Report - web9254.web07.bero-webspace.de/

Report Overview

Submitted URL
web9254.web07.bero-webspace.de/
IP
109.71.253.24
ASN
#44486 SYNLINQ
Submitted
2022-12-10 00:18:55
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
112

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.42.74.230
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	51 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
web9254.web07.bero-webspace.de	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	21 kB	1.9 MB	109.71.253.24
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.
2022-12-09	medium	web9254.web07.bero-webspace.de/	Apple Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-10	medium	web9254.web07.bero-webspace.de/	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077?	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/image_large-4.svg	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/image_large.svg	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/form/form.js?v=6393d06527df0	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/image_large-3.svg	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/sf-pro-text_regular.woff2	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/image_large-8.svg	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/sf-pro-display_semibold.woff2	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/SFProIcons_regular.woff	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/sf-pro-text_regular-italic.woff2	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/sf-pro-text_semibold.woff2	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/core/form/core_form.js	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/ng/ng.js?v=6393d0659cc52	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/token/token.js?v=6393d0659cc53	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/core/token/core_token.js	Phishing
2022-12-10	medium	web9254.web07.bero-webspace.de/login/form/form.js?v=6393d0659cc50	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	web9254.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js	17 kB	2023-03-07	2024-04-19
Pretty URL web9254.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-04-19 23:46:08 Times Seen666 Hash e0ae48c8ebbe57edeacb5b02f16d0df9 0c5a29a88add39486162e0c16f23e2e06fc7842e 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896 Loading...

	web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?	453 B	2023-03-09	2023-03-09
Pretty URL web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/? IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-03-09 00:38:43 Times Seen1 Hash bc25a6953a00b3130c85343c0bc47712 373c614aa9ea6c4d5c11cf29566bf1d4e6d67412 c208177165689256d9d0e0961d877d860446c8e3671aff01b1f88d2b65bbc4ce Loading...

	web9254.web07.bero-webspace.de/bower_components/angular/angular.min.js	169 kB	2023-03-07	2024-04-17
Pretty URL web9254.web07.bero-webspace.de/bower_components/angular/angular.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-04-17 21:52:49 Times Seen427 Hash 4c619ef91e3fa3f1d4813db2b2eb738d c5f77156c6f5397be71914eb80d8f998ea1279e7 35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27 Loading...

	web9254.web07.bero-webspace.de/	109 B	2023-03-09	2023-03-09
Pretty URL web9254.web07.bero-webspace.de/ IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-03-09 00:38:43 Times Seen1 Hash 45cc55d79ade48e29705a6e796c093a2 e5c80e4442fab6abe067ffaa1f6be9dece87337c d5374398e4f471c998c4793e21586b642e687780b60e0378af7b1dd326918c16 Loading...

	web9254.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-04-20
Pretty URL web9254.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-20 00:25:31 Times Seen61211 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	web9254.web07.bero-webspace.de/core/token/core_token.js	10 kB	2023-03-09	2023-05-06
Pretty URL web9254.web07.bero-webspace.de/core/token/core_token.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-05-06 08:39:09 Times Seen11 Hash 3c3d7d870938a714bc220e3b1021ef81 10f1a701e9d5501602153203baccd361536e6c4a ed0275d8961011afe17b73f24f6c3e3e58ede0973aefaf690145c0eed62041aa Loading...

	web9254.web07.bero-webspace.de/core/form/core_form.js	27 kB	2023-03-09	2023-05-06
Pretty URL web9254.web07.bero-webspace.de/core/form/core_form.js IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-05-06 08:39:09 Times Seen11 Hash 8ac2961d4887305654a2632e26315464 c0c740dfdaffbd80a5e95d5ae1cbd8e22f768e46 b2513df157bbb116fe2336c5b129c25e8323f9762f4cc544db47a8ae7672cb9f Loading...

