r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e6b7a72139d0ef7688330456e9be9a4c
e130a94e7d531768300071764dd1e81fee5bbbcb
d3818afd1493030105341b4cfb91037acbf27085c96068b3ef91c5071277c8e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3818AFD1493030105341B4CFB91037ACBF27085C96068B3EF91C5071277C8E5"
Last-Modified: Mon, 09 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21128
Expires: Wed, 11 Jan 2023 13:48:45 GMT
Date: Wed, 11 Jan 2023 07:56:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eecebe0566883e33558e8e67beaccb29
acdd8fd09e2066ed5ecfbc3f11c4a2d61218ecc7
65e21170242bf41eb529fa422385dbe5af65a61e374e6dd5669e7e5f927948af
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65E21170242BF41EB529FA422385DBE5AF65A61E374E6DD5669E7E5F927948AF"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4824
Expires: Wed, 11 Jan 2023 09:17:01 GMT
Date: Wed, 11 Jan 2023 07:56:37 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d8ccb7b2b89aec333fabc04d37337892
c2a13a42c1bd0cf7ce68d9c13b3d6ba1044b5283
75fcc3ea090454e3489a131b70ab50798fec6a08664745027d7a1cf62c6aba28
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75FCC3EA090454E3489A131B70AB50798FEC6A08664745027D7A1CF62C6ABA28"
Last-Modified: Mon, 09 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3019
Expires: Wed, 11 Jan 2023 08:46:56 GMT
Date: Wed, 11 Jan 2023 07:56:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 11 Jan 2023 07:41:47 GMT
content-type: application/json
age: 890
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: t9Hb8quCWi1/BFdAbTDryXXYIMrq73zvWm+Y0nZkWJ7O7ODyw8jcHQhgKBw0sZfwSlhkHX212dXluayWes8+Ag==
x-amz-request-id: KGSBYGK24ARQMBNB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 11 Jan 2023 07:01:58 GMT
age: 3279
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:37 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
han.gl/ujabn
301 Moved Permanently 228 B IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 34546dacd31d5686637e46ea6fc414ac
ba2945708356a384447f742f2d55efb580f79dd6
e48f56e53adedf9800357d4543dc79a0849546e1e06a0b5252bd46f8e74c1e4c
Analyzer Verdict Alert quad9 Sinkholed
GET /ujabn HTTP/1.1
Host: han.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 11 Jan 2023 07:56:37 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: https://han.gl/ujabn
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2B6QQJ3xQAqKed3F1Bmnh1XA0CEgMXMVDI0tn7T6wDc1Z2e5wN2ec8XDP6wVBFGgEICLWx0r%2BMzF9zZN28nAhrh3bGSmODl%2BDbimh8RT57yaNnj0vQpq02Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 787c18cd2c01b51b-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
200 OK 279 B IP
Hash 17493d0fd47fa526fa4c357df1a82e3e
08cf4139690e013110c9f6403ef640b96e20093b
8476d8303935bf11e9fa4a759f92c742c0d050e35d8d3a74cb4159857ae9e258
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4814
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 07:56:37 GMT
Last-Modified: Wed, 11 Jan 2023 06:36:23 GMT
Server: ECS (amb/6BBC)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 11 Jan 2023 07:17:24 GMT
age: 2353
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash a831a999b5e598b4e9f4e31e8054ca7c
9971a4a806f48777ae6d9525085d16d0c6314c51
cdffa8dd48e75baa98670f82dfac2b3948667ca32dd93f469d2cd49d3a58581c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4946
Cache-Control: max-age=95558
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 07:56:38 GMT
Etag: "63bd2aaa-1d7"
Expires: Thu, 12 Jan 2023 10:29:16 GMT
Last-Modified: Tue, 10 Jan 2023 09:06:50 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash 17493d0fd47fa526fa4c357df1a82e3e
08cf4139690e013110c9f6403ef640b96e20093b
8476d8303935bf11e9fa4a759f92c742c0d050e35d8d3a74cb4159857ae9e258
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4816
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 07:56:39 GMT
Last-Modified: Wed, 11 Jan 2023 06:36:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/s/gts1d4/hvHaAvyEMe8
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/hvHaAvyEMe8
IP
Hash fcd932f0322389dc92c27e5fd3f64e2a
bb9885122f88edfb4cb15da92cb315e1253b8734
4e4e79b666f8d05ecbb00424d8ddafee63fdaa30f738d256c70575eb376f08c2
POST /s/gts1d4/hvHaAvyEMe8 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 07:56:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3AhKTjp3WWLKt7075PGykQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: I7BvSSVLZDlFaNbColT06CYENQE=
ocsp.pki.goog/s/gts1d4/hvHaAvyEMe8
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/hvHaAvyEMe8
IP
Hash fcd932f0322389dc92c27e5fd3f64e2a
bb9885122f88edfb4cb15da92cb315e1253b8734
4e4e79b666f8d05ecbb00424d8ddafee63fdaa30f738d256c70575eb376f08c2
POST /s/gts1d4/hvHaAvyEMe8 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 11 Jan 2023 07:56:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 60e1efd6eb7bdcf775dc75e8421b64d1
c2056d5d7b59f6b4b5617005f059d2760d7705f0
264663d6b0336f823e0b10e2be72da9113ad74827ffaa443b671773c73d468c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "264663D6B0336F823E0B10E2BE72DA9113AD74827FFAA443B671773C73D468C3"
Last-Modified: Wed, 11 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21189
Expires: Wed, 11 Jan 2023 13:49:48 GMT
Date: Wed, 11 Jan 2023 07:56:39 GMT
Connection: keep-alive
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11
301 Moved Permanently 385 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b515ea7bc14fb1a03b632508d6b0260b
c0d8bb6caa04c7175d2516cad62f99fd12a854ae
a5efce7473f2466b4a82429365b0bfb6bce9e7f681fad4368a2dc8e83b536cf9
Analyzer Verdict Alert fortinet Phishing
GET /person11 HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 11 Jan 2023 07:56:39 GMT
content-type: text/html; charset=iso-8859-1
content-length: 385
location: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/
x-powered-by: PleskLin
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/
200 OK 411 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 984e1ee8e25179994e89e9ea13bf0351
5dd860ed04432b05a8df2434b8234d89b45104ed
6400c704a6370ba68b52a30e46a91a5e87118adccd0cdaea4dee1e61eb45cd2b
Analyzer Verdict Alert fortinet Phishing
GET /person11/ HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:39 GMT
content-type: text/html; charset=UTF-8
content-length: 411
set-cookie: real=OK
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 11 Jan 2023 10:22:14 GMT
Date: Wed, 11 Jan 2023 07:56:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 11 Jan 2023 10:22:14 GMT
Date: Wed, 11 Jan 2023 07:56:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 11 Jan 2023 10:22:14 GMT
Date: Wed, 11 Jan 2023 07:56:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 11 Jan 2023 10:22:14 GMT
Date: Wed, 11 Jan 2023 07:56:39 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 385fbe651dc747111b979f40f9583702
a69fa58ffc6e2b15222f17ad6345b2bec9d75106
c82b794c471d79568f5eee05529ceddbefc383ac0d035578da7bc3866062e5cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C82B794C471D79568F5EEE05529CEDDBEFC383AC0D035578DA7BC3866062E5CC"
Last-Modified: Tue, 10 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8735
Expires: Wed, 11 Jan 2023 10:22:14 GMT
Date: Wed, 11 Jan 2023 07:56:39 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faabf1f2c-deb1-4d58-9ee6-5dd522512882.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faabf1f2c-deb1-4d58-9ee6-5dd522512882.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56de8a53fb494855ff7717eeb39c1fed
438999ac8d0853e235a2c0e0f404291961c891ab
357db338b2f6fcf434bdd9c2561f91d3fc7e5d42a92e5068402ce3eeb6fba412
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faabf1f2c-deb1-4d58-9ee6-5dd522512882.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6400
x-amzn-requestid: f76c3961-a118-4639-a943-2ffbd3d28537
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eaD7hEEdoAMFs5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ba4d16-3881379864dcae085aa4fd4d;Sampled=0
x-amzn-remapped-date: Sun, 08 Jan 2023 04:56:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DmS2bnkBSYTi7rEZuQ_frZ6GwU-PHrD3GfDXv7rDkp_ytjR7c9FhWw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 09:21:14 GMT
age: 81325
etag: "438999ac8d0853e235a2c0e0f404291961c891ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 68af9d9acdc08345ac38ae59f83a9a24
d3c0b7fa6ab4f421835acd595a75b5035d1ff9ee
1ae2e194f6bb20166d326002b39a4e3f44a9a97046e77ffd2a186eae384b7ce1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe834a7de-1ed4-4b8b-a3be-fce3151bd1b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10640
x-amzn-requestid: 0b0b6732-7692-4b35-9625-154dc39386dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei745GEooAMFafA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9d2-314dad90600e9d8c737adf05;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rr9hTjSynlIWtcOCn7hv3-rRhhGEl0A0_uV1jC2ljrpr8ybnZP72Zw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:42:10 GMT
age: 36869
etag: "d3c0b7fa6ab4f421835acd595a75b5035d1ff9ee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15770463-febf-46fb-8a4d-1a4f297b5a7b.jpeg
200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15770463-febf-46fb-8a4d-1a4f297b5a7b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d11194f94b91e55e976fc5d704afa55
eb6c7b73b80d2d41e6e4801a0b671e2a5c1cdf5b
66b01e33e1bc18d18e187632738f8ff49ef58a2d054367173c0570b7caa76260
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15770463-febf-46fb-8a4d-1a4f297b5a7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4116
x-amzn-requestid: 64c7b71c-74a5-4304-bab5-305de0e4c9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eON3PHCaoAMF_Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b5902e-72ada40c0419baa7763c2441;Sampled=0
x-amzn-remapped-date: Wed, 04 Jan 2023 14:41:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wrpetZbXyS3pCR4ZBK2XXJRHbg652psant3gpl9ALVEZcfPE1ez8xw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 04:40:23 GMT
age: 11776
etag: "eb6c7b73b80d2d41e6e4801a0b671e2a5c1cdf5b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a708649e0d6b128eb599b221445a8e06
59f9b06ee8e4c9608e29e7b19832fb925789f373
b4e17cfdee53b56ac33cb5a86253e4839ed7bd9bb1604209834bb22d881472f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febe61553-0d3d-4c00-8e9b-da1405590a9b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7140
x-amzn-requestid: 96450c55-6068-4946-9e5f-650c19d2772a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei739GoJIAMF0lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9cc-2bf965d47a10fd61619d945f;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t5mK-tl3WskwkQLUXPKR2ljEW32-Yo6_BHwqP2dNVUr09WoMyxYeZw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:42:06 GMT
age: 36873
etag: "59f9b06ee8e4c9608e29e7b19832fb925789f373"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bb42924-de42-4772-9668-d2cdea9ffc34.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bb42924-de42-4772-9668-d2cdea9ffc34.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 88a5b6a852d2139e5a0d44aa0d199ed9
910accaca2e49f987a3aee63aa3ad8de8298a052
c35524983062df09cb7a323db476deebfd8c34c053d49d6651e17e9ca5ef561a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bb42924-de42-4772-9668-d2cdea9ffc34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9177
x-amzn-requestid: 147b1cb1-4b0c-4b26-adca-fd3a881e5fb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: egZ_-H-vIAMFaoA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bcd6cc-048126f849e408c32ae7d289;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 03:09:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ifm0jbYd-s5tKF4v8pfkb1dGk-Z2ONoCZ8MQoZ690FzPkTs3I02Lpw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 11 Jan 2023 03:37:45 GMT
age: 15534
etag: "910accaca2e49f987a3aee63aa3ad8de8298a052"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82b10434cd29773d0f2f05a9904bd8d7
254f8d0a30d61afe871b7d603d4f0669bfb59808
5955b48e68572fd477fbb1bf172c3d590320b7408668a7fc586022362dd7447d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29a4e5f8-90d2-4932-b687-e827f7b75a6b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8395
x-amzn-requestid: 13f52de6-c624-4005-8c98-b8299ce3d156
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ei75DGBwIAMFU3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bdd9d3-278ee7ad4b30336e2ada7970;Sampled=0
x-amzn-remapped-date: Tue, 10 Jan 2023 21:34:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GgE9t2dma-Vdolh6eOwjqtNz-rLzDCflksYIj1mcogunBV8dxgCIkQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 10 Jan 2023 21:51:12 GMT
age: 36327
etag: "254f8d0a30d61afe871b7d603d4f0669bfb59808"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f?
301 Moved Permanently 426 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f?
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d3b47d076890d34be67b787d67825887
cdf1f0d765ef7d3775d7afd22ef4ccb4df02bba5
7a596b40160c6b638776058d4e62d9a5e8151c8b1d029868feebb6b91666e43e
Analyzer Verdict Alert fortinet Phishing
GET /person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f? HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 11 Jan 2023 07:56:40 GMT
content-type: text/html; charset=iso-8859-1
content-length: 426
location: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/?
x-powered-by: PleskLin
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/?
302 Found 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/?
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/? HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 11 Jan 2023 07:56:40 GMT
content-type: text/html; charset=UTF-8
content-length: 0
set-cookie: bid=02ee6c26ebce796705a0efe4d944704f; expires=Fri, 10-Feb-2023 07:56:40 GMT; Max-Age=2592000; path=/
location: login/?
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/form/css.css
200 OK 205 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/form/css.css
IP
Hash 5de0e1b9360d4e2970d8473012f68739
3ca617d57280fad81e3961538c11ed76ecad82e9
6c64cc0eaa7816769fb64cff880cd188c4d8f5d483988f9e2f6a251ec45b13aa
GET /person11/login/form/css.css HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: text/css
content-length: 205
x-accel-version: 0.01
last-modified: Mon, 26 Sep 2022 14:21:06 GMT
etag: "233-5e9953cfa7880-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_semibold/OpenSans-Semibold-webfont.woff
404 Not Found 808 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_semibold/OpenSans-Semibold-webfont.woff
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
Analyzer Verdict Alert fortinet Phishing
GET /person11/login/OpenSans/webfonts/opensans_semibold/OpenSans-Semibold-webfont.woff HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: text/html
content-length: 808
last-modified: Thu, 29 Dec 2022 05:09:14 GMT
etag: "328-5f0f07c70de37"
accept-ranges: bytes
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_regular/OpenSans-Regular-webfont.woff
404 Not Found 808 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_regular/OpenSans-Regular-webfont.woff
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a943672a32297727bab01c3e76977550
3a667c4b7a457ef6c586cc581d533c128737bf53
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
Analyzer Verdict Alert fortinet Phishing
GET /person11/login/OpenSans/webfonts/opensans_regular/OpenSans-Regular-webfont.woff HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: text/html
content-length: 808
last-modified: Thu, 29 Dec 2022 05:09:14 GMT
etag: "328-5f0f07c70de37"
accept-ranges: bytes
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/core/form/core_form.js
200 OK 561 kB URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/core/form/core_form.js
IP
Size 561 kB (560837 bytes)
Hash bab28e5167452e2d5297b5864f35594a
d8b48238df2ec7b1ea25ab02c59ccd743ab28e78
26da5929ebeb8230fba212b72dc6383bbaadff39d48fd54da8a18e58467444c9
Analyzer Verdict Alert fortinet Phishing
GET /person11/core/form/core_form.js HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: application/javascript
last-modified: Fri, 02 Dec 2022 16:06:00 GMT
etag: W/"638a2268-427a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/home.php?pl=token&link=sp.at&bid=02ee6c26ebce796705a0efe4d944704f&callback=jQuery32103058807793697951_1673423786832&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1673423786833
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/home.php?pl=token&link=sp.at&bid=02ee6c26ebce796705a0efe4d944704f&callback=jQuery32103058807793697951_1673423786832&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1673423786833
IP
GET /person11/home.php?pl=token&link=sp.at&bid=02ee6c26ebce796705a0efe4d944704f&callback=jQuery32103058807793697951_1673423786832&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1673423786833 HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/home.php?pl=token&link=sp.at&bid=02ee6c26ebce796705a0efe4d944704f&callback=jQuery32103058807793697951_1673423786830&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1673423786831
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/home.php?pl=token&link=sp.at&bid=02ee6c26ebce796705a0efe4d944704f&callback=jQuery32103058807793697951_1673423786830&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1673423786831
IP
GET /person11/home.php?pl=token&link=sp.at&bid=02ee6c26ebce796705a0efe4d944704f&callback=jQuery32103058807793697951_1673423786830&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1673423786831 HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: application/json
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_regular/OpenSans-Regular-webfont.ttf
404 Not Found 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_regular/OpenSans-Regular-webfont.ttf
IP
Analyzer Verdict Alert fortinet Phishing
GET /person11/login/OpenSans/webfonts/opensans_regular/OpenSans-Regular-webfont.ttf HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: text/html
last-modified: Thu, 29 Dec 2022 05:09:14 GMT
etag: W/"328-5f0f07c70de37"
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/favicon.ico
404 Not Found 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/favicon.ico
IP
GET /favicon.ico HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 11 Jan 2023 07:56:39 GMT
content-type: text/html
last-modified: Thu, 29 Dec 2022 05:09:14 GMT
etag: W/"328-5f0f07c70de37"
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
IP
GET /person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/? HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:40 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/bower_components/jquery/dist/jquery.min.js
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/bower_components/jquery/dist/jquery.min.js
IP
Analyzer Verdict Alert fortinet Phishing
GET /person11/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: application/javascript
last-modified: Mon, 05 Jun 2017 12:55:06 GMT
etag: W/"593554aa-15283"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/core/form/core_form.css
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/core/form/core_form.css
IP
GET /person11/core/form/core_form.css HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: text/css
last-modified: Thu, 03 Nov 2022 22:43:32 GMT
etag: W/"63644414-a83"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/token/token.js?v=63be6bb8e4892
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/token/token.js?v=63be6bb8e4892
IP
Analyzer Verdict Alert fortinet Phishing
GET /person11/login/token/token.js?v=63be6bb8e4892 HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: application/javascript
last-modified: Mon, 26 Sep 2022 14:20:42 GMT
etag: W/"6331b53a-4ee"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
han.gl/ujabn
301 Moved Permanently 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET /ujabn HTTP/1.1
Host: han.gl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
date: Wed, 11 Jan 2023 07:56:39 GMT
content-type: text/html; charset=UTF-8
location: https://lihi2.cc/nMdjZ
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=05dniqlm1v89g8rsqqag04bro8; path=/
short_2163782=1; expires=Wed, 11-Jan-2023 08:11:38 GMT; Max-Age=900; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UgCk9MvgBPQyhaJwuRFKCv%2Bg%2BHLdq6v08lWXBpX7J4vnGmtnSamJdd4VzJhXilptYsoh6SKJBAuKsbSUJWKoLN1cblbWxyR4hlsY3yjM3dZIQaWSt7Wo5v4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 787c18d11b4e0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lihi2.cc/nMdjZ
302 Found 0 B IP
GET /nMdjZ HTTP/1.1
Host: lihi2.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Wed, 11 Jan 2023 07:56:39 GMT
location: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11
set-cookie: redirect_id=eyJpdiI6Ims5YUZ0VDlYWWp6VUowY05sc0tHc0E9PSIsInZhbHVlIjoicWxSQjBcL3FTMmswV0FBQlk2YVM0Q21ETCtwZ0tDVUhxb0cyXC9kdUljTWhLR1F5amczOXVoNHVON0RhWm5DZ0JiIiwibWFjIjoiMDZmYmQzMGU0MjU1ZDg2M2IzMDVjNDIxMzE2ZTliZGRjYTExNDVmOWQ0YzZjYjJlZTI0MWVlYzFmZjViMGMyNCJ9; expires=Mon, 10-Jan-2028 07:56:39 GMT; Max-Age=157680000; path=/; httponly
lihi_session=eyJpdiI6IktkWTBKQ3VRS3dzVmZmencySjJJYVE9PSIsInZhbHVlIjoiekY4eHh3YzZQSWNYMmRGV2h0VnNIZWhiVzd4MFhtcUh3d3VEUStyT3dvSzBJMVk1RDdKekZyRlZZZEh2VjhXVyIsIm1hYyI6IjM2MDI1MWVhMmVhNmY0MzMwYjFjMzM2NDhkY2VhYzU3MTM0N2ZlNWVjMTM4ZmZlZGVlODk2NDFkZmYzM2VhNDMifQ%3D%3D; expires=Wed, 11-Jan-2023 07:57:39 GMT; Max-Age=60; path=/; httponly
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/bower_components/font-awesome/css/font-awesome.min.css
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/bower_components/font-awesome/css/font-awesome.min.css
IP
GET /person11/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: text/css
last-modified: Sun, 09 Apr 2017 12:29:24 GMT
etag: W/"58ea2924-7918"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_semibold/OpenSans-Semibold-webfont.ttf
404 Not Found 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/OpenSans/webfonts/opensans_semibold/OpenSans-Semibold-webfont.ttf
IP
Analyzer Verdict Alert fortinet Phishing
GET /person11/login/OpenSans/webfonts/opensans_semibold/OpenSans-Semibold-webfont.ttf HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: text/html
last-modified: Thu, 29 Dec 2022 05:09:14 GMT
etag: W/"328-5f0f07c70de37"
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/core/token/core_token.js
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/core/token/core_token.js
IP
Analyzer Verdict Alert fortinet Phishing
GET /person11/core/token/core_token.js HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: application/javascript
last-modified: Fri, 02 Dec 2022 16:08:58 GMT
etag: W/"638a231a-35ac"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/form/form.js?v=63be6bb8e488e
200 OK 0 B URL HTTP/2 spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/login/form/form.js?v=63be6bb8e488e
IP
Analyzer Verdict Alert fortinet Phishing
GET /person11/login/form/form.js?v=63be6bb8e488e HTTP/1.1
Host: spk-george-privatkunden.web9505.web07.bero-webspace.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spk-george-privatkunden.web9505.web07.bero-webspace.de/person11/a1b2c3/02ee6c26ebce796705a0efe4d944704f/login/?
Cookie: real=OK; bid=02ee6c26ebce796705a0efe4d944704f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 11 Jan 2023 07:56:41 GMT
content-type: application/javascript
last-modified: Sun, 22 Sep 2019 17:13:10 GMT
etag: W/"5d87aba6-a49"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
188.114.97.1
23.36.76.226
34.160.144.191
93.184.220.29
109.71.253.24
0.0.0.0