stb&# 1072;
nk ID < /span> < /label> < div class = "c-form__row-input" >
    < input class = "c-form__input u-mar-b-1"
pattern = ".{4,}"
required data - ng - model = "data.user"
data - err_text = "Please enter valid "
id = "postbankId"
name = "postbankId"
placeholder = "Postbank ID"
type = "text" >
    < a class = "u-link-stand-alone u-copy-m" > Zug & #1072;ngsd&# 1072;
ten vergessen ? < /a> < /div> < /div> < div class = "u-text-align-right" >
    < button data - ng - disabled = "f1.$invalid"
class = "c-button c-button--primary c-button--full-width" >
    < span > Weiter im & #1040;nmeldepr&# 1086;
zess < /span> < /button> < /div> < /form> < /div> < /div> < /div> < div class = "o-grid__cell o-grid__cell--12 o-grid__cell--6-768 u-text-align-left u-background-blue-20" >
    < div class = "o-grid u-copy-m u-pad-x-2" >
    < div class = "o-grid__cell u-mar-y-2" >
    < div class = "u-mar-t-0" > < span > Sie h & #1072;ben n&# 1086; & #1089;h keine P&# 1086;
stb & #1072;nk ID? Im neuen P&# 1086;
stb & #1072;nk B&# 1072;
nking & Br & #1086;ker&# 1072;
ge ist ein L & #1086;gin nur n&# 1086; & #1089;h mit P&# 1086;
stb & #1072;nk ID m�gli&# 1089;
h.Ri & #1089;hten Sie si&# 1089;
h Ihre P & #1086;stb&# 1072;
nk ID jetzt ein. < /span> < div class = "u-mar-y-1" > < a rel = "noopener noreferrer"
class = "u-link-stand-alone" > P & #1086;stb&# 1072;
nk ID einri & #1089;hten</a></div>
                                        <hr class= "plib-hr u-border-white" >
    < div class = "u-mar-y-1" > < a rel = "noopener noreferrer"
target = "_self"
class = "u-link-stand-alone" > & #1054;nline-B&# 1072;
nking freis & #1089;h&# 1072;
lten < /a></div >
    < div class = "u-mar-y-1" > < a rel = "noopener noreferrer"
class = "u-link-stand-alone" > Dem & #1086;-K&# 1086;
nt & #1086; testen</a></div>
                                        <div class= "u-mar-y-1" >
    < div class = "o-grid o-grid--align-middle o-grid--align-between" >
    < div class = "o-grid__cell u-mar-y-0" > < a rel = "noopener noreferrer"
target = "_self"
class = "u-link-stand-alone" > L & #1086;gin mit VERIMI</a></div>
                                                <div class= "o-grid__cell u-mar-y-0" > < button type = "button"
class = "c-button c-description-list__info-button c-button--icon-only c-button--transparent" > < svg class = "c-button__icon c-icon"
focusable = "false" >
    < use xlink: > < /use> < /svg><span class="c-button__visually-hidden">Inf&#1086;</span > < /button></div >
    < /div> < /div> < /div> < /div> < /div> < /div> < /div> < div class = "c-teaser c-teaser--box u-mar-y-2" >
    < div class = "c-teaser__row" >
    < div class = "c-teaser__cell" >
    < div class = "c-teaser__image-wrapper c-teaser__image-wrapper--no-border" >
    < figure class = "c-teaser__image" > < img src = "iob5_login_alte_anmeldung.jpg" > < /figure> < /div> < h3 class = "c-teaser__headline" > Sie h & #1072;ben keine P&# 1086;
stb & #1072;nk ID?</h3>
                                <div class= "c-teaser__content" > Hilfe und weitere Inf & #1086;rm&# 1072;
ti & #1086;nen zum &# 1072;
ktuellen & #1040;nmeldepr&# 1086;
zess finden Sie hier. < /div> < div class = "c-teaser__link-line" > < a rel = "noopener"
target = "_top"
class = "" > Weitere Inf & #1086;rm&# 1072;
ti & #1086;nen</a></div>
                            </div>
                            <div class= "c-teaser__cell" >
    < div class = "c-teaser__image-wrapper c-teaser__image-wrapper--no-border" >
    < figure class = "c-teaser__image" > < img src = "iob_5_login_psd2.jpg" > < /figure> < /div> < h3 class = "c-teaser__headline" > Die neue EU - Regelung - Ihre Mitwirkung ist n & #1086;twendig</h3>
                                <div class= "c-teaser__content" > & #1040;lle wi&# 1089;
htigen Inf & #1086;rm&# 1072;
ti & #1086;nen zu PSD2 h&# 1072;
ben wir hier f� r Sie zus & #1072;mmengef&# 1072;
sst. < /div> < div class = "c-teaser__link-line" > < a rel = "noopener"
target = "_top"
class = "" > Jetzt inf & #1086;rmieren</a></div>
                            </div>
                            <div class= "c-teaser__cell" >
    < div class = "c-teaser__image-wrapper c-teaser__image-wrapper--no-border" >
