r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12465
Expires: Sat, 10 Dec 2022 03:46:28 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2299
Expires: Sat, 10 Dec 2022 00:57:02 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 23:33:15 GMT
content-type: application/json
age: 2728
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9128
Expires: Sat, 10 Dec 2022 02:50:51 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: F6ZoF5qyrNFnMeyvGwoL25fUxiearqsW9VMByfOENO5Ew1vfwK3VYgOp6Y4xyietRzTg1x6F/MM=
x-amz-request-id: N99TEA7RMRWEZ3S7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 23:50:27 GMT
age: 1696
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 70f0b6d58abe839099ebffbaba883e10
f231d688ebb6cbd71b13a1fa807253d347cd881d
80358da14b70974e4de31d349c2d21f16c0bdb7049fa50939976f5167d67ccf9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80358DA14B70974E4DE31D349C2D21F16C0BDB7049FA50939976F5167D67CCF9"
Last-Modified: Wed, 07 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13881
Expires: Sat, 10 Dec 2022 04:10:04 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive
web9254.web07.bero-webspace.de/
109.71.253.24200 OK 453 B URL HTTP/2 web9254.web07.bero-webspace.de/
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 40dd9d607719e0bb19bbe5ddbadba05f
51f2d273e0061dfebfdbeae2aef22a84eaa17436
f3c02b5c14cd08281cdd2c24e1240530cf0dd9fc3a4cbd0be9e6ca07c74b5642
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET / HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:43 GMT
content-type: text/html; charset=UTF-8
content-length: 453
set-cookie: real=OK
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 00:07:55 GMT
age: 649
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4581
Cache-Control: max-age=122672
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 00:18:44 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 10:23:16 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.42.74.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.74.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 23HdoFViYyMevGjliKsidw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Hx66yxr+GXmkiQfXfc2HJYKEPRU=
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077?
109.71.253.24301 Moved Permanently 369 B URL HTTP/2 web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077?
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9a72c6cc311b626e486e757a2ec3b441
b7988fa8dc2453c819f7435fbf2617a3dffed64f
82b0213377ccfd54c71215c8986649d48a8cefff955058f034da2871b63e9abc
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077? HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 10 Dec 2022 00:18:44 GMT
content-type: text/html; charset=iso-8859-1
content-length: 369
location: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/?
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/?
109.71.253.24302 Found 0 B URL HTTP/2 web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/?
IP 109.71.253.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077/? HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web9254.web07.bero-webspace.de/
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 10 Dec 2022 00:18:44 GMT
content-type: text/html; charset=UTF-8
content-length: 0
set-cookie: bid=320a64d46662268b9d3f3a0ff6518077; expires=Mon, 09-Jan-2023 00:18:44 GMT; Max-Age=2592000; path=/
location: login/?
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
109.71.253.24200 OK 3.6 kB URL HTTP/2 web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (624)
Hash 6f25a22ab1b4dd139e3fb117558cfbd5
9ef1b345a554a08a93961d87748f30bd3cddc031
30b2a3156c9ce234cd20a3c8ab4b0d4685318b787203489d9c1f9bb56ffc654b
GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/? HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web9254.web07.bero-webspace.de/
Connection: keep-alive
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/html; charset=UTF-8
content-length: 3634
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/form/css.css
109.71.253.24200 OK 170 B URL HTTP/2 web9254.web07.bero-webspace.de/login/form/css.css
IP 109.71.253.24:0
Hash 43cde8a2a2dab0fda7077cc54921ecf7
24758e59cbd72bbd0e514168d07e047629351cca
37ea3144d673d96fffab505fc77eb26ded12c3fb0a4efe77180d26a11ffa6939
Analyzer Verdict Alert openphish Apple Inc.
GET /login/form/css.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
content-length: 170
x-accel-version: 0.01
last-modified: Sat, 02 May 2020 18:47:44 GMT
etag: "f1-5a4aebbb4b400-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/image_large-4.svg
109.71.253.24200 OK 554 B URL HTTP/2 web9254.web07.bero-webspace.de/login/image_large-4.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (554), with no line terminators
Hash 5465cc591da2ac562ae16bb33f3575b8
a4d805677d0ca6aa4041c0fa06ad2f9cb37551c7
1e281e5d429981905e0c937ed7b9ca93559569504d49640c494aae8da7c58ef5
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/image_large-4.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 554
x-accel-version: 0.01
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "22a-5a499331c5680"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/image_large.svg
109.71.253.24200 OK 1.7 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/image_large.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Hash 6bb5a35f8ff457e2f8b345bd6597e2e4
6f69f11b5c66326f2e4b63c8276195653c79a137
d577c9d1bad004bdabb9d0995cec0714e98b76e6053f2765ed09c23de6f328b0
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/image_large.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 1694
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-69e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js
109.71.253.24200 OK 7.1 kB URL HTTP/2 web9254.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js
IP 109.71.253.24:0
File type Unicode text, UTF-8 text, with very long lines (16817)
Hash 34764e5c02b533630d6bcf080ab5f456
383124b368c1bed833751775af306af8839fbeb3
2d99fbc979eec2d9d321074a63f51871454c9dd351591e2e09059a66f8056c82
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Thu, 12 Oct 2017 14:16:24 GMT
etag: W/"59df7938-4298"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/form/form.js?v=6393d06527df0
109.71.253.24200 OK 1.9 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/form/form.js?v=6393d06527df0
IP 109.71.253.24:0
Hash 791eb7c3282911bff8c3482d44433bad
81b2471350a1a734c121c4aef216faf23943d55c
44a45f4b2f3e7c51f4eed98c41df6165ec6944c53795a018b90b6c75db07c770
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/form/form.js?v=6393d06527df0 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Sat, 02 May 2020 18:42:38 GMT
etag: W/"5eadbf1e-c43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/core/form/core_form.css
109.71.253.24200 OK 1.8 kB URL HTTP/2 web9254.web07.bero-webspace.de/core/form/core_form.css
IP 109.71.253.24:0
Hash b1eda2f916115795eee15a0eeab2ffbc
2a53532ca32ddeb7e58bc5fbb523aee2832707be
185fedbc6e0c3afbcc938d7d6b5dadaea303a92d9a8b0af5ee144e3ea16719dd
Analyzer Verdict Alert openphish Apple Inc.
GET /core/form/core_form.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Wed, 06 May 2020 17:48:30 GMT
etag: W/"5eb2f86e-b49"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/app-eyebrow.css
109.71.253.24200 OK 26 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/app-eyebrow.css
IP 109.71.253.24:0
File type Unicode text, UTF-8 text, with very long lines (64864), with no line terminators
Hash 3f7857923af0ea0847e7c9097e0bcae9
ad5fb0d13580a38bb871652a1366f39482daa973
321b437e7793c40705ff22ead74959a06ba42d3e403cb6b52c6998e4397151fc
Analyzer Verdict Alert openphish Apple Inc.
GET /login/app-eyebrow.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-55d73"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js
109.71.253.24200 OK 30 kB URL HTTP/2 web9254.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js
IP 109.71.253.24:0
File type ASCII text, with very long lines (32058)
Hash da27b87c0409127494a7fd42deccadeb
a1862bb515de8b2cef71a8739e5e681ed2a784a8
e15237a9f876e600308aeebc453faa78b7c10d4da86c874befd835758cd9e6dd
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Mon, 05 Jun 2017 09:55:06 GMT
etag: W/"59352a7a-15283"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/image_large-3.svg
109.71.253.24200 OK 1.7 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/image_large-3.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1661), with no line terminators
Hash 52a5a165c8306386b352ac17162dfa27
d6e74d86852625275e44fcd469626eef00a5b847
db645e8610c56a69be65cf9cf0ceebbb20bc505f1b91661b1617f8f7f26dbfc9
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/image_large-3.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 1661
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-67d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/ac-globalfooter.built.css
109.71.253.24200 OK 5.5 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/ac-globalfooter.built.css
IP 109.71.253.24:0
File type Unicode text, UTF-8 text, with very long lines (43249)
Hash 45737b7f368562d8bb65bc5baa506d3b
35a78666351a1d37fc1f652e8a678ee0a991f6ab
03c47586275e937c700178fd7f69b6db5174c7a9673545a89d66b55203516874
Analyzer Verdict Alert openphish Apple Inc.