	web9254.web07.bero-webspace.de/login/ng/ng.js?v=6393d0659cc52	5.8 kB	2023-03-09	2023-06-18
Pretty URL web9254.web07.bero-webspace.de/login/ng/ng.js?v=6393d0659cc52 IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-06-18 02:53:34 Times Seen13 Hash 6604bc164bd7a2936a760d7285c86d1e 94f3f7638e93885d412903b6180776dd48a86847 97a6fa970c08f7b3679fc97cbfe60b59c4981b4998d3104ba41c8f8616c01364 Loading...

	web9254.web07.bero-webspace.de/login/token/token.js?v=6393d0659cc53	1.3 kB	2023-03-09	2023-06-18
Pretty URL web9254.web07.bero-webspace.de/login/token/token.js?v=6393d0659cc53 IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-06-18 02:53:34 Times Seen13 Hash 1800460ee6dee45d475e1b31cf2b48bb 2afd3738ff271339af8940b0c089ce3d5cc22aaa e49a6f4bd4cc4afa5c49bec74084f30717cfb64246d7c9ff3ab83c3dced228b9 Loading...

	web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-09	2023-03-09
Pretty URL web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-03-09 00:38:43 Times Seen1 Hash 48d6d7cfdc9212207004b8d39183cb52 9b5e53092c0ecef66a3389ff04b94e4938cd7856 975ae91a29f65b4473299be392f5885cb59b3369b49f0e70f9ed2b7168e16c61 Loading...

	web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-09	2023-03-09
Pretty URL web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-03-09 00:38:43 Times Seen1 Hash 1ed41669535ed02664636c80c07b5cbe f82097ce9ca0596c062a146ce54cb075e646560e b6450f978d74cd7bdadc8555ac85fc0c8826ffe3bbc48036681e4b042bd5d19c Loading...

	web9254.web07.bero-webspace.de/login/form/form.js?v=6393d06527df0	3.1 kB	2023-03-09	2023-06-18
Pretty URL web9254.web07.bero-webspace.de/login/form/form.js?v=6393d06527df0 IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-06-18 02:53:34 Times Seen19 Hash 6f303a5b51afc8d7ac332707c506c173 9c3d60ca2b5b53092c57d8dba4a8701f8f759ca9 6c0246b347b19f258f7f793e8e6a64f0775f93e87150f3a8fa55b4acdbddb61b Loading...

	web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?	159 B	2023-03-09	2023-06-18
Pretty URL web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/? IP 109.71.253.24 ASN #44486 SYNLINQ Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:38:43 Last Seen2023-06-18 02:53:34 Times Seen7 Hash 6a091f04b06b9baa03faa837dd19d359 06bd2bc20eb56315bf42298fbcbef1b7a7c39277 f9e22cbce72d65e316223bb496c2a916b842e2e5f4a936cc2f193b0f36086760 Loading...

HTTP Transactions (59)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12465
Expires: Sat, 10 Dec 2022 03:46:28 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2299
Expires: Sat, 10 Dec 2022 00:57:02 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 23:33:15 GMT
content-type: application/json
age: 2728
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9128
Expires: Sat, 10 Dec 2022 02:50:51 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: F6ZoF5qyrNFnMeyvGwoL25fUxiearqsW9VMByfOENO5Ew1vfwK3VYgOp6Y4xyietRzTg1x6F/MM=
x-amz-request-id: N99TEA7RMRWEZ3S7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 23:50:27 GMT
age: 1696
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
70f0b6d58abe839099ebffbaba883e10
f231d688ebb6cbd71b13a1fa807253d347cd881d
80358da14b70974e4de31d349c2d21f16c0bdb7049fa50939976f5167d67ccf9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80358DA14B70974E4DE31D349C2D21F16C0BDB7049FA50939976F5167D67CCF9"
Last-Modified: Wed, 07 Dec 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13881
Expires: Sat, 10 Dec 2022 04:10:04 GMT
Date: Sat, 10 Dec 2022 00:18:43 GMT
Connection: keep-alive

web9254.web07.bero-webspace.de/

109.71.253.24

200 OK

453 B

URL HTTP/2
web9254.web07.bero-webspace.de/
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
453 B (453 bytes)
Hash
40dd9d607719e0bb19bbe5ddbadba05f
51f2d273e0061dfebfdbeae2aef22a84eaa17436
f3c02b5c14cd08281cdd2c24e1240530cf0dd9fc3a4cbd0be9e6ca07c74b5642

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:43 GMT
content-type: text/html; charset=UTF-8
content-length: 453
set-cookie: real=OK
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 10 Dec 2022 00:07:55 GMT
age: 649
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4581
Cache-Control: max-age=122672
Content-Type: application/ocsp-response
Date: Sat, 10 Dec 2022 00:18:44 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 10:23:16 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.42.74.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.74.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 23HdoFViYyMevGjliKsidw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Hx66yxr+GXmkiQfXfc2HJYKEPRU=

web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077?

109.71.253.24

301 Moved Permanently

369 B

URL HTTP/2
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077?
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
369 B (369 bytes)
Hash
9a72c6cc311b626e486e757a2ec3b441
b7988fa8dc2453c819f7435fbf2617a3dffed64f
82b0213377ccfd54c71215c8986649d48a8cefff955058f034da2871b63e9abc

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077? HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 10 Dec 2022 00:18:44 GMT
content-type: text/html; charset=iso-8859-1
content-length: 369
location: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/?
x-powered-by: PleskLin
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/?

109.71.253.24

302 Found

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/?
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077/? HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web9254.web07.bero-webspace.de/
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: nginx
date: Sat, 10 Dec 2022 00:18:44 GMT
content-type: text/html; charset=UTF-8
content-length: 0
set-cookie: bid=320a64d46662268b9d3f3a0ff6518077; expires=Mon, 09-Jan-2023 00:18:44 GMT; Max-Age=2592000; path=/
location: login/?
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?

109.71.253.24

200 OK

3.6 kB

URL HTTP/2
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (624)
Size
3.6 kB (3634 bytes)
Hash
6f25a22ab1b4dd139e3fb117558cfbd5
9ef1b345a554a08a93961d87748f30bd3cddc031
30b2a3156c9ce234cd20a3c8ab4b0d4685318b787203489d9c1f9bb56ffc654b

HTTP Headers

GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/? HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web9254.web07.bero-webspace.de/
Connection: keep-alive
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/html; charset=UTF-8
content-length: 3634
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/form/css.css

109.71.253.24

200 OK

170 B

URL HTTP/2
web9254.web07.bero-webspace.de/login/form/css.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
170 B (170 bytes)
Hash
43cde8a2a2dab0fda7077cc54921ecf7
24758e59cbd72bbd0e514168d07e047629351cca
37ea3144d673d96fffab505fc77eb26ded12c3fb0a4efe77180d26a11ffa6939

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/form/css.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
content-length: 170
x-accel-version: 0.01
last-modified: Sat, 02 May 2020 18:47:44 GMT
etag: "f1-5a4aebbb4b400-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/image_large-4.svg

109.71.253.24

200 OK

554 B

URL HTTP/2
web9254.web07.bero-webspace.de/login/image_large-4.svg
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (554), with no line terminators
Size
554 B (554 bytes)
Hash
5465cc591da2ac562ae16bb33f3575b8
a4d805677d0ca6aa4041c0fa06ad2f9cb37551c7
1e281e5d429981905e0c937ed7b9ca93559569504d49640c494aae8da7c58ef5

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/image_large-4.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 554
x-accel-version: 0.01
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "22a-5a499331c5680"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/image_large.svg

109.71.253.24

200 OK

1.7 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/image_large.svg
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
1.7 kB (1694 bytes)
Hash
6bb5a35f8ff457e2f8b345bd6597e2e4
6f69f11b5c66326f2e4b63c8276195653c79a137
d577c9d1bad004bdabb9d0995cec0714e98b76e6053f2765ed09c23de6f328b0

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/image_large.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 1694
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-69e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js

109.71.253.24

200 OK

7.1 kB

URL HTTP/2
web9254.web07.bero-webspace.de/bower_components/ua-parser-js/dist/ua-parser.min.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text, with very long lines (16817)
Size
7.1 kB (7129 bytes)
Hash
34764e5c02b533630d6bcf080ab5f456
383124b368c1bed833751775af306af8839fbeb3
2d99fbc979eec2d9d321074a63f51871454c9dd351591e2e09059a66f8056c82

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Thu, 12 Oct 2017 14:16:24 GMT
etag: W/"59df7938-4298"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/form/form.js?v=6393d06527df0

109.71.253.24

200 OK

1.9 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/form/form.js?v=6393d06527df0
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
1.9 kB (1876 bytes)
Hash
791eb7c3282911bff8c3482d44433bad
81b2471350a1a734c121c4aef216faf23943d55c
44a45f4b2f3e7c51f4eed98c41df6165ec6944c53795a018b90b6c75db07c770

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/form/form.js?v=6393d06527df0 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Sat, 02 May 2020 18:42:38 GMT
etag: W/"5eadbf1e-c43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/core/form/core_form.css

109.71.253.24

200 OK

1.8 kB

URL HTTP/2
web9254.web07.bero-webspace.de/core/form/core_form.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
1.8 kB (1827 bytes)
Hash
b1eda2f916115795eee15a0eeab2ffbc
2a53532ca32ddeb7e58bc5fbb523aee2832707be
185fedbc6e0c3afbcc938d7d6b5dadaea303a92d9a8b0af5ee144e3ea16719dd

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /core/form/core_form.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Wed, 06 May 2020 17:48:30 GMT
etag: W/"5eb2f86e-b49"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/app-eyebrow.css

109.71.253.24

200 OK

26 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/app-eyebrow.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text, with very long lines (64864), with no line terminators
Size
26 kB (26346 bytes)
Hash
3f7857923af0ea0847e7c9097e0bcae9
ad5fb0d13580a38bb871652a1366f39482daa973
321b437e7793c40705ff22ead74959a06ba42d3e403cb6b52c6998e4397151fc

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/app-eyebrow.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-55d73"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js

109.71.253.24

200 OK

30 kB

URL HTTP/2
web9254.web07.bero-webspace.de/bower_components/jquery/dist/jquery.min.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (32058)
Size
30 kB (29641 bytes)
Hash
da27b87c0409127494a7fd42deccadeb
a1862bb515de8b2cef71a8739e5e681ed2a784a8
e15237a9f876e600308aeebc453faa78b7c10d4da86c874befd835758cd9e6dd

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Mon, 05 Jun 2017 09:55:06 GMT
etag: W/"59352a7a-15283"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/image_large-3.svg

109.71.253.24

200 OK

1.7 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/image_large-3.svg
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1661), with no line terminators
Size
1.7 kB (1661 bytes)
Hash
52a5a165c8306386b352ac17162dfa27
d6e74d86852625275e44fcd469626eef00a5b847
db645e8610c56a69be65cf9cf0ceebbb20bc505f1b91661b1617f8f7f26dbfc9

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/image_large-3.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 1661
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-67d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/ac-globalfooter.built.css

109.71.253.24

200 OK

5.5 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/ac-globalfooter.built.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text, with very long lines (43249)
Size
5.5 kB (5516 bytes)
Hash
45737b7f368562d8bb65bc5baa506d3b
35a78666351a1d37fc1f652e8a678ee0a991f6ab
03c47586275e937c700178fd7f69b6db5174c7a9673545a89d66b55203516874

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/ac-globalfooter.built.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-a998"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/app_icons@2x.png

109.71.253.24

200 OK

30 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/app_icons@2x.png
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
PNG image data, 1312 x 136, 8-bit colormap, non-interlaced\012- data
Size
30 kB (29982 bytes)
Hash
d9853b24ef078d487b542ed06655688c
53d40bb9f531ed8d337881e5dbdc1836f1f6e711
2f1cd57b13f6da9ea0610baa24c660ed5ae99bec708acd0c263b2fbd0cb2e59d

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/app_icons@2x.png HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/app-eyebrow.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/png
content-length: 29982
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-751e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/ac-globalnav.built.css

109.71.253.24

200 OK

10 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (65536), with no line terminators
Size
10 kB (10339 bytes)
Hash
c17ff44828da4e80cb2fa6d896ba7094
20394f1bf515e39010b12330884f205995811a02
d2a8c6d18ff3153578a8ea93b94bb6e8fd32b97f9df5484e6e1b56fba06a061b

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/ac-globalnav.built.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-18555"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/sf-pro-text_regular.woff2

109.71.253.24

200 OK

156 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/sf-pro-text_regular.woff2
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format (Version 2), TrueType, length 155504, version 1.0\012- data
Size
156 kB (155504 bytes)
Hash
4487d81faed77dca1eedb32fe8874ce6
aa519492c8d0b48c5dbb6812b84948fcebef569b
78f1a8f3787f77f7ab4fcbb12c87f5cd412556c04991cdadaacddcd9b5a3e68a

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/sf-pro-text_regular.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 155504
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-25f70"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/CZEflag.png

109.71.253.24

404 Not Found

170 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/CZEflag.png
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
170 kB (169726 bytes)
Hash
f0d93c3397865a68316d43de11b4af39
9de7042dda371b49c120152a87301eb51f65677c
31eb1d6ca19f90e8dae3825d40aa23f561a6adff6167c86850280af667a598d3

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/CZEflag.png HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/html
last-modified: Mon, 05 Dec 2022 00:21:38 GMT
etag: W/"328-5ef09abc013ff"
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/index.css

109.71.253.24

200 OK

198 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/index.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
198 kB (197523 bytes)
Hash
af2f54f95ba0b397931c423d7dad8a5f
ad810845122724e44d576d5771415e25df408bfe
56f3c0bdb7073194a3d527a5f358f1a87aeb51a2c193c7325e0def5728232c5d

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/index.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:17:24 GMT
etag: W/"5eac59a4-e61"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/image_large-8.svg

109.71.253.24

200 OK

707 B

URL HTTP/2
web9254.web07.bero-webspace.de/login/image_large-8.svg
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text
Size
707 B (707 bytes)
Hash
c3671f1609026359787b8d8cdeb77c28
c1c548f809fd0323a821474955e3c9c4d9bf8e6a
4209a6165a7b44b64f4a2b7bae04d1eac5367dcb03e823d9836bdaddfac5491a

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/image_large-8.svg HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/ac-globalnav.built.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/svg+xml
content-length: 707
x-accel-version: 0.01
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "2c3-5a499331c5680"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/sf-pro-display_semibold.woff2

109.71.253.24

200 OK

154 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/sf-pro-display_semibold.woff2
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format (Version 2), TrueType, length 154460, version 1.0\012- data
Size
154 kB (154460 bytes)
Hash
87746eade3e253a4627cbfb7b623e0c2
cf2cdaff548f56cbed177496fc648e6abfb42d4d
f1106e805d9becbfc348fdecb2183031e7d0699057a2474a53818769fa54c9e1

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/sf-pro-display_semibold.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 154460
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-25b5c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/SFProIcons_regular.woff

109.71.253.24

200 OK

10 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/SFProIcons_regular.woff
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format, TrueType, length 10380, version 1.0\012- data
Size
10 kB (10380 bytes)
Hash
9caca193fe7bff016ef17e26937711d9
121e523fe8f27d18017c2f7a056f2f14bf43bfc9
3b7d2b4c5417a697678081ed3b344955f0b25e694171178b0c01e029b4a18e8b

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/SFProIcons_regular.woff HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff
content-length: 10380
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-288c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/sf-pro-text_regular-italic.woff2

109.71.253.24

200 OK

106 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/sf-pro-text_regular-italic.woff2
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format (Version 2), TrueType, length 105772, version 1.0\012- data
Size
106 kB (105772 bytes)
Hash
20cc9827afffc719fe0d7129d2f2f0e1
1246fd2fe187388725247b3a757975d2e2dc1725
eac59ea281b80a72c8c08f89e8f0c496e1fb2321b5ac5092c895cd21684d4e47

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/sf-pro-text_regular-italic.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 105772
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-19d2c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/sf-pro-text_semibold.woff2

109.71.253.24

200 OK

170 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/sf-pro-text_semibold.woff2
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Web Open Font Format (Version 2), TrueType, length 169880, version 1.0\012- data
Size
170 kB (169880 bytes)
Hash
09fb0327ff81b3186001b2ed71717a31
72cfbb4127e0a8f8e7341d26229a9c91f25cf791
970e676c52b275a819ab9170ec4427370cc6c7033aa2e6b0b9cb71b977b72542

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/sf-pro-text_semibold.woff2 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/login/fonts.css
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: font/woff2
content-length: 169880
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-29798"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php

109.71.253.24

200 OK

2.1 kB

URL HTTP/2
web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (412)
Size
2.1 kB (2098 bytes)
Hash
e877f7042eaec4d91058ced0b316ca6c
c2f67c9329cc7f3f53f1d66c7032de64ce5783e7
d4b6a16dfd30020642b41c72e2c4cc5f955891a1578b681338fb9358e160ce4d

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/html; charset=UTF-8
content-length: 2098
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/favicon.ico

109.71.253.24

200 OK

9.1 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/favicon.ico
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\012- data
Size
9.1 kB (9062 bytes)
Hash
28ec4eaba5ae210b98a11257caf5bade
6164148a39d6a27286641896fce3b76f439aeab1
3f5086612aae9363c9fb02949219cef19854c18fe5ad4eda78aa1aefcc79cc71

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/favicon.ico HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/vnd.microsoft.icon
content-length: 9062
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-2366"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/aid_logo@2x.png

109.71.253.24

200 OK

4.0 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/aid_logo@2x.png
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
PNG image data, 420 x 112, 8-bit colormap, non-interlaced\012- data
Size
4.0 kB (3997 bytes)
Hash
b4078eac966b821303e7dd5c64918cb5
8942c5c68a7b16459b1e76749d4831ae6269d161
96bd12fa872c60925e262ff82e9cde8dd531e5b1d1887f9c4dc059199cea1750

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/aid_logo@2x.png HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: image/png
content-length: 3997
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: "5eac570a-f9d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/core/form/core_form.js

109.71.253.24

200 OK

568 kB

URL HTTP/2
web9254.web07.bero-webspace.de/core/form/core_form.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text, with very long lines (8874)
Size
568 kB (567773 bytes)
Hash
88fba98070a5a1c96892463760b47861
c6460dd67e2cdfddcc8c01a644e9c4b18ff15807
078394c7b627861dc176ad28eaa4ec2de0a33c0b1d4950076eb2768fb1c8b3fd

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /core/form/core_form.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Wed, 06 May 2020 18:20:18 GMT
etag: W/"5eb2ffe2-6933"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/fonts.css

109.71.253.24

200 OK

198 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/fonts.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
198 kB (198267 bytes)
Hash
632cacc7433c74c16c6bad5208af5dae
1320054e41f4ab034bdbea46d2a16ca37024557d
14e9516297811cdab1fa5d3b3a2c785e1f57a566707d3fdd9d6c881fbc5ad33b

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/fonts.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:06:18 GMT
etag: W/"5eac570a-2fbe"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/ng/ng.js?v=6393d0659cc52

109.71.253.24

200 OK

11 kB

URL HTTP/2
web9254.web07.bero-webspace.de/login/ng/ng.js?v=6393d0659cc52
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type
ASCII text
Size
11 kB (10944 bytes)
Hash
a759364991c1f9045773fc286cf89412
1b86b84d65ed502ecde748bd1544e84b3320a314
540b22c46f9774ce87f9be046deea5d0ba49435ae01f65c5616dda97aaff8d4a

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/ng/ng.js?v=6393d0659cc52 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Sat, 02 May 2020 18:36:26 GMT
etag: W/"5eadbdaa-16d4"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7170
Expires: Sat, 10 Dec 2022 02:18:16 GMT
Date: Sat, 10 Dec 2022 00:18:46 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 61531
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3963 bytes)
Hash
a2b4c44cc196e1f4263a895ef54e6650
c5cea524045b3394c1dfe5e5fcac4637416f8587
e31f4b95811c01b2f2f181e11b7a8e1b4c57c3c7fc067c304e8dacc6fb176442

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32378252-8233-4d6b-b3d2-720e3ac2d0bd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3963
x-amzn-requestid: f067a6cf-758c-4c35-be64-3970b690ea7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5e7VHdnoAMF0Tg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393ab7b-485a18b738763b2029f6c653;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:41:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s34c1vAKHso9NwDfhOn5053VIDeRGdwNscoMDkkfcNx95irwIB9Hrg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:23 GMT
age: 8663
etag: "c5cea524045b3394c1dfe5e5fcac4637416f8587"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5302 bytes)
Hash
44ee520c9a084ee2a04638b6abbb2b0b
ed170b8b964db1163e02c21fe4e9dbfe58e9d42d
e4f33f6556c414b498f99d6b43c4d94fa15e9b235596647d4a8513c78c21e6eb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c73a9d6-0f56-4366-b9bd-119b0034c1aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5302
x-amzn-requestid: ababe39a-ea1a-4a20-9de4-ad71500d9c59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWE-eoAMFZJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-19c2e2c1445527c13b4b66e0;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w2vv_xDK6MNt2CX1nqsqt9mRjSOPMxVNrar2XcR44gJPtC0vaK68sg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:48:59 GMT
age: 5387
etag: "ed170b8b964db1163e02c21fe4e9dbfe58e9d42d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa7dc969-e455-4530-98cb-51f59a291532.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6947 bytes)
Hash
e4b1e76689036da0767b475294169149
7c27783f10e44b5c575616feafc6cae87beb916f
52170edde4c4494252ff0c830f21e20a62b2dfc30df2fab5feef5db9d26cf0bc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa7dc969-e455-4530-98cb-51f59a291532.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6947
x-amzn-requestid: 365129c8-2e68-4a0d-8a1e-935d01cd2f0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNUH6ooAMF5BQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa55-4182ddcb68b36bf624d758e3;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dFZzPhvzdz_SnEOa6sSy8DY0R-qnACOezHXN84OSOtPzqlyQKnZ8dw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:28:48 GMT
age: 6598
etag: "7c27783f10e44b5c575616feafc6cae87beb916f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf8a350a-c007-4620-b1d6-db700eab84a1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6342 bytes)
Hash
96546d2bb2ce3e7746fcd882a65abb43
b49a885ef2b73191abcbb6f56e839b94aaafd556
ad90c8ecbcee56417a3da824e5a2c2be811e687467f953f9d23a8e2456a2755a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbf8a350a-c007-4620-b1d6-db700eab84a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: a473f123-34cf-4c43-b01f-c9aec84df6eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czEZHFeQIAMFp5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911aa0-78b1466c6faa4d0c20dc61b0;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:58:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SUiLcs9cM_Q2oag4xs_Wo3Tya66gJQe5A3eoFoXBGQzXfDGGroojSw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:03:49 GMT
age: 8097
etag: "b49a885ef2b73191abcbb6f56e839b94aaafd556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9f369c6-4ce5-4eaa-9070-5c8609b145d1.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3924 bytes)
Hash
2f812f19fa34380de62bc57a879fa24f
102e8572c0ec9be444a976a6ac79e7d389651c46
07a0114317594dff40692d964fdeca4cf22e4324546866042c8712577346d107

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9f369c6-4ce5-4eaa-9070-5c8609b145d1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3924
x-amzn-requestid: b211e655-f36c-44c1-b316-5bdeea6b0921
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMHG4ZoAMFSHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4d-75cd56ea0479970e3be4275e;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DB4kdpnob3tyFg5JwkA3zxfZzZUpHhOir1ltQklWOR2YjAZRfg43MQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 21:54:04 GMT
age: 8682
etag: "102e8572c0ec9be444a976a6ac79e7d389651c46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3aa5c262-0114-433f-bea5-d75296b8bcd2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.2 kB (9209 bytes)
Hash
4ccbd106eb57e1a4f6d60408118fe2dd
cc916150425f00b44ede3ec473e3e248afabaf8d
740c62dfdd20f2fb7270ea602825ba7eaad99c4fe5ab8d726072909c6b73c87f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3aa5c262-0114-433f-bea5-d75296b8bcd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 9209
x-amzn-requestid: a740ddf7-5325-4ac1-a694-aaa3d4345fe4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eNUGIroAMFdlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa55-08856c7b0757108a5c6811c9;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1MetqwAsoOgTEJAPG8IneF4rj2579sLBLD_gw-745LeAncWCHW6J2Q==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 22:04:54 GMT
age: 8038
etag: "cc916150425f00b44ede3ec473e3e248afabaf8d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/favicon.ico

109.71.253.24

404 Not Found

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/favicon.ico
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/
Cookie: real=OK
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Sat, 10 Dec 2022 00:18:44 GMT
content-type: text/html
last-modified: Mon, 05 Dec 2022 00:21:38 GMT
etag: W/"328-5ef09abc013ff"
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/idnex_1.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/login/idnex_1.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/idnex_1.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Fri, 01 May 2020 17:23:24 GMT
etag: W/"5eac5b0c-c06"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/home.php?pl=token&link=apple2020&bid=320a64d46662268b9d3f3a0ff6518077&callback=jQuery32109106526075822339_1670631524635&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670631524639

109.71.253.24

200 OK

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/home.php?pl=token&link=apple2020&bid=320a64d46662268b9d3f3a0ff6518077&callback=jQuery32109106526075822339_1670631524635&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670631524639
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /home.php?pl=token&link=apple2020&bid=320a64d46662268b9d3f3a0ff6518077&callback=jQuery32109106526075822339_1670631524635&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1670631524639 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077; lng=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:51 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/bower_components/font-awesome/css/font-awesome.min.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/bower_components/font-awesome/css/font-awesome.min.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/?
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Sun, 09 Apr 2017 10:29:24 GMT
etag: W/"58ea0d04-7918"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/token/token.js?v=6393d0659cc53

109.71.253.24

200 OK

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/login/token/token.js?v=6393d0659cc53
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/token/token.js?v=6393d0659cc53 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Wed, 06 May 2020 17:27:50 GMT
etag: W/"5eb2f396-535"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/core/token/core_token.js

109.71.253.24

200 OK

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/core/token/core_token.js
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /core/token/core_token.js HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Mon, 04 May 2020 03:54:06 GMT
etag: W/"5eaf91de-2902"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/app.css

109.71.253.24

200 OK

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/login/app.css
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.

HTTP Headers

GET /login/app.css HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: text/css
last-modified: Sat, 02 May 2020 18:33:52 GMT
etag: W/"5eadbd10-63f32"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

web9254.web07.bero-webspace.de/login/form/form.js?v=6393d0659cc50

109.71.253.24

200 OK

0 B

URL HTTP/2
web9254.web07.bero-webspace.de/login/form/form.js?v=6393d0659cc50
IP
109.71.253.24:0
ASN
#44486 SYNLINQ

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	Apple Inc.
fortinet	Phishing

HTTP Headers

GET /login/form/form.js?v=6393d0659cc50 HTTP/1.1
Host: web9254.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web9254.web07.bero-webspace.de/a1b2c3/320a64d46662268b9d3f3a0ff6518077/login/index_1.php
Cookie: real=OK; bid=320a64d46662268b9d3f3a0ff6518077
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Dec 2022 00:18:45 GMT
content-type: application/javascript
last-modified: Sat, 02 May 2020 18:42:38 GMT
etag: W/"5eadbf1e-c43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations