mon-med.defrax1.de/
88.198.9.197302 Moved Temporarily 0 B IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 04 Feb 2023 05:28:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZHZxSEY4TU5lVVExbk5xTXJ1Z0N4aVNPNXltSWw3WWJwTFN1R05GUEt0WT06T2F2a1ZyUk9GZ3NNcUxqZ210dG1nVTdqbDFQRXI4VjIxZTZkYW9KK0hxVT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *
Set-Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; path=/; HttpOnly
oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; path=/; httponly
nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Location: http://mon-med.defrax1.de/index.php/login
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15484
Expires: Sat, 04 Feb 2023 09:46:06 GMT
Date: Sat, 04 Feb 2023 05:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13313
Expires: Sat, 04 Feb 2023 09:09:55 GMT
Date: Sat, 04 Feb 2023 05:28:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 04:43:35 GMT
content-type: application/json
age: 2667
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6210
Expires: Sat, 04 Feb 2023 07:11:32 GMT
Date: Sat, 04 Feb 2023 05:28:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 9e7H8hL0Ut0ZO6sGCmgSzk4arGMrXYiAnLLzEEvjQf+EhV3tQkL9PhN713JZP7oTvO+U8aqnx/c=
x-amz-request-id: 8BAEDJ0D9CAFJ27E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 05:23:52 GMT
age: 250
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 05:28:02 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 05:07:19 GMT
age: 1244
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
mon-med.defrax1.de/index.php/login
88.198.9.197200 OK 15 kB URL HTTP/1.1 mon-med.defrax1.de/index.php/login
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 68d170092cf05f46862e92f4ad2d1ef1
82a01302daa1c54f30b478f2da513971c0d8fb75
3ba8a453dd5c05341cdad2e21955aa1e354d8e9ca1c074ff3a8e4df2f5dccd32
Analyzer Verdict Alert fortinet Phishing
GET /index.php/login HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 14576
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
mon-med.defrax1.de/core/vendor/select2/select2.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 18 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/select2/select2.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash d62b26abc8fa37b52616d2ffe4fe2d34
2c6c3e8ad13941b667e8bfb0180b659713288827
6c2db7cf43e93097c680bed330493976af50b44ea4c8b9c3e153d38e99039b26
GET /core/vendor/select2/select2.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 17686
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-4516"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/header.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 7.8 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/header.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 5e508cce6544eab748e70457f068e677
b0b3f25dc2ddfb5cfac71aa2b5f7cda209656772
c133cc03eebbe79fb66e329d9b33edb5983877860d0281dcd028d3633ee67dbc
GET /core/css/header.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 7810
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-1e82"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/global.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 607 B URL HTTP/1.1 mon-med.defrax1.de/core/css/global.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 4900ad6e725aaa9afdc35420bbd7520f
92a79b3c90476a55ee254e2234c7c319552e4751
40bd17961a9ec41583b357e98d62081cf02dd29866d1e8fe6e222c8bbf2b12aa
GET /core/css/global.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 607
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
ETag: "25f-54b62a3a60d00"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/css/multiselect.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 2.4 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/multiselect.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash db6af704b4423551ddff5b7a33c55a71
87db2df0228418292a4db4f9ac1ceea6396c9d99
1f98bbf8bde7c64cab50a6f3ac1deeaae54de3c4ba9bbd9057fa06f62683ee80
Analyzer Verdict Alert fortinet Phishing
GET /core/css/multiselect.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 2415
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-96f"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/fixes.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 358 B URL HTTP/1.1 mon-med.defrax1.de/core/css/fixes.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type troff or preprocessor input, ASCII text
Hash 24430d2e79090812553c8994022830d3
b7f3307aafdea04dffedcf808f61ff2a9b4ece13
8de3df38216d327732dca66e5cbb7ccbdce2fc9616716af40ead33bcfcff9da0
Analyzer Verdict Alert fortinet Phishing
GET /core/css/fixes.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 358
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
ETag: "166-54b62a3a60d00"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/css/styles.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 23 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/styles.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (455)
Hash eaa64f44335a6b045dc7d2c4e75232f8
ad1f0cbfad2568e7f2609e9c2e9b951e8a318979
ac7726ada2a95ed90e8955929d82952311ad90d87b015337a455fee2e4bd9475
GET /core/css/styles.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 22804
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-5914"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/apps.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 19 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/apps.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 67e7bcfcb25b9d5e8a01e59ad0ad32ec
832ea7baec3456eb35b54df7776e3bc01c6c4e82
b8ee6236d6137cd0b07ec42703c2f2630535ebfad43136487350c4776b23a877
Analyzer Verdict Alert fortinet Phishing
GET /core/css/apps.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 18814
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-497e"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/mobile.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 3.1 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/mobile.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type Nim source code, ASCII text
Hash 2e1da18985301e31179ced2e648e0361
bd1944f21a4eb1222dff2d4968f6eca7bec5a356
af4e65e19af43af3f5cd1d1df112734b4e785b7833c1b3e75c657d34d4fc31ea
GET /core/css/mobile.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 3126
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-c36"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/jquery-ui-fixes.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 3.6 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/jquery-ui-fixes.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 82c6e8d86f76a3b80eba5a252242a542
eed6fc008a915db5282dce2cc61da906a5ea210d
e8a5f88f727ae3ba37c24cb50613313dbe689b173142bbbc6385bc30b8e104cc
GET /core/css/jquery-ui-fixes.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 3612
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-e1c"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/tooltip.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 2.4 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/tooltip.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash a427c4d47393668b484169f621374bce
b15b5d2d296059ec466e0d5f2516f1b15896d8d5
5d24591a822c066ee432135a5d9cbb507ceb7738201df13aaf393cd747f663d1
Analyzer Verdict Alert fortinet Phishing
GET /core/css/tooltip.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 2361
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-939"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/inputs.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 14 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/inputs.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash bd2042b5ec0b4b42599c8e0fa27df803
12352ff482d2356fbb4990c0e260fa09a7ee6faf
17f472aa15d674c76d66cf5056ef3368c565d0be9dbbe818963170d3b00c5090
GET /core/css/inputs.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 13760
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-35c0"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/jquery.ocdialog.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 1.5 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/jquery.ocdialog.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash c6ee994c74be82c572b8f6a72785a80f
5194edf6598566042513765dfd06041d0152a773
4e46a1120fd1342032050b3e41af8bc4c3d520a674fc8fe3bd15f23e453ae768
GET /core/css/jquery.ocdialog.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 1491
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-5d3"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/themes/defrax/core/css/styles.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 3.7 kB URL HTTP/1.1 mon-med.defrax1.de/themes/defrax/core/css/styles.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash db91fa2a364ec2bae7af8c61daac8926
a57bfab6bb5cf1452fe350516b0c896b72b3da8f
10edcbb85fe59a7b8ae8716c0b2463aeb8bcc5259d81ca76e75349c8f64e6c81
Analyzer Verdict Alert fortinet Phishing
GET /themes/defrax/core/css/styles.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 3681
Last-Modified: Thu, 23 Mar 2017 13:04:09 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d3c7c9-e61"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/jquery-ui/themes/base/jquery-ui.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 32 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/jquery-ui/themes/base/jquery-ui.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (360)
Hash 14917e74812cf6f232c91511cbd1ac85
aefe9628033b92484353839a398e10207af2ecba
13f19abef22e15d47becccea1abbf814849afbea505423d18c108fc831e65e93
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/jquery-ui/themes/base/jquery-ui.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 32269
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-7e0d"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/themes/defrax/core/css/icons.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 88 B URL HTTP/1.1 mon-med.defrax1.de/themes/defrax/core/css/icons.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 1c6d57a793d4ab586c2ba6d08141d3f7
fcb108c15e0b83121f71a893a40b6725f7878cb8
e151a6e6e8d97bacda9b8440efb7157113d83063ee66e4c2adca6972b926896e
Analyzer Verdict Alert fortinet Phishing
GET /themes/defrax/core/css/icons.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 88
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 13:05:48 GMT
ETag: "58-54b65892bae09"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/vendor/jquery-migrate/jquery-migrate.min.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 9.6 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/jquery-migrate/jquery-migrate.min.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (9535)
Hash ebc1f400b972b3437d67e90e14ac72d0
a29b31b78cd297590610f75cc1fb583e99c253a7
9f176243815d4e6dbc79434d408273e49a1d4cc085e7f977da0e4bc1f530654a
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/jquery-migrate/jquery-migrate.min.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 9632
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-25a0"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/jquery/dist/jquery.min.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 84 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/jquery/dist/jquery.min.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (32025)
Hash 4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /core/vendor/jquery/dist/jquery.min.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 84380
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-1499c"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/underscore/underscore.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 53 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/underscore/underscore.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash f893e294cde60c2462cb19b35aac431b
8e3a5ace7e47dcadd272642748b7ee8048daddf8
4b328e42c558197d5b99d7727cfcc60bac9763fad660651230e8baf93f6067ed
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/underscore/underscore.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 52919
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-ceb7"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/index.php/core/js/oc.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 2.5 kB URL HTTP/1.1 mon-med.defrax1.de/index.php/core/js/oc.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text, with very long lines (654)
Hash 7b24a7597f5742c61ceddd7276229c50
de6302ba2cc3641c9c4ea7182210f422c5902c4d
08d96cc89438dabef0144ef34cae79fec4b002c99a6439a1232ec6555a9c1b21
Analyzer Verdict Alert fortinet Phishing
GET /index.php/core/js/oc.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2457
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
Content-Disposition: inline; filename=""
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
mon-med.defrax1.de/core/vendor/blueimp-md5/js/md5.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 9.6 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/blueimp-md5/js/md5.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash fe66b64100a278ae560c98c191936328
5d28d8fe077bedaf1a59c111b54a7724b1e2eda3
ea844ce0efdfd39b98dc5dced03cac5e7feeceae943b1c2d3e6913be9034bc64
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/blueimp-md5/js/md5.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 9639
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-25a7"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/bootstrap/js/tooltip.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 16 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/bootstrap/js/tooltip.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash c4a6379c9f74d73e0e045be0fefdf95f
03d4e6b9c40809e0d902461df8da25561a44ebf2
3bc9620928f72c4e1181b208f0d8f63be31ae35a03e0de7c967c14b4d9360db7
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/bootstrap/js/tooltip.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 16345
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-3fd9"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/handlebars/handlebars.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 160 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/handlebars/handlebars.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (13507)
Size 160 kB (159587 bytes)
Hash 443b6dfae4afa132f7d9f31fc5f20742
c77138087740ae2ef8380711ceeadb59d5c23c4d
40785b1f17aaec1717b8f618fc0835854015838302800d873d9451c0eaff4138
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/handlebars/handlebars.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 159587
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-26f63"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/es6-promise/dist/es6-promise.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 32 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/es6-promise/dist/es6-promise.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 2ff388c7b65a36522a08324ee5ef55e0
42d67a5ed1781ba2791c97863df8e934a87524b8
0a22759c71d9a4670914363b33074631fbfe61ae37551a3b283261e83e372473
GET /core/vendor/es6-promise/dist/es6-promise.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 32525
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-7f0d"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/davclient.js/lib/client.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 11 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/davclient.js/lib/client.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash f0f933039c8bed415b67768c8b10fc5a
ee2d4decd2c94842e57655570a28fb9809f5d887
3fa0604fa57b6facb7806977c576c482cfe1f6272cda805fb1e3ce4d17e85bea
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/davclient.js/lib/client.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 11007
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-2aff"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/autosize/dist/autosize.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 6.9 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/autosize/dist/autosize.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 6f8119c25b17f814479f4726184ded5e
4c46178f760cfeda29aa53f8ddadf24682feb05a
99e3030a8800be6bf16e87b3ab1d86efffe06b9830d8976497170d3d39d4c949
GET /core/vendor/autosize/dist/autosize.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 6940
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-1b1c"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/clipboard/dist/clipboard.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 22 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/clipboard/dist/clipboard.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (849)
Hash 419c16082e6ab504be91b563ce7fc79d
8603c385c7e9f7da8c90f3e88c1f79b42ad99a4f
bf84848a135df91d84e2d2681b0c014599b3cf3ac9c34cd6c08d3c745c5ccd6a
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/clipboard/dist/clipboard.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 22399
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-577f"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/jquery.ocdialog.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 5.8 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/jquery.ocdialog.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 830b46f8664495e5fecc48dabba787f6
a8aab33aeb24cffa3201360986b4657941a335dc
539d4bf2624023677c79aecce363c952ce1eac0c941137746b134ef575337ae1
Analyzer Verdict Alert fortinet Phishing
GET /core/js/jquery.ocdialog.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 5761
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-1681"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/backbone/backbone.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 71 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/backbone/backbone.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 56520f8f407f7b27fc3929677df339fe
9421b259056a4315c418af23d9123b0b3a2ef384
3dd6732dfa24d1d79279ab81672b2092604b543489af42c7eba281f990c0cc43
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/backbone/backbone.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 71415
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-116f7"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/octemplate.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 3.1 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/octemplate.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document, ASCII text
Hash 9246ff23c358dd4f94c3c6a171cc2a9f
1e0a5e073a6423afee1039ca88403c3466fa8776
5583cf600c7724876d0b366cf03ce7dd1d1b5c48f7e04c7254d73cb6ef365971
Analyzer Verdict Alert fortinet Phishing
GET /core/js/octemplate.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 3081
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-c09"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/l10n.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 7.6 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/l10n.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash cedc1f86ffc3c0d752835173391fae64
6ddc883cbf2a7f1f559d04fff4d6a135894b5567
f14146e7789f8f4c3816617b74571345a21aef20b30fc08f672c3cc111e58e7f
Analyzer Verdict Alert fortinet Phishing
GET /core/js/l10n.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 7553
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-1d81"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/eventsource.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 4.2 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/eventsource.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 66b665a2b702c4f10822bc5dc1aee8bc
840a83dd56728bd6be52725e2c7e4e79a5f45b97
0382bded74ca987f2a6ddcac521ec197f7a271163d6e37736d224f35fd306a87
GET /core/js/eventsource.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 4242
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-1092"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/js.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 58 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/js.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash dbc416586c51b6f06b0294aa476265e5
5544b87f1e7a82d7ecc08dec64f193360f8fdf6f
decc9254d78995ce4ed2977f7b09cf57643d431931b84fdde6ee6463f382d7aa
GET /core/js/js.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 58246
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-e386"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/public/appconfig.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 3.1 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/public/appconfig.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash c3ad51c09f38ac360a08e029bb73cd3a
d7a709978d1ede178c9d90770159a2b4b0b8617c
e827633e4ce7dc2a4ecc3dc61e10915864127eed68be526799eaf0ef6ad1fef7
Analyzer Verdict Alert fortinet Phishing
GET /core/js/public/appconfig.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 3095
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-c17"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/config.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 2.0 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/config.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash bbd6943f1188552ab33a6140c1dfa3bb
a0d9762d243412cb1bae9d4797820604b5310978
5675369a57d694ba234c6d55dbbd49c185e9f2b10be4cd8b958902a5b1fe2d1e
Analyzer Verdict Alert fortinet Phishing
GET /core/js/config.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 1967
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-7af"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/search/js/search.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 12 kB URL HTTP/1.1 mon-med.defrax1.de/core/search/js/search.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 294330903c185a2f827e00d9b2210442
182310dab33fae25a70bed410a42912922f2d165
7b3ecc23c89a6ad5ffcf297b68f87f002cdb2a3d0b0ecc22643133b0d76da6dd
Analyzer Verdict Alert fortinet Phishing
GET /core/search/js/search.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 11957
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-2eb5"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/oc-requesttoken.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 209 B URL HTTP/1.1 mon-med.defrax1.de/core/js/oc-requesttoken.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 8ca5a38845639406147d99112a430bbc
d3a642f536a1f720a6f5f271a57903d8490efe32
1e9a783d0e9eb0fde0c36b90d394b567716f518967f047baee2d27b78fce62b4
Analyzer Verdict Alert fortinet Phishing
GET /core/js/oc-requesttoken.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 209
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
ETag: "d1-54b62a3b54f40"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/js/apps.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 3.2 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/apps.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 7f8ade6aebdb581bae6c3031d4ea5a07
c82a026d97c94aacb9ec8af5c05c1cb783f7dec9
122e83f58f684e9756fe04acd9bc3444120a9abe29eab3a94c309619d32c2c6f
Analyzer Verdict Alert fortinet Phishing
GET /core/js/apps.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 3176
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-c68"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/mimetype.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 3.5 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/mimetype.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 249f72fadebff5168705383fb8dc14cd
cd5dbcbfde03ef94f01f9fc06379ff4bdf096a84
1ba67b5232f079e16e2d5dfb2e7a16d5a9eec5e8310f10834ccb9ab0ee78b0d7
GET /core/js/mimetype.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 3500
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-dac"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/mimetypelist.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 5.3 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/mimetypelist.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 6ee7c81da34e0babe68e4ad87a281f28
0ba9bd1f2f88773a3f286393eb580fa47c09d10d
48c42e7b8bad2d438f01c63ec33d61201228ee8dfbe6ce81bf5ea971b69a8df9
Analyzer Verdict Alert fortinet Phishing
GET /core/js/mimetypelist.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 5346
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-14e2"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/oc-backbone.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 252 B URL HTTP/1.1 mon-med.defrax1.de/core/js/oc-backbone.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash af889faf9f833d4601d01b98db2a8052
0fdab9d364a97246e153b5871362efc8bb4fed10
7ddcf326caab77e5e89aa762c872c10a939a8367641df2472dc3608dea0bb60c
GET /core/js/oc-backbone.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 252
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
ETag: "fc-54b62a3b54f40"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/vendor/snapjs/dist/latest/snap.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 32 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/snapjs/dist/latest/snap.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 5bf7306cf09e7a591675cbe35990071a
542c699edc41ab21b2efd4010fae60eec3933489
80d3eb889fe619338993cbc41c933637dcb7a2c78f738723b8bcfda282c4cb23
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/snapjs/dist/latest/snap.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 32363
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-7e6b"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/placeholder.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 4.1 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/placeholder.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 81cdaaa4b38f65a26db5a994e799c3b1
980b1d9f38c97376b3aafc876a6d175f378b3b8a
96e5cc073c241392e545675798e2538ee9bab9f5fcc914cc54fb8ec2550f5b84
GET /core/js/placeholder.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 4146
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-1032"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/jquery.avatar.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 4.7 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/jquery.avatar.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 2ee08ce3792c08be0dcfab799be6de22
4f111a134c900af4d22018e0da64934be1505dc5
7d833f8cab75ee82d5bcda74bb7a203d8c59cd81f171b2c3c211931d661ebdff
Analyzer Verdict Alert fortinet Phishing
GET /core/js/jquery.avatar.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 4658
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-1232"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/backgroundjobs.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 911 B URL HTTP/1.1 mon-med.defrax1.de/core/js/backgroundjobs.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 1b94e34c1a8f724a4d7bcce2aebd58e5
9b37aeb0e8de34f7b5fb825bb64964eca10b0b51
c456ff66f78bd41c4e958c80238649f7d88b5d729cdf455724421cecce955b2a
GET /core/js/backgroundjobs.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 911
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
ETag: "38f-54b62a3b54f40"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/js/select2-toggleselect.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 1.5 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/select2-toggleselect.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 2ec68c8e29321416922309a5d2fe8c24
9449b1f03b1ae95f05d54dbb4c7fbf959e8de46a
a157b3ddc2328ab44e93043066d4789f869fb3078af23b46193eaecb9bad6ef3
GET /core/js/select2-toggleselect.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 1479
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-5c7"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/files/fileinfo.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 2.1 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/files/fileinfo.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 9bd9403ec640be375ec47267974694e9
6a119397e8489bb6f755d0ee9a44c2c52c4c9b4c
b2f3f8ceed706c098f3438dc11faff37f6280af50133352549204bb35519101d
GET /core/js/files/fileinfo.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 2141
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-85d"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/files/client.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 20 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/files/client.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 2aaff8c8feff62ec44590120c0aaa97d
76c34506e44f6e43407198c1d3551034d8e8fa7c
59eb71bcd057189e7a8241f68bf244b282ad07e3ebc253deb02ba3608d9ea6b0
Analyzer Verdict Alert fortinet Phishing
GET /core/js/files/client.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 19535
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-4c4f"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/jsTimezoneDetect/jstz.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 15 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/jsTimezoneDetect/jstz.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 83b3d79b149a50f79cee0575d04fac1f
ba4b3f8622ef9aed276e02fa88fd74aaa3482413
bf06b58204b2886d8bf4e9d147edc67d78ed65607211fe96b3c9fa333b77fe4e
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/jsTimezoneDetect/jstz.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 14565
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-38e5"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/jquery-ui-fixes.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 259 B URL HTTP/1.1 mon-med.defrax1.de/core/js/jquery-ui-fixes.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash dc11aedac60ef3afa969a8a536d9ff7e
cbfc793fcff413590e340bbe1a70666cd3af712c
9b08f0401538825cbb8d99906dfa71d9010f334213d8f9577802a70d9676229d
Analyzer Verdict Alert fortinet Phishing
GET /core/js/jquery-ui-fixes.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 259
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
ETag: "103-54b62a3b54f40"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14069
Expires: Sat, 04 Feb 2023 09:22:32 GMT
Date: Sat, 04 Feb 2023 05:28:03 GMT
Connection: keep-alive
mon-med.defrax1.de/core/vendor/select2/select2.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 144 kB URL HTTP/1.1 mon-med.defrax1.de/core/vendor/select2/select2.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (10694)
Size 144 kB (144129 bytes)
Hash fd00295e74edc0d82d5686b240f684df
7a8f4ede42e5d0c107400a56ac42e78058107423
0a9bdd7e6c130be438450844f1207b83d87b3ea3551ffb8c94ec63c0e1191d2e
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/select2/select2.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 144129
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-23301"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/login.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 798 B URL HTTP/1.1 mon-med.defrax1.de/core/js/login.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 8208fc422c3959f2f3db45e2395c0806
819eeac13f2783a44c0ab31d7c3bed8d4ec84299
05d92205986db8fe01fe7a26ab5b526cdd62a297f221092ee4dc029ab72baac0
GET /core/js/login.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 798
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
ETag: "31e-54b62a3b54f40"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/js/lostpassword.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 4.1 kB URL HTTP/1.1 mon-med.defrax1.de/core/js/lostpassword.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 542705f9812db1d475133bdefff01ac4
f7059ab6f8d5529d767280a63ce7f25705aa9374
e06cb287af3bba3ce0aa37bf32a8bfd71708d58c3c71b6828dcf102598d2beaf
Analyzer Verdict Alert fortinet Phishing
GET /core/js/lostpassword.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 4083
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-ff3"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/js/visitortimezone.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 385 B URL HTTP/1.1 mon-med.defrax1.de/core/js/visitortimezone.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 86f19ce518945c30d296adca0f8b423f
4d8acb3ab518c785a21e210a12fd0296d2df89f1
969b6817e677318bac500200e061714704fb3f256bd1d7d4343148c634e3a2d4
Analyzer Verdict Alert fortinet Phishing
GET /core/js/visitortimezone.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 385
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
ETag: "181-54b62a3b54f40"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/css/icons.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 10 kB URL HTTP/1.1 mon-med.defrax1.de/core/css/icons.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash bd2fb31c8d55d0cddd6de159cf8e2bf6
c39a59a7cab24994228e5f64f6fb4c25bb042ea6
bbaa391f1f1011e04365c36a8988c44bd5184a4e7a09f692fd70ce057ff247dd
Analyzer Verdict Alert fortinet Phishing
GET /core/css/icons.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 10083
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-2763"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/css/fonts.css?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 728 B URL HTTP/1.1 mon-med.defrax1.de/core/css/fonts.css?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 262020a529d64c556234f07d0ef63838
0c4500ca104fb2d79100f782447faaef2c615f44
650edf905c3e829d322520e0eebfaba1ddf371d66fa212d2461292bce204f489
Analyzer Verdict Alert fortinet Phishing
GET /core/css/fonts.css?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css
Content-Length: 728
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
ETag: "2d8-54b62a3a60d00"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/index.php/apps/theming/styles?v=0
88.198.9.197200 OK 38 B URL HTTP/1.1 mon-med.defrax1.de/index.php/apps/theming/styles?v=0
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash 48cb06984b7b92a51308745da72fa119
2a559071f4a1b846089088e0abe649a8a2c3eabd
ebb876c80318f3649a093df37a08dbb0bac927e64c774daf73458016254ba348
Analyzer Verdict Alert fortinet Phishing
GET /index.php/apps/theming/styles?v=0 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/css;charset=UTF-8
Content-Length: 38
Connection: keep-alive
Cache-Control: max-age=3600, must-revalidate
Content-Disposition: attachment; filename="style"
Expires: Sat, 04 Feb 2023 05:28:03 +0000
Pragma: cache
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
mon-med.defrax1.de/index.php/apps/theming/js/theming?v=0
88.198.9.197200 OK 180 B URL HTTP/1.1 mon-med.defrax1.de/index.php/apps/theming/js/theming?v=0
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Hash c421897129451879fdf60679cdf448e9
03939858213d39693fedfc56f8e17eb755390be4
a384573b1e7100092413dc83aac8bb9d95fc582f155d16cad2830b9da91beae3
Analyzer Verdict Alert fortinet Phishing
GET /index.php/apps/theming/js/theming?v=0 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 180
Connection: keep-alive
Cache-Control: max-age=3600, must-revalidate
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
Content-Disposition: inline; filename=""
Expires: Sat, 04 Feb 2023 05:28:03 +0000
Pragma: cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
mon-med.defrax1.de/core/img/loading-dark.gif
88.198.9.197200 OK 4.7 kB URL HTTP/1.1 mon-med.defrax1.de/core/img/loading-dark.gif
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 32 x 32\012- data
Hash 7446c22d8ed8b7b4641adc5dc30f39d2
1ccb798de57db7a5d8996c3eac5ffc3c6b0c5147
93b795ec06aebf7141dbfb46cf6fa51fb964d2a5c0646303eb135b38d007a0a9
GET /core/img/loading-dark.gif HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: image/gif
Content-Length: 4683
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39794-124b"
X-Powered-By: PleskLin
Accept-Ranges: bytes
push.services.mozilla.com/
52.34.129.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.34.129.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Rw0mjtxc1DqsyWP8uc6kGg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pUEm+d4u9BW7aoyUM9kD5+9HoFc=
mon-med.defrax1.de/themes/defrax/core/img/logo_defrax_cloud7.png
88.198.9.197200 OK 11 kB URL HTTP/1.1 mon-med.defrax1.de/themes/defrax/core/img/logo_defrax_cloud7.png
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 200 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 9dfbd81819c59537e803bffe26435104
82966a448fb2b5c36365a7584b6fd45a04e944a9
9c9d4063c980447c4b044d5be32226bc58299e041eed01484e4582e305fd7bf0
GET /themes/defrax/core/img/logo_defrax_cloud7.png HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mon-med.defrax1.de/themes/defrax/core/css/styles.css?v=180fda623ff91b27e97e4d635060f9b8
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: image/png
Content-Length: 10701
Last-Modified: Wed, 22 Mar 2017 18:50:58 GMT
Connection: keep-alive
ETag: "58d2c792-29cd"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/fonts/OpenSans-Semibold.woff
88.198.9.197200 OK 70 kB URL HTTP/1.1 mon-med.defrax1.de/core/fonts/OpenSans-Semibold.woff
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format, TrueType, length 69888, version 1.10\012- data
Hash 9f2144213fad53d4e0fdb26ecf93865f
7c9f1210d31388fe5df9e368bd0e73a8f4091b28
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
Analyzer Verdict Alert fortinet Phishing
GET /core/fonts/OpenSans-Semibold.woff HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mon-med.defrax1.de/core/css/fonts.css?v=180fda623ff91b27e97e4d635060f9b8
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/font-woff
Content-Length: 69888
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=604800
ETag: "58d39794-11100"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/fonts/OpenSans-Regular.woff
88.198.9.197200 OK 20 kB URL HTTP/1.1 mon-med.defrax1.de/core/fonts/OpenSans-Regular.woff
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format, TrueType, length 20544, version 1.1\012- data
Hash ddf32d230e221d777f9a589f0e2f95ea
d8721a797492d3dd8a5f5a419a386e69246d15ed
df7de1f609f36bc4f0b8c56c23ffd2dfaa78f3341e479b0a3a8a4c802f6acc80
Analyzer Verdict Alert fortinet Phishing
GET /core/fonts/OpenSans-Regular.woff HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mon-med.defrax1.de/core/css/fonts.css?v=180fda623ff91b27e97e4d635060f9b8
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:04 GMT
Content-Type: application/font-woff
Content-Length: 20544
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=604800
ETag: "58d39794-5040"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/img/actions/confirm-white.svg?v=2
88.198.9.197200 OK 841 B URL HTTP/1.1 mon-med.defrax1.de/core/img/actions/confirm-white.svg?v=2
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (700)
Hash a04d583a7d274d96ba7813eee4bc87ff
31f22083d9f9ac29ebed21ceeb971bd48c266106
3e76a8fcb9aa8481969e4d049df29391a0433e1c9d82ba0a74ab77c7877cdc33
GET /core/img/actions/confirm-white.svg?v=2 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mon-med.defrax1.de/core/css/icons.css?v=180fda623ff91b27e97e4d635060f9b8
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:04 GMT
Content-Type: image/svg+xml
Content-Length: 841
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
ETag: "349-54b62a3a60d00"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/img/actions/checkbox-white.svg
88.198.9.197200 OK 195 B URL HTTP/1.1 mon-med.defrax1.de/core/img/actions/checkbox-white.svg
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 96231afd36a5744c84fa7af624636bb2
49626266a14b732ef41c0f6edbbe0c50c686cb7d
17763c342144d24d67136d1aea05c63ebc78947e8bf5edf21eb49f513575bcdf
Analyzer Verdict Alert fortinet Phishing
GET /core/img/actions/checkbox-white.svg HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mon-med.defrax1.de/core/css/inputs.css?v=180fda623ff91b27e97e4d635060f9b8
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:04 GMT
Content-Type: image/svg+xml
Content-Length: 195
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
ETag: "c3-54b62a3a60d00"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Cache-Control: max-age=15778463
X-Powered-By: PleskLin
mon-med.defrax1.de/core/fonts/OpenSans-Light.woff
88.198.9.197200 OK 63 kB URL HTTP/1.1 mon-med.defrax1.de/core/fonts/OpenSans-Light.woff
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format, TrueType, length 62844, version 1.0\012- data
Hash 963eb32907744d9a0d6b98127162808f
c7acbce006e0c9139608f078cbe3b0876c9ace66
8560f9bdddaa5e89f2d1d1403681932c574de5377c6d0dd5c1aa408c91a3e979
Analyzer Verdict Alert fortinet Phishing
GET /core/fonts/OpenSans-Light.woff HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://mon-med.defrax1.de/core/css/fonts.css?v=180fda623ff91b27e97e4d635060f9b8
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:04 GMT
Content-Type: application/font-woff
Content-Length: 62844
Last-Modified: Thu, 23 Mar 2017 09:38:28 GMT
Connection: keep-alive
Cache-Control: max-age=604800
ETag: "58d39794-f57c"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/index.php/apps/theming/favicon?v=0
88.198.9.197200 OK 1.3 kB URL HTTP/1.1 mon-med.defrax1.de/index.php/apps/theming/favicon?v=0
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced\012- data
Hash cfee30bc4c0c034bb829c5fec808ab5b
8c9d3d444dae62e4728928298e17d3ac7b6c2aa7
ae7b9ec5ced21e1efc7fd7668de6ee6c8ed4972949a1dc5cdbdfdb4c006f6649
Analyzer Verdict Alert fortinet Phishing
GET /index.php/apps/theming/favicon?v=0 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:04 GMT
Content-Type: image/x-icon
Content-Length: 1255
Connection: keep-alive
Cache-Control: max-age=86400, must-revalidate
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
Content-Disposition: inline; filename="favIcon-core"
Expires: Sun, 05 Feb 2023 05:28:04 +0000
Pragma: cache
Last-Modified: Thu, 23 Mar 2017 08:28:33 GMT
ETag: "94d68e9a2d078d05d737cfd22b9ca82a"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
mon-med.defrax1.de/cron.php
88.198.9.197200 OK 20 B URL HTTP/1.1 mon-med.defrax1.de/cron.php
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert fortinet Phishing
GET /cron.php HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
requesttoken: Z+kcOzBISI+T6T3WX/wR7BycYmZUor90ADrgS327ySM=:KLh/ekcLJ8Cq3V+6a891q3bxEhwYmswZcWDTOS6K/VA=
OCS-APIREQUEST: true
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:04 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-UlloMzg2VURKdW1OZTRCb0Z4TG52Z1BMT0t1bVFpN3BEN0JwRVVteHVWYz06Q3RrVXN0SkFTYWEwVCtJRUl5R0QrV21tU05IcWVsMkVmdXBhWXhxQWpTUT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
mon-med.defrax1.de/index.php/apps/theming/icon?v=0
88.198.9.197200 OK 22 kB URL HTTP/1.1 mon-med.defrax1.de/index.php/apps/theming/icon?v=0
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced\012- data
Hash b309bd7f29f85db932155cef5475ab4e
f7fb1938568bd9c976cd65bd4bacc39314a55691
714d267eb08b96cead295c3192b92ad9f858fb972f16cfa26ac421d089792b0f
Analyzer Verdict Alert fortinet Phishing
GET /index.php/apps/theming/icon?v=0 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:04 GMT
Content-Type: image/png
Content-Length: 21947
Connection: keep-alive
Cache-Control: max-age=86400, must-revalidate
Content-Security-Policy: default-src 'none';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'
Content-Disposition: inline; filename="touchIcon-core"
Expires: Sun, 05 Feb 2023 05:28:04 +0000
Pragma: cache
Last-Modified: Thu, 23 Mar 2017 10:08:04 GMT
ETag: "c2b9e58f8841417f5452d9df0680da2e"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Robots-Tag: none
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: PHP/5.6.40, PleskLin
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2895
Expires: Sat, 04 Feb 2023 06:16:19 GMT
Date: Sat, 04 Feb 2023 05:28:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2895
Expires: Sat, 04 Feb 2023 06:16:19 GMT
Date: Sat, 04 Feb 2023 05:28:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2895
Expires: Sat, 04 Feb 2023 06:16:19 GMT
Date: Sat, 04 Feb 2023 05:28:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2895
Expires: Sat, 04 Feb 2023 06:16:19 GMT
Date: Sat, 04 Feb 2023 05:28:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 26231
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 26263
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 27667
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 26263
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 25048
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 26263
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mon-med.defrax1.de/core/vendor/jquery-ui/ui/jquery-ui.custom.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 0 B URL HTTP/1.1 mon-med.defrax1.de/core/vendor/jquery-ui/ui/jquery-ui.custom.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/jquery-ui/ui/jquery-ui.custom.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 432631
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-699f7"
X-Powered-By: PleskLin
Accept-Ranges: bytes
mon-med.defrax1.de/core/vendor/moment/min/moment-with-locales.js?v=180fda623ff91b27e97e4d635060f9b8
88.198.9.197200 OK 0 B URL HTTP/1.1 mon-med.defrax1.de/core/vendor/moment/min/moment-with-locales.js?v=180fda623ff91b27e97e4d635060f9b8
IP 88.198.9.197:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /core/vendor/moment/min/moment-with-locales.js?v=180fda623ff91b27e97e4d635060f9b8 HTTP/1.1
Host: mon-med.defrax1.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ochhali32g5i=rubbe0rsgvkt5g7qt9r2ar3004; oc_sessionPassphrase=Gg%2FWjiN1e9LgY1Yi57D3RzMMpVL0yFdARFZ%2BV7Y4N2lusWyFEyeOQ110uSWaat2qToFquwHStB7ETfnD2qLUdfxPXTk3b6caS2m8cS3sHoKVMnDmk1B9cEnZh3o4h9%2BQ; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:28:03 GMT
Content-Type: application/javascript
Content-Length: 453816
Last-Modified: Thu, 23 Mar 2017 09:38:29 GMT
Connection: keep-alive
Cache-Control: max-age=15778463
ETag: "58d39795-6ecb8"
X-Powered-By: PleskLin
Accept-Ranges: bytes