GET /login/ac-globalfooter.built.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-a998"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/app_icons@2x.png
109.71.253.24200 OK 30 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/app_icons@2x.png
IP 109.71.253.24:0
File type PNG image data, 1312 x 136, 8-bit colormap, non-interlaced\012- data
Hash d9853b24ef078d487b542ed06655688c
53d40bb9f531ed8d337881e5dbdc1836f1f6e711
2f1cd57b13f6da9ea0610baa24c660ed5ae99bec708acd0c263b2fbd0cb2e59d
Analyzer Verdict Alert openphish Apple Inc.
GET /login/app_icons@2x.png HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/app-eyebrow.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/png
content-length: 29982
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-751e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
109.71.253.24200 OK 10 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
IP 109.71.253.24:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c17ff44828da4e80cb2fa6d896ba7094
20394f1bf515e39010b12330884f205995811a02
d2a8c6d18ff3153578a8ea93b94bb6e8fd32b97f9df5484e6e1b56fba06a061b
Analyzer Verdict Alert openphish Apple Inc.
GET /login/ac-globalnav.built.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-18555"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/sf-pro-text_regular.woff2
109.71.253.24200 OK 156 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/sf-pro-text_regular.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 155504, version 1.0\012- data
Size 156 kB (155504 bytes)
Hash 4487d81faed77dca1eedb32fe8874ce6
aa519492c8d0b48c5dbb6812b84948fcebef569b
78f1a8f3787f77f7ab4fcbb12c87f5cd412556c04991cdadaacddcd9b5a3e68a
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/sf-pro-text_regular.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 155504
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-25f70"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/CZEflag.png
109.71.253.24404 Not Found 170 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/CZEflag.png
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size 170 kB (169726 bytes)
Hash f0d93c3397865a68316d43de11b4af39
9de7042dda371b49c120152a87301eb51f65677c
31eb1d6ca19f90e8dae3825d40aa23f561a6adff6167c86850280af667a598d3
Analyzer Verdict Alert openphish Apple Inc.
GET /login/CZEflag.png HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/html
last-modified: Mon, 05 Dec 2022 00:21:38 GMT
etag: W/"328-5ef09abc013ff"
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/index.css
109.71.253.24200 OK 198 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/index.css
IP 109.71.253.24:0
Size 198 kB (197523 bytes)
Hash af2f54f95ba0b397931c423d7dad8a5f
ad810845122724e44d576d5771415e25df408bfe
56f3c0bdb7073194a3d527a5f358f1a87aeb51a2c193c7325e0def5728232c5d
Analyzer Verdict Alert openphish Apple Inc.
GET /login/index.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:17:24 GMT
etag: W/"5eac59a4-e61"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/image_large-8.svg
109.71.253.24200 OK 707 B URL HTTP/2 web9254.web07.bero-webspace.de/login/image_large-8.svg
IP 109.71.253.24:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text
Hash c3671f1609026359787b8d8cdeb77c28
c1c548f809fd0323a821474955e3c9c4d9bf8e6a
4209a6165a7b44b64f4a2b7bae04d1eac5367dcb03e823d9836bdaddfac5491a
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/image_large-8.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 707
x-accel-version: 0.01
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "2c3-5a499331c5680"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/sf-pro-display_semibold.woff2
109.71.253.24200 OK 154 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/sf-pro-display_semibold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 154460, version 1.0\012- data
Size 154 kB (154460 bytes)
Hash 87746eade3e253a4627cbfb7b623e0c2
cf2cdaff548f56cbed177496fc648e6abfb42d4d
f1106e805d9becbfc348fdecb2183031e7d0699057a2474a53818769fa54c9e1
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/sf-pro-display_semibold.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 154460
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-25b5c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/SFProIcons_regular.woff
109.71.253.24200 OK 10 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/SFProIcons_regular.woff
IP 109.71.253.24:0
File type Web Open Font Format, TrueType, length 10380, version 1.0\012- data
Hash 9caca193fe7bff016ef17e26937711d9
121e523fe8f27d18017c2f7a056f2f14bf43bfc9
3b7d2b4c5417a697678081ed3b344955f0b25e694171178b0c01e029b4a18e8b
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/SFProIcons_regular.woff HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff
content-length: 10380
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-288c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/sf-pro-text_regular-italic.woff2
109.71.253.24200 OK 106 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/sf-pro-text_regular-italic.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 105772, version 1.0\012- data
Size 106 kB (105772 bytes)
Hash 20cc9827afffc719fe0d7129d2f2f0e1
1246fd2fe187388725247b3a757975d2e2dc1725
eac59ea281b80a72c8c08f89e8f0c496e1fb2321b5ac5092c895cd21684d4e47
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/sf-pro-text_regular-italic.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 105772
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-19d2c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/sf-pro-text_semibold.woff2
109.71.253.24200 OK 170 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/sf-pro-text_semibold.woff2
IP 109.71.253.24:0
File type Web Open Font Format (Version 2), TrueType, length 169880, version 1.0\012- data
Size 170 kB (169880 bytes)
Hash 09fb0327ff81b3186001b2ed71717a31
72cfbb4127e0a8f8e7341d26229a9c91f25cf791
970e676c52b275a819ab9170ec4427370cc6c7033aa2e6b0b9cb71b977b72542
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/sf-pro-text_semibold.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 169880
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-29798"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
109.71.253.24200 OK 2.1 kB URL HTTP/2 web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
IP 109.71.253.24:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (412)
Hash e877f7042eaec4d91058ced0b316ca6c
c2f67c9329cc7f3f53f1d66c7032de64ce5783e7
d4b6a16dfd30020642b41c72e2c4cc5f955891a1578b681338fb9358e160ce4d
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/html; charset=UTF-8
content-length: 2098
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/favicon.ico
109.71.253.24200 OK 9.1 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/favicon.ico
IP 109.71.253.24:0
File type MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Hash 28ec4eaba5ae210b98a11257caf5bade
6164148a39d6a27286641896fce3b76f439aeab1
3f5086612aae9363c9fb02949219cef19854c18fe5ad4eda78aa1aefcc79cc71
Analyzer Verdict Alert openphish Apple Inc.
GET /login/favicon.ico HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/vnd.microsoft.icon
content-length: 9062
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-2366"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/aid_logo@2x.png
109.71.253.24200 OK 4.0 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/aid_logo@2x.png
IP 109.71.253.24:0
File type PNG image data, 420 x 112, 8-bit colormap, non-interlaced\012- data
Hash b4078eac966b821303e7dd5c64918cb5
8942c5c68a7b16459b1e76749d4831ae6269d161
96bd12fa872c60925e262ff82e9cde8dd531e5b1d1887f9c4dc059199cea1750
Analyzer Verdict Alert openphish Apple Inc.
GET /login/aid_logo@2x.png HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/png
content-length: 3997
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-f9d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/core/form/core_form.js
109.71.253.24200 OK 568 kB URL HTTP/2 web9254.web07.bero-webspace.de/core/form/core_form.js
IP 109.71.253.24:0
File type ASCII text, with very long lines (8874)
Size 568 kB (567773 bytes)
Hash 88fba98070a5a1c96892463760b47861
c6460dd67e2cdfddcc8c01a644e9c4b18ff15807
078394c7b627861dc176ad28eaa4ec2de0a33c0b1d4950076eb2768fb1c8b3fd
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /core/form/core_form.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Wed, 06 May 2020 18:20:18 GMT
etag: W/"5eb2ffe2-6933"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/fonts.css
109.71.253.24200 OK 198 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/fonts.css
IP 109.71.253.24:0
File type Unicode text, UTF-8 text, with CRLF, LF line terminators
Size 198 kB (198267 bytes)
Hash 632cacc7433c74c16c6bad5208af5dae
1320054e41f4ab034bdbea46d2a16ca37024557d
14e9516297811cdab1fa5d3b3a2c785e1f57a566707d3fdd9d6c881fbc5ad33b
Analyzer Verdict Alert openphish Apple Inc.
GET /login/fonts.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-2fbe"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/ng/ng.js?v=6393d0659cc52
109.71.253.24200 OK 11 kB URL HTTP/2 web9254.web07.bero-webspace.de/login/ng/ng.js?v=6393d0659cc52
IP 109.71.253.24:0
Hash a759364991c1f9045773fc286cf89412
1b86b84d65ed502ecde748bd1544e84b3320a314
540b22c46f9774ce87f9be046deea5d0ba49435ae01f65c5616dda97aaff8d4a
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/ng/ng.js?v=6393d0659cc52 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Sat, 02 May 2020 18:36:26 GMT
etag: W/"5eadbdaa-16d4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 61531
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a2b4c44cc196e1f4263a895ef54e6650
c5cea524045b3394c1dfe5e5fcac4637416f8587
e31f4b95811c01b2f2f181e11b7a8e1b4c57c3c7fc067c304e8dacc6fb176442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3963
x-amzn-requestid: f067a6cf-758c-4c35-be64-3970b690ea7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5e7VHdnoAMF0Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ab7b-485a18b738763b2029f6c653;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:41:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s34c1vAKHso9NwDfhOn5053VIDeRGdwNscoMDkkfcNx95irwIB9Hrg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:23 GMT
age: 8663
etag: "c5cea524045b3394c1dfe5e5fcac4637416f8587"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 44ee520c9a084ee2a04638b6abbb2b0b
ed170b8b964db1163e02c21fe4e9dbfe58e9d42d
e4f33f6556c414b498f99d6b43c4d94fa15e9b235596647d4a8513c78c21e6eb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5302
x-amzn-requestid: ababe39a-ea1a-4a20-9de4-ad71500d9c59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWE-eoAMFZJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-19c2e2c1445527c13b4b66e0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w2vv_xDK6MNt2CX1nqsqt9mRjSOPMxVNrar2XcR44gJPtC0vaK68sg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:48:59 GMT
age: 5387
etag: "ed170b8b964db1163e02c21fe4e9dbfe58e9d42d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa7dc969-e455-4530-98cb-51f59a291532.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa7dc969-e455-4530-98cb-51f59a291532.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4b1e76689036da0767b475294169149
7c27783f10e44b5c575616feafc6cae87beb916f
52170edde4c4494252ff0c830f21e20a62b2dfc30df2fab5feef5db9d26cf0bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa7dc969-e455-4530-98cb-51f59a291532.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6947
x-amzn-requestid: 365129c8-2e68-4a0d-8a1e-935d01cd2f0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNUH6ooAMF5BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa55-4182ddcb68b36bf624d758e3;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dFZzPhvzdz_SnEOa6sSy8DY0R-qnACOezHXN84OSOtPzqlyQKnZ8dw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:28:48 GMT
age: 6598
etag: "7c27783f10e44b5c575616feafc6cae87beb916f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf8a350a-c007-4620-b1d6-db700eab84a1.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf8a350a-c007-4620-b1d6-db700eab84a1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 96546d2bb2ce3e7746fcd882a65abb43
b49a885ef2b73191abcbb6f56e839b94aaafd556
ad90c8ecbcee56417a3da824e5a2c2be811e687467f953f9d23a8e2456a2755a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf8a350a-c007-4620-b1d6-db700eab84a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: a473f123-34cf-4c43-b01f-c9aec84df6eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czEZHFeQIAMFp5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911aa0-78b1466c6faa4d0c20dc61b0;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:58:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SUiLcs9cM_Q2oag4xs_Wo3Tya66gJQe5A3eoFoXBGQzXfDGGroojSw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:03:49 GMT
age: 8097
etag: "b49a885ef2b73191abcbb6f56e839b94aaafd556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9f369c6-4ce5-4eaa-9070-5c8609b145d1.png
34.120.237.76200 OK 3.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9f369c6-4ce5-4eaa-9070-5c8609b145d1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f812f19fa34380de62bc57a879fa24f
102e8572c0ec9be444a976a6ac79e7d389651c46
07a0114317594dff40692d964fdeca4cf22e4324546866042c8712577346d107
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9f369c6-4ce5-4eaa-9070-5c8609b145d1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3924
x-amzn-requestid: b211e655-f36c-44c1-b316-5bdeea6b0921
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMHG4ZoAMFSHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4d-75cd56ea0479970e3be4275e;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DB4kdpnob3tyFg5JwkA3zxfZzZUpHhOir1ltQklWOR2YjAZRfg43MQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:04 GMT
age: 8682
etag: "102e8572c0ec9be444a976a6ac79e7d389651c46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3aa5c262-0114-433f-bea5-d75296b8bcd2.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3aa5c262-0114-433f-bea5-d75296b8bcd2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ccbd106eb57e1a4f6d60408118fe2dd
cc916150425f00b44ede3ec473e3e248afabaf8d
740c62dfdd20f2fb7270ea602825ba7eaad99c4fe5ab8d726072909c6b73c87f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3aa5c262-0114-433f-bea5-d75296b8bcd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9209
x-amzn-requestid: a740ddf7-5325-4ac1-a694-aaa3d4345fe4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNUGIroAMFdlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa55-08856c7b0757108a5c6811c9;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1MetqwAsoOgTEJAPG8IneF4rj2579sLBLD_gw-745LeAncWCHW6J2Q==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:04:54 GMT
age: 8038
etag: "cc916150425f00b44ede3ec473e3e248afabaf8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/favicon.ico
109.71.253.24404 Not Found 0 B URL HTTP/2 web9254.web07.bero-webspace.de/favicon.ico
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
GET /favicon.ico HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/
Cookie: real=OK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 10 Dec 2022 00:18:44 GMT
content-type: text/html
last-modified: Mon, 05 Dec 2022 00:21:38 GMT
etag: W/"328-5ef09abc013ff"
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/idnex_1.css
109.71.253.24200 OK 0 B URL HTTP/2 web9254.web07.bero-webspace.de/login/idnex_1.css
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
GET /login/idnex_1.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:23:24 GMT
etag: W/"5eac5b0c-c06"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/home.php?pl=token&link=apple2020&bid=320a64d46662268b9d3f3a0ff6518077&callback=jQuery32109106526075822339_1670631524635&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670631524639
109.71.253.24200 OK 0 B URL HTTP/2 web9254.web07.bero-webspace.de/home.php?pl=token&link=apple2020&bid=320a64d46662268b9d3f3a0ff6518077&callback=jQuery32109106526075822339_1670631524635&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670631524639
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
GET /home.php?pl=token&link=apple2020&bid=320a64d46662268b9d3f3a0ff6518077&callback=jQuery32109106526075822339_1670631524635&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670631524639 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:51 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/bower_components/font-awesome/css/font-awesome.min.css
109.71.253.24200 OK 0 B URL HTTP/2 web9254.web07.bero-webspace.de/bower_components/font-awesome/css/font-awesome.min.css
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
GET /bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Sun, 09 Apr 2017 10:29:24 GMT
etag: W/"58ea0d04-7918"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/token/token.js?v=6393d0659cc53
109.71.253.24200 OK 0 B URL HTTP/2 web9254.web07.bero-webspace.de/login/token/token.js?v=6393d0659cc53
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/token/token.js?v=6393d0659cc53 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Wed, 06 May 2020 17:27:50 GMT
etag: W/"5eb2f396-535"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/core/token/core_token.js
109.71.253.24200 OK 0 B URL HTTP/2 web9254.web07.bero-webspace.de/core/token/core_token.js
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /core/token/core_token.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Mon, 04 May 2020 03:54:06 GMT
etag: W/"5eaf91de-2902"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/app.css
109.71.253.24200 OK 0 B URL HTTP/2 web9254.web07.bero-webspace.de/login/app.css
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
GET /login/app.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Sat, 02 May 2020 18:33:52 GMT
etag: W/"5eadbd10-63f32"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
web9254.web07.bero-webspace.de/login/form/form.js?v=6393d0659cc50
109.71.253.24200 OK 0 B URL HTTP/2 web9254.web07.bero-webspace.de/login/form/form.js?v=6393d0659cc50
IP 109.71.253.24:0
Analyzer Verdict Alert openphish Apple Inc.
fortinet Phishing
GET /login/form/form.js?v=6393d0659cc50 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Sat, 02 May 2020 18:42:38 GMT
etag: W/"5eadbf1e-c43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2