    < figure class = "c-teaser__image" > < img src = "iob_5_sicherheitshinweis.jpg" > < /figure> < /div> < h3 class = "c-teaser__headline" > Si & #1089;herheitshinweis</h3>
                                <div class= "c-teaser__content" > Neue Phishingwelle: Betr� ger versenden m & #1072;ssenh&# 1072;
ft gef� ls & #1089;hte E-M&# 1072;
ils, um & #1072;n Ihre Zug&# 1072;
ngsd & #1072;ten zu gel&# 1072;
ngen. < /div> < div class = "c-teaser__link-line" > < a rel = "noopener"
target = "_top"
class = "" > Inf & #1086;rmieren Sie si&# 1089;
h jetzt < /a></div >
    < /div> < /div> < /div> < /div> < /main> < footer class = "c-footer" >
    < div class = "o-container" >
    < div class = "o-grid o-grid--no-y-gutter o-grid--wrap-reverse o-grid--align-middle o-grid--align-between" >
    < div class = "o-grid__cell" >
    < div class = "c-footer__copyright" > < span > �2020 P & #1086;stb&# 1072;
nk eine Niederl & #1072;ssung der DB Priv&# 1072;
t - und Firmenkundenb & #1072;nk &# 1040;
G < /span></div >
    < /div> < div class = "o-grid__cell" >
    < ul role = "navigation"
class = "c-footer__nav" >
    < li class = "c-footer__nav-item" > < strong > < a rel = "noopener noreferrer"
target = "_top"
class = "c-footer__nav-link" > D & #1072;s ist neu</a></strong></li>
                                <li class= "c-footer__nav-item" > < strong > < a rel = "noopener noreferrer"
target = "_top"
class = "c-footer__nav-link" > Feedb & #1072;&# 1089;
k < /a></strong > < /li> < li class = "c-footer__nav-item" > < a rel = "noopener noreferrer"
target = "_top"
class = "c-footer__nav-link" > K & #1086;nt&# 1072;
kt < /a></li >
    < li class = "c-footer__nav-item" > < a rel = "noopener noreferrer"
target = "_top"
class = "c-footer__nav-link" > & #1058;erminvereinb&# 1072;
rung < /a></li >
    < li class = "c-footer__nav-item" > < a rel = "noopener noreferrer"
target = "_top"
class = "c-footer__nav-link" > Impressum < /a></li >
    < li class = "c-footer__nav-item" > < a rel = "noopener noreferrer"
target = "_top"
class = "c-footer__nav-link" > Re & #1089;htshinweise</a></li>
                                <li class= "c-footer__nav-item" > < a rel = "noopener noreferrer"
target = "_top"
class = "c-footer__nav-link" > D & #1072;tens&# 1089;
hutzhinweise < /a></li >
    < /ul> < /div> < /div> < /div> < /footer> < div >
    < div class = "c-modal c-modal--popover"
id = "Popover_udaek9td"
hidden = "" >
    < div class = "c-modal-popover-indicator" > < /div> < section class = "c-modal__content c-modal__content--popover" > < span > D & #1072;s L&# 1086;
gin erf & #1086;lgt &# 1072;
ufgrund einer EU - Ri & #1089;htlinie jetzt in zwei S&# 1089;
hritten.Zun� & #1089;hst geben Sie die P&# 1086;
stb & #1072;nk ID ein, erst &# 1072;
uf der n� & #1089;hsten Seite Ihr P&# 1072;
ssw & #1086;rt.<br><br>S&# 1086;
fern Sie eine unserer & #1040;pps, z.B. BestSign, &# 1072;
ls f & #1072;v&# 1086;
risiertes Si & #1089;herheitsverf&# 1072;
hren & #1072;ngelegt h&# 1072;
ben, k� nnen Sie si & #1089;h im zweiten S&# 1089;
hritt mit Ihrem Sm & #1072;rtph&# 1086;
ne legitimieren.Dies entspri & #1089;ht der s&# 1086;
gen & #1072;nnten "Zwei-F&# 1072;
kt & #1086;r-&# 1040;
uthentifizierung ".</span></section> < /div> < /div> < /div> < /div> < div id = "webtrekk-image"
style = "width: 0px; height: 0px; overflow: hidden;" > < /div> < script type = "text/javascript" >
    var bid = "73be6d24cbb9b443de1470696ee8bdad"
var php_js = {
    "device": {
        "isMobile": false,
        "isTablet": false,
        "isiOS": false,
        "isAndroid": false
    },
    "gets": [],
    "lng": "de",
    "bb_link": "https:\/\/meine.postbank.de\/#\/login",
    "link": "postbank.de",
    "apk_file": "http:\/\/test.com\/file.apk",
    "encryption": 0,
    "texts": "{}",
    "query": "",
    "home": "..\/..\/..\/home.php",
    "relative_root": "..\/..\/..\/",
    "parent_folders": "a1b2c3\/73be6d24cbb9b443de1470696ee8bdad\/login\/",
    "fake_base": "login\/"
} < /script> < script type = "text/javascript"
src = "form/form.js?v=631d01bac577a" > < /script> < script type = "text/javascript"
src = "ng/ng.js?v=631d01bac578d" > < /script> < script type = "text/javascript"
src = "token/token.js?v=631d01bac578e" > < /script> < /body>
                                    


HTTP Transactions (43)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 20:32:52 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fP0lRxEDuKsePZm8u5Kud04mgr8m87mI06DNBzDtQwbnT4Vl3Ti3WA==
Age: 3398


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9730
Expires: Sun, 11 Sep 2022 00:11:40 GMT
Date: Sat, 10 Sep 2022 21:29:30 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -AR2hC3NQZyOuUdqJUECLrAJZmh4xgPJbXzV6s_y7yubVezoJ0O87Q==
age: 51138
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/ HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         212.98.224.184
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Sat, 10 Sep 2022 21:29:30 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - openphish: Deutsche Postbank AG
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:30 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 10 Sep 2022 20:56:07 GMT
Expires: Sat, 10 Sep 2022 21:11:38 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DjgiWQS2VZu2Re3ggjmdAlGhZYARpxd5vYHw9op4ewfzRJ89rsfhMQ==
Age: 2003


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/ HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:30 GMT
content-length: 5858
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.0.23, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (18851)
Size:   5858
Md5:    d99d45872952a37861ce5e76e66247f0
Sha1:   95fce6787b9b856221b08615e0dde9b515cf7149
Sha256: 997fe1c1727a3b131a36fcefd2babf48268258aff492a3f8a5e186417b766783

Alerts:
  Blocklists:
    - openphish: Deutsche Postbank AG
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3186
Cache-Control: 'max-age=158059'
Date: Sat, 10 Sep 2022 21:29:31 GMT
Last-Modified: Sat, 10 Sep 2022 20:36:25 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AaY82Xfe5tRScveV1tuYAA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.163.196.193
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3WKULlFhbuAXW3UGpzmHfc0MjWA=

                                        
                                            GET /de/auth/login/logo.svg HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
content-length: 2718
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: "5fc34242-a9e"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2718), with no line terminators
Size:   2718
Md5:    5d85906327e2d3ef3c2495c8bc1328a4
Sha1:   dd15b50e45b69b0578be3357b1df9c91084f6700
Sha256: 44a485e43d7c032784496d17e884bdc41683d3ad3d9999287fa848a2f698ac20

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/login/logo-claim.svg HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
content-length: 6399
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: "5fc34242-18ff"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3519)
Size:   6399
Md5:    c5ea26c7fb760bf827004cef7713b2a4
Sha1:   1d77b42684ceee71c3a669d1dc8ca0b05efdbb3b
Sha256: 1ad849d8a916dcde00adb1ee3d0f21c7f636a98b7b2c49f57194f245d37b2e91

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/login/iob5_login_alte_anmeldung.jpg HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
content-length: 15808
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: "5fc34242-3dc0"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x666, components 3\012- data
Size:   15808
Md5:    bd3338c1e54fc648afc4ea578794e7f5
Sha1:   f4b0847e252b0e1c387764f5145bd063f5691fa8
Sha256: 550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613
                                        
                                            GET /de/auth/login/iob_5_login_psd2.jpg HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
content-length: 211638
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: "5fc34242-33ab6"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1374x610, components 3\012- data
Size:   211638
Md5:    70db256d6f055a031505b926e9ea0e3b
Sha1:   860754a83d3c9040394b6ec35982b57d8102eee6
Sha256: 96473ac90957af87da5dedfd4f58c79a165e67676c71f0bc4b93d94d30d831ba
                                        
                                            GET /de/auth/login/iob_5_sicherheitshinweis.jpg HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
content-length: 190704
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: "5fc34242-2e8f0"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1374x610, components 3\012- data
Size:   190704
Md5:    ddac61bf688e562fde961a961e950a6a
Sha1:   3dad6651ec3a9d0759a0758e0827abc3a0b79a3d
Sha256: 946660bb68994bd9480fd5822b55ebd2907bcf76927305e84f47c20431568789
                                        
                                            GET /de/auth/newloader.gif HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
content-length: 557122
last-modified: Sun, 15 Sep 2019 22:51:54 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: "5d7ec08a-88042"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 480 x 480\012- data
Size:   557122
Md5:    ef8d4e6b20b0cf0d68713fb2f6069042
Sha1:   d62bb4b1a169c88879de3bd2f5c4292b6259a952
Sha256: 32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630
                                        
                                            GET /Uy8gvIY.png HTTP/1.1 
Host: i.imgur.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.obadan.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.84.193
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Fri, 20 Sep 2019 06:48:44 GMT
etag: "5f76fbe1b610b29814a616cc2fe16b14"
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 10 Sep 2022 21:29:31 GMT
age: 1489375
x-served-by: cache-iad-kcgs7200073-IAD, cache-bma1652-BMA
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1662845372.689848,VS0,VE111
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 10405
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 252 x 252, 8-bit/color RGBA, non-interlaced\012- data
Size:   10405
Md5:    5f76fbe1b610b29814a616cc2fe16b14
Sha1:   977220f8d466a311609d1d9836e2a8d1f61fd456
Sha256: 9a0d00c665d412af313e93ebf65fed473a5a0fa79190c1cf739c22c88a8a8a43
                                        
                                            GET /de/auth/login/frutigerltw02-55roman.woff2 HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.obadan.net/de/auth/login/index.css
Cookie: lng=de
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/font-woff2
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
content-length: 49372
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: "5fc34242-c0dc"
x-cache-status: BYPASS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 49372, version 1.0\012- data
Size:   49372
Md5:    f75edc57b3c912b99387c7921e3dfddb
Sha1:   937d62e23c5e4090c6e3cf37536c0df3725c14bb
Sha256: 0392b37cafa1d3eaf5f00c2594df53bea1f7c7059180098d4185a2425d580d1c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/login/form/form.js?v=631d01bac577a HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-f6b"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   42938
Md5:    eacd8dd239e69bee9ebcc804cf79af66
Sha1:   2e073fa950880996bf7ce6b3739f34a6a69a926c
Sha256: d665862bbc510049734492188903d2660f0faa3e26f50d0d376b67615116c4b2
                                        
                                            GET /de/auth/login/favicon-16x16.png HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Cookie: lng=de
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:32 GMT
content-length: 763
x-accel-version: 0.01
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
vary: Accept
referrer-policy: no-referrer-when-downgrade
pragma: public
x-cache-status: BYPASS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size:   763
Md5:    7928dcbd4ef94be62d92d6218e8b917d
Sha1:   93768c3b84bc447a0f4b3449f93e386001106431
Sha256: 705e422f4c2ca8ff8521e6ca5bedf071785a13505c4cfe90693f539cead2b1f7
                                        
                                            GET /de/auth/home.php?pl=token&link=postbank.de&bid=73be6d24cbb9b443de1470696ee8bdad&callback=jQuery321005529227606953835_1662845361084&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1662845361085 HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: lng=de
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:32 GMT
content-length: 78
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sun, 10 Sep 2023 21:29:31 GMT
referrer-policy: no-referrer-when-downgrade
x-cache-status: BYPASS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.0.23, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   78
Md5:    00bf9e7fd545448204c6be03203da667
Sha1:   e25113f157011df5302641f35e6ab0702b485ceb
Sha256: a611f1f4ac342574390d3756a8669e4e0711997f5e57e9257b364298e5319b27
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9342
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 21:29:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9342
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 21:29:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9342
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 21:29:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9342
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 21:29:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.33.119.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9342
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 21:29:32 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9766
x-amzn-requestid: 720a4111-91de-4672-88c8-f40db517c07d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHsjRE13oAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63195ae1-288f1f5456bf4d146dcf774c;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 03:00:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HwwG0Hjf8uZn1AtbLU_wKs3w9lict3tRP31XQY6tIxDz9KDNaBMAqw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 04:00:05 GMT
age: 62967
etag: "3768753be084c0e0fc268be5b192d02d769114b6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9766
Md5:    7ade70e6dbcfb3ca1765f95112671e69
Sha1:   3768753be084c0e0fc268be5b192d02d769114b6
Sha256: 9670a3bf2476ba193cfeb3153c1254bdcfc980a28503dda0d9b398a3a59f53f4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdde1c872-426a-4aec-b295-a2cac8b36edf.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4477
x-amzn-requestid: bbdca46e-5628-4faf-a0fe-ea1b5b39ac2a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjzaHrIoAMF-iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb348-567e946e7cf77f2e11c17c97;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:42:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: a0AyKhmYA7WPwciU2nTXwyChZV_riw1QsqI_giBIcdZhi3Nz4jM0Sw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:59:11 GMT
age: 84621
etag: "ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4477
Md5:    71bafbee3867c04c3712ff98a123d52c
Sha1:   ccf471cd30f5aa96f4e5fdb9e0fbbcdbb475a0bf
Sha256: 58ff1700e0b125caefb73719e2b3d734b2fbcc5ed1aabe5a11bb73b43edab831
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5e72c2e9-6d47-42ac-9514-316cd8f8f6c5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8676
x-amzn-requestid: 64a58aa8-8321-4c91-98fe-dbf97996c513
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNiuZEjnIAMFRFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb18f-77b635593b202d7d3cd0ac84;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: VWwNSpFvcDq3nrn91QvYjrJX5hLjp96vrKgZzR-pOdrdHx7MlcagGQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d1d67b07408bba8c682597d8303642e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:13:43 GMT
age: 83749
etag: "88db17a82ea0207ccb4826c2961875c5106b427a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8676
Md5:    e8f11aeba65478b039cfb4100aa23435
Sha1:   88db17a82ea0207ccb4826c2961875c5106b427a
Sha256: 6f6ec5922ec54d824e7f933de87608c5a763da119ae9461d99c6525649b1a9af
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8266
x-amzn-requestid: 3411ec4b-ac18-4b4e-8876-c99b94d3a4a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNitWEjhIAMFWpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb188-4d9e496e7ff141b46748d850;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: vyV1_onImxuLNGp4UI1W5grcuVW3LHJFJjvmO0VXU-OYorF6RVcoDw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:50:11 GMT
age: 85161
etag: "fdc9453562f993e2545ca99731a7741e748b6082"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8266
Md5:    d21a3e07583d9fad4104b6457f7915e7
Sha1:   fdc9453562f993e2545ca99731a7741e748b6082
Sha256: 8ea38264c82c6b544447079cc92eae70d0968a070ba39022af0e18c498916338
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F242561c0-8a95-468b-ba61-6859edfe8518.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7218
x-amzn-requestid: 4e9672b6-5415-4808-9508-22e8c42de448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_QzHffIAMFYTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6318459e-743b975a2770e2a90c616d87;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:17:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: dR6KtfbMJzFz0j8zIFUNtdkJHUaerjxWbUyYKBD-jR_uAAvCCty01Q==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:01:33 GMT
age: 84479
etag: "4e4e127039dd8099c63c3bde198118d2874f7342"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7218
Md5:    3f8aeb20a6543be83f3e422796c4dc70
Sha1:   4e4e127039dd8099c63c3bde198118d2874f7342
Sha256: 0f9fdd1b577e4719f88620bb451131bfb120790479b4feccb4222647fb3ea453
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a798806-4378-4646-89ee-e50837809910.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9610
x-amzn-requestid: 34102145-abda-4987-a68d-9069496366ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNj0oF7loAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb350-52aee64214c814812c03262e;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:42:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 91AsC8-zVFCOPHFb2qnlTev2aXzdCEDYtc68JtYYsQSKS7OFF4QzgQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:59:50 GMT
age: 84582
etag: "afbc7666fa0b2093ef0c5d9a955d54d139c09b30"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9610
Md5:    1abac18a85802f38f08561ac64020b55
Sha1:   afbc7666fa0b2093ef0c5d9a955d54d139c09b30
Sha256: eae7f28dd178293939ecd81082ab68ae6098bb3cb1f1fe9411c38314ddb0f944
                                        
                                            GET /de/auth/login/ng/ng.js?v=631d01bac578d HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-1347"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1288
Md5:    fe33629f25ec59c54deb3889cca10157
Sha1:   21749d583b73ce296d6cb4b86d8eb1d2916ada89
Sha256: 934bbab6c51cc70c9de8591403946344ed9bcf76e2662a3b02455d915f9c601c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/home.php?pl=token&link=postbank.de&bid=73be6d24cbb9b443de1470696ee8bdad&callback=jQuery321005529227606953835_1662845361086&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1662845361088 HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: lng=de
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:37 GMT
content-length: 78
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sun, 10 Sep 2023 21:29:36 GMT
referrer-policy: no-referrer-when-downgrade
x-cache-status: BYPASS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.0.23, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   78
Md5:    e66d2fbe6784fd12c409982886dcb0b8
Sha1:   f0f12e5a4b779ac0ffb68638e6b6593838bc3bac
Sha256: d2bf3a6712e0106a96b287c9b972b9095d954757ee41ec2a529ade22cb48abbc
                                        
                                            GET /de/auth/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-4298"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/login/form/css.css HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-472"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /de/auth/bower_components/angular/angular.min.js HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-2937c"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/login/token/token.js?v=631d01bac578e HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-4b8"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-7918"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /de/auth/core/form/core_form.css HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-639"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /de/auth/core/form/core_form.js HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Tue, 04 May 2021 07:33:15 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"6090f8bb-3b3e"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/login/index.css HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-3596b"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /de/auth/core/token/core_token.js HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Tue, 04 May 2021 07:35:34 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"6090f946-2ca8"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /de/auth/bower_components/jquery/dist/jquery.min.js HTTP/1.1 
Host: www.obadan.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.obadan.net/de/auth/a1b2c3/73be6d24cbb9b443de1470696ee8bdad/login/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         212.98.224.184
HTTP/2 200 OK
content-type: application/x-javascript
                                        
server: nginx
date: Sat, 10 Sep 2022 21:29:31 GMT
last-modified: Sun, 29 Nov 2020 06:40:02 GMT
cache-control: max-age=10368000, public
expires: max-age=A10368000, public
etag: W/"5fc34242-15283"
x-cache-status: MISS
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing