Report - www.bucherholz.ch/

Report Overview

Submitted URL
www.bucherholz.ch/
IP
34.96.116.138
ASN
#15169 GOOGLE
Submitted
2022-12-06 14:14:26
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
imos006-dot-im--os.appspot.com	345415	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	773 B	5.1 kB	142.250.74.180
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.0 kB	157 kB	142.250.74.106
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.114.252
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	62 kB	34.120.237.76
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	993 B	29 kB	142.250.74.35
lh3.googleusercontent.com	66	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.2 kB	189 kB	172.217.21.161
www.bucherholz.ch	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	818 B	47 kB	34.96.116.138
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.33.119.27
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	747 B	956 B	69.16.175.10
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	337 B	1.4 kB	34.102.187.140
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.7 kB	20 kB	216.58.211.3
start.seitenatelier.ch	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.8 kB	674 kB	216.58.207.211
www.youtube.com	90	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	725 B	4.1 kB	172.217.21.174
releases.jquery.com	50050	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	791 B	60 kB	69.16.175.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-06	medium	start.seitenatelier.ch/css/fonts.css?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/lightbox.js?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/lightbox.js?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/css/lightbox.css?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/css/fonts.css?v=1.5.8d	Phishing
2022-12-06	medium	start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	start.seitenatelier.ch/js/lightbox.js?v=1.5.8d	16 kB	2023-03-07	2023-06-05
Pretty URL start.seitenatelier.ch/js/lightbox.js?v=1.5.8d IP 216.58.207.211 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2023-06-05 04:42:27 Times Seen44 Hash b2c01acaf97bf3af009721c30e269748 0573fdf2254e3915c06dd9af2284bf393171bd1d 4d0043cf27b66c2a38040edf85abca8596be2d9368c73bef172a668160e50665 Loading...

	start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d	36 kB	2023-03-07	2023-06-05
Pretty URL start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d IP 216.58.207.211 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2023-06-05 04:42:27 Times Seen46 Hash 8e6a76b2f8a5975f1fb6cff390fae044 b7ed4e4d8af6979b0536f08ea4bbc2a6919e449f 16236a16a95009024cebc75718409ad144ef5dd78a3227a44b4f642ae2cfff07 Loading...

	www.youtube.com/iframe_api	1.0 kB	2023-03-08	2023-03-08
Pretty URL www.youtube.com/iframe_api IP 172.217.21.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:05:24 Last Seen2023-03-08 21:43:49 Times Seen1 Hash 88a7b4c3cfd2c45fe757a5c907a3deb9 abfaaa66c19c63b0c5c58d5370d7ade4671e4036 94fba1deb161d93dbf66d1440f1594c578735ef80bd5bdcb37c88afe58b76d16 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-19
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-19 18:35:29 Times Seen1519 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	www.youtube.com/s/player/ac058a09/www-widgetapi.vflset/www-widgetapi.js	165 kB	2023-03-08	2023-03-08
Pretty URL www.youtube.com/s/player/ac058a09/www-widgetapi.vflset/www-widgetapi.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:04:38 Last Seen2023-03-08 21:43:50 Times Seen1 Hash 9481d2f15b834fda3d6f5ff74f1e90cb ffe67ec821be66b1de333c41fb95c1a965e66b72 65a100a2a3918e187b212f0785916764b54d417d732ab34a22113c0a9cef36e5 Loading...

	www.youtube.com/iframe_api	992 B	2023-03-08	2023-03-08
Pretty URL www.youtube.com/iframe_api IP 172.217.21.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:04:38 Last Seen2023-03-08 20:22:55 Times Seen1 Hash 5ce0d544857dfe9adf192ff9d5bcec42 7a4cf209a72387d00587c6343791bd19ecbfa7d5 31dc9114431b074d7496c2aebb88a91565d1ca882747e0b2d983b40784073c07 Loading...

	start.seitenatelier.ch/all_js.js?v=1.5.8d	94 kB	2023-03-07	2024-02-29
Pretty URL start.seitenatelier.ch/all_js.js?v=1.5.8d IP 216.58.207.211 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2024-02-29 14:29:33 Times Seen59 Hash 7732da1f0440259de9bf74e223aca869 5f7d01fad04b7851af2d6deaf9c92df87d9d1681 f4a09886e48d5ecf18fd5bcb5ccfe14ca7ea3be913075465ea301d1ac1ece6db Loading...

	start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d	77 kB	2023-03-07	2023-06-05
Pretty URL start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d IP 216.58.207.211 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2023-06-05 04:42:27 Times Seen41 Hash 8d76bb578e09d44072cbfa7189a6e088 2c5564cc1a0587745857391133b09e2ddea7f9eb 0e052a42588678115282200dfcf7a9e187ac63bcc6828521886de793221b2c24 Loading...

	www.bucherholz.ch/	111 B	2023-03-08	2023-12-30
Pretty URL www.bucherholz.ch/ IP 34.96.116.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:21:43 Last Seen2023-12-30 12:43:28 Times Seen5 Hash d5f8ee681723f0853e488247de523380 702262b7adf699a977d9d773e4e5864f5631b699 bc0f37abab17b4c1437d4a83f8f5c1602fa143046e9f5d51fe13f72208ef0463 Loading...

	www.bucherholz.ch/	36 B	2023-03-07	2024-03-20
Pretty URL www.bucherholz.ch/ IP 34.96.116.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2024-03-20 18:31:06 Times Seen89 Hash 74f5974c2c393d11e791e460be504990 1505eecf85bb175b8879ee689b679d380483c276 c72c5ecbaccfbc799dcf2f7dd65d161cd9a44fa921c86ab2ad0ebd1f2efbdfa0 Loading...

	imos006-dot-im--os.appspot.com/js/imos.js?v=1.5.8d	6.0 kB	2023-03-07	2024-04-18
Pretty URL imos006-dot-im--os.appspot.com/js/imos.js?v=1.5.8d IP 142.250.74.180 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2024-04-18 11:32:38 Times Seen124 Hash da0a5a5455c9b2e564ce7fe6ff1aa77f 04db5f7276d69f8232afbd361063740867919b51 884663c1137f80922a8e50d96df7b23ba59ea46caf3bf6cd89b38e231decf4e5 Loading...

	start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js	7.8 kB	2023-03-07	2024-04-15
Pretty URL start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js IP 216.58.207.211 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2024-04-15 20:12:30 Times Seen110 Hash cf9ac7fecfcdaf87fdad431b545d7191 2beaff92739a95daeaa929664962ae416aba6748 7cb4efd75d841420c32a07f5880f53c1b59a78a2ca21e4c805a6a10c0f1ad429 Loading...

	code.jquery.com/jquery-2.x-git.min.js	86 kB	2023-03-07	2024-02-21
Pretty URL code.jquery.com/jquery-2.x-git.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2024-02-21 13:38:50 Times Seen111 Hash 2ba7d43b566e805b260e346da77ae626 d6038d3ade8bb94812cee8e4402d15034eb5829e 22af5bc82c5abf9d2d53d5252b2ae15c04c39b2e67d39d9150ace8b3b9fe6809 Loading...

	www.bucherholz.ch/	384 B	2023-03-08	2023-03-08
Pretty URL www.bucherholz.ch/ IP 34.96.116.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:21:43 Last Seen2023-03-08 20:21:43 Times Seen1 Hash df46d2221892ca4408aa977ab121f9ce daa2ea1bf8cf6472dc3ec02785010351148aa052 3b792ef770cef934e15eab6b86880a609ea9ddf1f2fe8dcf73526c6b1862784e Loading...

	www.bucherholz.ch/	579 B	2023-03-07	2024-04-17
Pretty URL www.bucherholz.ch/ IP 34.96.116.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:21 Last Seen2024-04-17 18:59:51 Times Seen94 Hash e74a09455da61a4bc0665e2096fd980a 951f95b6f936ec0c9c45d64d28c154a040ad298e fb09454071aea41161fa89737d3dd4b48a1d6ee739bb8fc845bd65e4c382a160 Loading...

HTTP Transactions (105)

URL IP Response Size

www.bucherholz.ch/

34.96.116.138

200 OK

23 kB

URL HTTP/1.1
www.bucherholz.ch/
IP
34.96.116.138:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10406)
Size
23 kB (23223 bytes)
Hash
a8dc61e725763eb15b143ca09eabda1d
1b00a44bc76b215154d716bb701dd92f3a682563
3dbeaff1b1d080a789de9ad29925186a70e9b4e3cdf53689c9342aa7efaad770

HTTP Headers

GET / HTTP/1.1
Host: www.bucherholz.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty/1.19.9.1
Date: Tue, 06 Dec 2022 14:14:14 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 23223
Cache-Control: no-cache
Content-Encoding: gzip
X-Cloud-Trace-Context: da467e961aae63b57b7213ab08c6dcbe
Vary: Accept-Encoding
X-Cache: HIT
Via: 1.1 google

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2949
Expires: Tue, 06 Dec 2022 15:03:23 GMT
Date: Tue, 06 Dec 2022 14:14:14 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6135
Cache-Control: max-age=165559
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:14 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 12:13:33 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 13:20:25 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3229
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7876
Expires: Tue, 06 Dec 2022 16:25:30 GMT
Date: Tue, 06 Dec 2022 14:14:14 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: hxPAVe0EXhWzbSwlxK01YUKUAaW/+D5qGSWdi6shh0X0ZH+i/HhpPClCIOszdEg7JMYl3reTV1LEf8Xi5B8+nQ==
x-amz-request-id: BTNN8CYZYRRD8XPA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 13:47:07 GMT
age: 1627
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 14:14:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

code.jquery.com/jquery-2.x-git.min.js

69.16.175.10

302 Found

119 B

URL HTTP/2
code.jquery.com/jquery-2.x-git.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
119 B (119 bytes)
Hash
46a4ea4faad936b387c503c03a9a3ca5
6dc18a6cd6b159f6b64bcbc775606cdb844cf2c9
0202a110ab673b716eb15c3fe047d075ec36bfe2e8d8cb1a3e8efdb83154449e

HTTP Headers

GET /jquery-2.x-git.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: max-age=4704904
content-encoding: gzip
content-length: 119
content-type: text/html
accept-ranges: bytes
server: nginx
location: https://releases.jquery.com/git/jquery-2.x-git.min.js
x-hw: 1670336055.dop066.sk1.t,1670336055.cds232.sk1.hn,1670336055.cds207.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ee6bfe50f8e4b9c142f971a55496ac26
8c3fd42aaa7fa3ebdedc4f7b0271b8caae166e64
4582e8e1ada92a279cbc5d82904c7fd27b9d4b95bc06c7a8b3c13168978f0b33

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c820a1a94ebf289760de4ba4c5b0b58c
d7a3e823d445cdd0a63e6613699f64d457771fd7
18a6ba2be680be6585364a23a8704030d8de3c1f8a4844a84eae135733da7359

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

imos006-dot-im--os.appspot.com/js/imos.js?v=1.5.8d

142.250.74.180

200 OK

2.0 kB

URL HTTP/2
imos006-dot-im--os.appspot.com/js/imos.js?v=1.5.8d
IP
142.250.74.180:0
ASN
#15169 GOOGLE

File type
ASCII text, with CRLF line terminators
Size
2.0 kB (2035 bytes)
Hash
e4dcac576e5a6a7ba85c5bce64e053bf
60c2ae7fd9a21976027f59c9c69f10f4f29578e5
a7032e5917a2b57aedc70026e9699ea5fb6cfbe11b3980d80999adb01c88b020

HTTP Headers

GET /js/imos.js?v=1.5.8d HTTP/1.1
Host: imos006-dot-im--os.appspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-cloud-trace-context: a761568aa81a65fc48d6106a95cf7e71
content-encoding: gzip
server: Google Frontend
content-length: 2035
date: Tue, 06 Dec 2022 14:12:55 GMT
expires: Tue, 06 Dec 2022 14:22:55 GMT
cache-control: public, max-age=600
age: 80
etag: "NjoVCA"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c820a1a94ebf289760de4ba4c5b0b58c
d7a3e823d445cdd0a63e6613699f64d457771fd7
18a6ba2be680be6585364a23a8704030d8de3c1f8a4844a84eae135733da7359

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ee6bfe50f8e4b9c142f971a55496ac26
8c3fd42aaa7fa3ebdedc4f7b0271b8caae166e64
4582e8e1ada92a279cbc5d82904c7fd27b9d4b95bc06c7a8b3c13168978f0b33

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

start.seitenatelier.ch/css/fonts.css?v=1.5.8d

216.58.207.211

200 OK

1.7 kB

URL HTTP/1.1
start.seitenatelier.ch/css/fonts.css?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (788), with CRLF line terminators
Size
1.7 kB (1657 bytes)
Hash
edb7cd9313a15c811f73e5828a59071d
fca8d4ebc9f9e333a47a5b5756cd530eeb8bbe02
2775fc1001f5e7e9d62c309878cf66fed2d77aea51b7e00da290987077f9f349

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/fonts.css?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bucherholz.ch/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Date: Tue, 06 Dec 2022 14:14:15 GMT
Expires: Wed, 06 Dec 2023 14:14:15 GMT
Cache-Control: public, max-age=31536000
ETag: "t11Cvg"
X-Cloud-Trace-Context: 22b610bf3fb96b4af7756aa675d7a394
Content-Type: text/css
Content-Encoding: gzip
Server: Google Frontend
Transfer-Encoding: chunked

start.seitenatelier.ch/js/lightbox.js?v=1.5.8d

216.58.207.211

200 OK

3.9 kB

URL HTTP/1.1
start.seitenatelier.ch/js/lightbox.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text, with CRLF line terminators
Size
3.9 kB (3889 bytes)
Hash
1119eec5ea0e669727c4e347a5177d26
e4e42e918b8c28ae9639622be61c8928687647bd
693ee942ee5a21cc204ee995912b28f235dff26c79d284e953eb316b113a88f0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/lightbox.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bucherholz.ch/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Date: Tue, 06 Dec 2022 14:14:15 GMT
Expires: Wed, 06 Dec 2023 14:14:15 GMT
Cache-Control: public, max-age=31536000
ETag: "t11Cvg"
X-Cloud-Trace-Context: b75ee326c444b6f66e8790c12eb1aa22
Content-Type: application/javascript
Content-Encoding: gzip
Server: Google Frontend
Transfer-Encoding: chunked

start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js

216.58.207.211

200 OK

3.1 kB

URL HTTP/1.1
start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (7687), with CRLF line terminators
Size
3.1 kB (3099 bytes)
Hash
4ebaeb00a7d8a23fca89b4d79c8f14bc
8e3af950d95b2e77f1b2dadbaddd6866ce482820
41d25d064331b70279eb433dd411d3308e88d6e3c1d9291f45d7df74b352e1ed

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/lib/touchswipe/jquery.mobile.custom.min.js HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bucherholz.ch/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Date: Tue, 06 Dec 2022 14:14:15 GMT
Expires: Wed, 06 Dec 2023 14:14:15 GMT
Cache-Control: public, max-age=31536000
ETag: "t11Cvg"
X-Cloud-Trace-Context: b75ee326c444b6f66e8790c12eb1aa22
Content-Type: application/javascript
Content-Encoding: gzip
Server: Google Frontend
Transfer-Encoding: chunked

start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d

216.58.207.211

200 OK

11 kB

URL HTTP/1.1
start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text, with CRLF line terminators
Size
11 kB (10845 bytes)
Hash
64fdd0829b62f924a955928596f80d88
6db43904a736a273967f4b26d01f7d8312051e95
923839bda262119564f893bd63a8d7c825d43a3754d5f603851bdc7e7fb17a35

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/xprs_helper.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bucherholz.ch/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Date: Tue, 06 Dec 2022 14:14:15 GMT
Expires: Wed, 06 Dec 2023 14:14:15 GMT
Cache-Control: public, max-age=31536000
ETag: "t11Cvg"
X-Cloud-Trace-Context: 01f5750ab91dc6122684aebec8cedba6
Content-Type: application/javascript
Content-Encoding: gzip
Server: Google Frontend
Transfer-Encoding: chunked

start.seitenatelier.ch/static_style?v=1.5.8d&vbid=vbid-42a3f354-pv3ribwh&caller=live

216.58.207.211

200 OK

4.5 kB

URL HTTP/1.1
start.seitenatelier.ch/static_style?v=1.5.8d&vbid=vbid-42a3f354-pv3ribwh&caller=live
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
4.5 kB (4505 bytes)
Hash
fb935174528b3d9434f522bc0c4f07cb
58998e252e4aad94ced32fa650871d5825c7fe03
4076662af84fc1e50ce18646657afb7a510b5b5780ac335de83856e80b54f42c

HTTP Headers

GET /static_style?v=1.5.8d&vbid=vbid-42a3f354-pv3ribwh&caller=live HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bucherholz.ch/

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/css; charset=utf-8
Content-Encoding: gzip
X-Cloud-Trace-Context: 809e89b93d03c9c9262f6988938e2cac
Vary: Accept-Encoding
Date: Tue, 06 Dec 2022 14:14:15 GMT
Server: Google Frontend
Content-Length: 4505

start.seitenatelier.ch/all_js.js?v=1.5.8d

216.58.207.211

200 OK

14 kB

URL HTTP/1.1
start.seitenatelier.ch/all_js.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text, with CRLF line terminators
Size
14 kB (14526 bytes)
Hash
cd86fd9be26e03219b2eee6168656b66
5320b6f58de4e4e0badd50c24e31a6355dc95a44
c59b5c5221df1e57788e626bb0dac018f9c45f912f61aa91328f656ac4f80093

HTTP Headers

GET /all_js.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bucherholz.ch/

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript; charset=utf-8
Content-Encoding: gzip
X-Cloud-Trace-Context: 9181548ec3dc1d8754cd53e3acae30c7
Vary: Accept-Encoding
Date: Tue, 06 Dec 2022 14:14:15 GMT
Server: Google Frontend
Content-Length: 14526

www.youtube.com/iframe_api

172.217.21.174

200 OK

959 B

URL HTTP/2
www.youtube.com/iframe_api
IP
172.217.21.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (509)
Size
959 B (959 bytes)
Hash
e8d4ef51eb485a7c61833351bc4650ad
d74e8cc133e89a0cc831368ae275e27665a66b18
0205413cb2a7f7ce118cebd041d8e830c1e76930e34d3a684f85ccb30d33033d

HTTP Headers

GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'nonce-7hNA1gJ9sbin0oNkxyYOWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline';report-uri /cspreport
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=C8gtbtluYGY; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=p_16Zzd6cOA; Domain=.youtube.com; Expires=Sun, 04-Jun-2023 14:14:15 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+186; expires=Thu, 05-Dec-2024 14:14:15 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d

216.58.207.211

200 OK

22 kB

URL HTTP/1.1
start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (354), with CRLF line terminators
Size
22 kB (21630 bytes)
Hash
56f79381fd5cc572f6eb7d30931705a3
10d4a4adfca6abb3cf878826d1bf551399f89603
7efc51ee64750927a13c5d0bbc566a3a4ba823b4299fae7232d3276138a41b4d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/spimeengine.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.bucherholz.ch/

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Date: Tue, 06 Dec 2022 14:14:15 GMT
Expires: Wed, 06 Dec 2023 14:14:15 GMT
Cache-Control: public, max-age=31536000
ETag: "t11Cvg"
X-Cloud-Trace-Context: b38c77b7a995a9afbb4cffbe680cd748
Content-Type: application/javascript
Content-Encoding: gzip
Server: Google Frontend
Transfer-Encoding: chunked

142.250.74.106

200 OK

5.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Teko:300,400,700|Dosis:200,400,800|Abel|Yellowtail|Permanent+Marker|Arvo:400,700|Playfair+Display:400,900,400italic,900italic|Codystar|Viga|Rozha+One|Fredericka+the+Great|Sail|Gravitas+One|Quicksand:300,400,700|Petit+Formal+Script|Wire+One|Mr+Dafoe|Oranienbaum|Bitter:400,700|Lobster|Kreon:400,700|Fugaz+One|Anton|Rokkitt|Libre+Baskerville:400,700,400italic|Copse|UnifrakturCook:700|Grand+Hotel|Muli|Monoton|Droid+Serif:400,700italic|Bangers|Pacifico|UnifrakturMaguntia|Francois+One|Rubik+Mono+One|Qwigley|Geo|Oswald|Passion+One|Chewy|Changa+One|Merriweather|Montserrat|Bevan|Damion|Play|Oxygen|Playfair+Display+SC:400,900,700,400italic|Love+Ya+Like+A+Sister|Hammersmith+One|Prata|Roboto+Condensed:400,300,700|Ultra|Six+Caps|Open+Sans
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
5.0 kB (4981 bytes)
Hash
454241e703a39df6b28cdd29e8296faa
0eac364e53d4424d3f8768776e4082f34b9e38ff
42cbe85369439cf9cdf6d40db84cc738c1cd5c6ce83e6c9d0a8dbb11b0a5e2c6

HTTP Headers

GET /css?family=Teko:300,400,700|Dosis:200,400,800|Abel|Yellowtail|Permanent+Marker|Arvo:400,700|Playfair+Display:400,900,400italic,900italic|Codystar|Viga|Rozha+One|Fredericka+the+Great|Sail|Gravitas+One|Quicksand:300,400,700|Petit+Formal+Script|Wire+One|Mr+Dafoe|Oranienbaum|Bitter:400,700|Lobster|Kreon:400,700|Fugaz+One|Anton|Rokkitt|Libre+Baskerville:400,700,400italic|Copse|UnifrakturCook:700|Grand+Hotel|Muli|Monoton|Droid+Serif:400,700italic|Bangers|Pacifico|UnifrakturMaguntia|Francois+One|Rubik+Mono+One|Qwigley|Geo|Oswald|Passion+One|Chewy|Changa+One|Merriweather|Montserrat|Bevan|Damion|Play|Oxygen|Playfair+Display+SC:400,900,700,400italic|Love+Ya+Like+A+Sister|Hammersmith+One|Prata|Roboto+Condensed:400,300,700|Ultra|Six+Caps|Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Josefin+Slab

142.250.74.106

200 OK

625 B

URL HTTP/2
fonts.googleapis.com/css?family=Josefin+Slab
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
625 B (625 bytes)
Hash
4f9bec18b8f83f45851595d2a94bcf09
1d1dbc58ac87aede28ae72f61bc33e4020fbfe54
2a1f29b7e03e26d2a991bc700070cadc905a6977ffa0c74a4dbea9d7aadcf9d5

HTTP Headers

GET /css?family=Josefin+Slab HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6117
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:15 GMT
Last-Modified: Tue, 06 Dec 2022 12:32:18 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

releases.jquery.com/git/jquery-2.x-git.min.js

69.16.175.10

200 OK

30 kB

URL HTTP/2
releases.jquery.com/git/jquery-2.x-git.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32040)
Size
30 kB (29834 bytes)
Hash
e7caf00364dc18f5fd873d499266560e
cf8741e1e624b8013aade55ccb452bf7bf373a38
9f1e3e9209ad3d521a8a202f007289a38510d07cf80707e09f554d5b38264ccb

HTTP Headers

GET /git/jquery-2.x-git.min.js HTTP/1.1
Host: releases.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.bucherholz.ch/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Dec 2022 14:14:15 GMT
content-encoding: gzip
content-length: 29834
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Jun 2016 11:41:26 GMT
accept-ranges: bytes
server: nginx
etag: "576a7966-14e1f"
cache-control: max-age=300, public
access-control-allow-origin: *
x-hw: 1670336055.dop066.sk1.t,1670336055.cds232.sk1.hn,1670336055.cds220.sk1.pr
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.89.114.252

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.114.252:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bL6vRWkaV6FC23k6Say4MA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /mmoQMkqA6MpvrJz7y9t93FM9Fg=

www.bucherholz.ch/

34.96.116.138

200 OK

23 kB

URL HTTP/2
www.bucherholz.ch/
IP
34.96.116.138:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10406)
Size
23 kB (23223 bytes)
Hash
a8dc61e725763eb15b143ca09eabda1d
1b00a44bc76b215154d716bb701dd92f3a682563
3dbeaff1b1d080a789de9ad29925186a70e9b4e3cdf53689c9342aa7efaad770

HTTP Headers

GET / HTTP/1.1
Host: www.bucherholz.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.bucherholz.ch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: openresty/1.19.9.1
date: Tue, 06 Dec 2022 14:14:16 GMT
content-type: text/html; charset=utf-8
content-length: 23223
cache-control: no-cache
content-encoding: gzip
x-cloud-trace-context: d0e4f2a619ac63827c10ae65fb8b81d3
vary: Accept-Encoding
x-cache: EXPIRED
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ee6bfe50f8e4b9c142f971a55496ac26
8c3fd42aaa7fa3ebdedc4f7b0271b8caae166e64
4582e8e1ada92a279cbc5d82904c7fd27b9d4b95bc06c7a8b3c13168978f0b33

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2678ffc49ed3412749a3b8c044ff0724
ea77169829339f6b2d908252dc3558e260d25bf7
44117dd909c21681d8aca983bf357fb01410acaf301cfb95642c8efa1f92dafa

HTTP Headers

POST /s/gts1d4/J2tPIdH0JJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c820a1a94ebf289760de4ba4c5b0b58c
d7a3e823d445cdd0a63e6613699f64d457771fd7
18a6ba2be680be6585364a23a8704030d8de3c1f8a4844a84eae135733da7359

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

code.jquery.com/jquery-2.x-git.min.js

69.16.175.10

302 Found

119 B

URL HTTP/2
code.jquery.com/jquery-2.x-git.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
119 B (119 bytes)
Hash
46a4ea4faad936b387c503c03a9a3ca5
6dc18a6cd6b159f6b64bcbc775606cdb844cf2c9
0202a110ab673b716eb15c3fe047d075ec36bfe2e8d8cb1a3e8efdb83154449e

HTTP Headers

GET /jquery-2.x-git.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Tue, 06 Dec 2022 14:14:16 GMT
cache-control: max-age=4704903
content-encoding: gzip
content-length: 119
content-type: text/html
accept-ranges: bytes
server: nginx
location: https://releases.jquery.com/git/jquery-2.x-git.min.js
x-hw: 1670336056.dop018.sk1.t,1670336056.cds232.sk1.hn,1670336056.cds207.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2678ffc49ed3412749a3b8c044ff0724
ea77169829339f6b2d908252dc3558e260d25bf7
44117dd909c21681d8aca983bf357fb01410acaf301cfb95642c8efa1f92dafa

HTTP Headers

POST /s/gts1d4/J2tPIdH0JJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

imos006-dot-im--os.appspot.com/js/imos.js?v=1.5.8d

142.250.74.180

200 OK

2.0 kB

URL HTTP/2
imos006-dot-im--os.appspot.com/js/imos.js?v=1.5.8d
IP
142.250.74.180:0
ASN
#15169 GOOGLE

File type
ASCII text, with CRLF line terminators
Size
2.0 kB (2035 bytes)
Hash
e4dcac576e5a6a7ba85c5bce64e053bf
60c2ae7fd9a21976027f59c9c69f10f4f29578e5
a7032e5917a2b57aedc70026e9699ea5fb6cfbe11b3980d80999adb01c88b020

HTTP Headers

GET /js/imos.js?v=1.5.8d HTTP/1.1
Host: imos006-dot-im--os.appspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-cloud-trace-context: a761568aa81a65fc48d6106a95cf7e71
content-encoding: gzip
server: Google Frontend
content-length: 2035
date: Tue, 06 Dec 2022 14:12:55 GMT
expires: Tue, 06 Dec 2022 14:22:55 GMT
cache-control: public, max-age=600
age: 81
etag: "NjoVCA"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2678ffc49ed3412749a3b8c044ff0724
ea77169829339f6b2d908252dc3558e260d25bf7
44117dd909c21681d8aca983bf357fb01410acaf301cfb95642c8efa1f92dafa

HTTP Headers

POST /s/gts1d4/J2tPIdH0JJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/J2tPIdH0JJs
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2678ffc49ed3412749a3b8c044ff0724
ea77169829339f6b2d908252dc3558e260d25bf7
44117dd909c21681d8aca983bf357fb01410acaf301cfb95642c8efa1f92dafa

HTTP Headers

POST /s/gts1d4/J2tPIdH0JJs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:16 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

start.seitenatelier.ch/all_js.js?v=1.5.8d

216.58.207.211

200 OK

14 kB

URL HTTP/2
start.seitenatelier.ch/all_js.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text, with CRLF line terminators
Size
14 kB (14526 bytes)
Hash
cd86fd9be26e03219b2eee6168656b66
5320b6f58de4e4e0badd50c24e31a6355dc95a44
c59b5c5221df1e57788e626bb0dac018f9c45f912f61aa91328f656ac4f80093

HTTP Headers

GET /all_js.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache
content-type: text/javascript; charset=utf-8
content-encoding: gzip
x-cloud-trace-context: 0219c1b86f8a2c23fbc58b61f0c212fc
vary: Accept-Encoding
date: Tue, 06 Dec 2022 14:14:16 GMT
server: Google Frontend
content-length: 14526
X-Firefox-Spdy: h2

start.seitenatelier.ch/static_style?v=1.5.8d&vbid=vbid-42a3f354-pv3ribwh&caller=live

216.58.207.211

200 OK

4.5 kB

URL HTTP/2
start.seitenatelier.ch/static_style?v=1.5.8d&vbid=vbid-42a3f354-pv3ribwh&caller=live
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
4.5 kB (4505 bytes)
Hash
fb935174528b3d9434f522bc0c4f07cb
58998e252e4aad94ced32fa650871d5825c7fe03
4076662af84fc1e50ce18646657afb7a510b5b5780ac335de83856e80b54f42c

HTTP Headers

GET /static_style?v=1.5.8d&vbid=vbid-42a3f354-pv3ribwh&caller=live HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache
content-type: text/css; charset=utf-8
content-encoding: gzip
x-cloud-trace-context: b131bd80b3ac363c02bb895ca5f5f65e
vary: Accept-Encoding
date: Tue, 06 Dec 2022 14:14:16 GMT
server: Google Frontend
content-length: 4505
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d

216.58.207.211

200 OK

11 kB

URL HTTP/2
start.seitenatelier.ch/js/xprs_helper.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
data
Size
11 kB (11317 bytes)
Hash
7f37fb0b20e8f128c02ff6ba2db2f0a1
db168a20c5991dc09c9f18d72a7b4bde930c1c67
45975b43bbd061b20859a266c079b2aceb855d1122f71d5e082304e498cd3785

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/xprs_helper.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: *
date: Tue, 06 Dec 2022 14:14:16 GMT
expires: Wed, 06 Dec 2023 14:14:16 GMT
cache-control: public, max-age=31536000
etag: "t11Cvg"
x-cloud-trace-context: ab73070ce030c231637c291661d1b745
content-type: application/javascript
content-encoding: gzip
server: Google Frontend
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2856
Expires: Tue, 06 Dec 2022 15:01:53 GMT
Date: Tue, 06 Dec 2022 14:14:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2856
Expires: Tue, 06 Dec 2022 15:01:53 GMT
Date: Tue, 06 Dec 2022 14:14:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2856
Expires: Tue, 06 Dec 2022 15:01:53 GMT
Date: Tue, 06 Dec 2022 14:14:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2856
Expires: Tue, 06 Dec 2022 15:01:53 GMT
Date: Tue, 06 Dec 2022 14:14:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2856
Expires: Tue, 06 Dec 2022 15:01:53 GMT
Date: Tue, 06 Dec 2022 14:14:17 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13647 bytes)
Hash
6079166a1ed5bac7373183f03f33b84e
b0c9391b87a4560598e43d5084dda41e267974a9
3e2faccbc3e14a10da4a433d789068cdc3fb2d3e2a04a7e2b7ea5f6f6313dcd4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc619d7d-5f58-4402-a30a-fe05dd9e2922.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13647
x-amzn-requestid: 36276b12-9e02-4d00-a100-9aa5c794fc79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_ueEWUoAMFj7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1329-7abb45a85c6bc2235c25d61e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dQ4mN1KRVnGOVvIC3PWBZCej-q8HKnM8NIb4iAS2uIiFHGNqprB1IA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 00:03:39 GMT
age: 51038
etag: "b0c9391b87a4560598e43d5084dda41e267974a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js

216.58.207.211

200 OK

14 kB

URL HTTP/2
start.seitenatelier.ch/js/lib/touchswipe/jquery.mobile.custom.min.js
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
data
Size
14 kB (14451 bytes)
Hash
50bd7fbbfa18f2a20b719888a8e7692a
be7d3e09406673aeab8f137aa886ea59db8cfff4
b8977de9a68800829d72d153f2e5036d268aa5b777a64c48503296dbdab61dec

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/lib/touchswipe/jquery.mobile.custom.min.js HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: *
date: Tue, 06 Dec 2022 14:14:16 GMT
expires: Wed, 06 Dec 2023 14:14:16 GMT
cache-control: public, max-age=31536000
etag: "t11Cvg"
x-cloud-trace-context: 27f2614d17807dd76351d2561628dd1e
content-type: application/javascript
content-encoding: gzip
server: Google Frontend
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11224 bytes)
Hash
b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:09:28 GMT
age: 57889
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6352 bytes)
Hash
ebd3528452aecd80e39bbf82d3f71f2c
eaa956309d27052d466f7c4bd75b3bdf8443f251
680066dadbddc2cd7179ad5bdfbf9b2014ea601561e585d18dfcda73512ae84a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: cd970b83-2a99-4e38-afed-580d733040a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuWF1bIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1ba552306e857bb37424d679;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: m_QprITRv6aKoKB1VsoqgcIM18ZcHIrJk2gs7710QElOJBtrcskrJw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:41:55 GMT
etag: "eaa956309d27052d466f7c4bd75b3bdf8443f251"
content-type: image/jpeg
age: 59542
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11175 bytes)
Hash
38b97436af942d5eb1111ca7043259a0
0234fe32c84c4711f0619714f3ac6d3db1b717d3
a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fNsYsKfPUM8QaG7-F1tSBDdsNit1BfYpWddNssXwyFO2HgdA0RpjAQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:21 GMT
age: 58796
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9354 bytes)
Hash
2e11524d75503e35c404d6c9a12ac540
5626b75f5c2523f1a0fc301839a06a4e2407f106
d5eb74d026014c0a68893bde1107a9a111b1f0af835e28bb740308017ef80b7f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9354
x-amzn-requestid: fb2dad44-2f8c-4f02-bbc5-405e9586e5af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmctYGLdoAMFyDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e55-28b5680933de0ff4208240be;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0mv3_bOi4kymDF7KB35kOjvgE9egGYnCMAXLGIse_PJE8bBMGLxdqw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 04:07:10 GMT
age: 36427
etag: "5626b75f5c2523f1a0fc301839a06a4e2407f106"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

releases.jquery.com/git/jquery-2.x-git.min.js

69.16.175.10

200 OK

30 kB

URL HTTP/2
releases.jquery.com/git/jquery-2.x-git.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32040)
Size
30 kB (29834 bytes)
Hash
e7caf00364dc18f5fd873d499266560e
cf8741e1e624b8013aade55ccb452bf7bf373a38
9f1e3e9209ad3d521a8a202f007289a38510d07cf80707e09f554d5b38264ccb

HTTP Headers

GET /git/jquery-2.x-git.min.js HTTP/1.1
Host: releases.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.bucherholz.ch/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 06 Dec 2022 14:14:17 GMT
content-encoding: gzip
content-length: 29834
content-type: application/javascript; charset=utf-8
last-modified: Wed, 22 Jun 2016 11:41:26 GMT
accept-ranges: bytes
server: nginx
etag: "576a7966-14e1f"
cache-control: max-age=300, public
access-control-allow-origin: *
x-hw: 1670336056.dop018.sk1.t,1670336056.cds232.sk1.hn,1670336057.cds220.sk1.pr
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

142.250.74.35

200 OK

9.8 kB

URL HTTP/2
fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9840, version 1.0\012- data
Size
9.8 kB (9840 bytes)
Hash
afda6e429fd299054de28e1f157c683d
c1847d6f3df5fe11d5e96fd5e6a59b73ff7ed96b
81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e

HTTP Headers

GET /s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.bucherholz.ch
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 21:18:06 GMT
expires: Tue, 05 Dec 2023 21:18:06 GMT
cache-control: public, max-age=31536000
age: 60971
last-modified: Mon, 18 Jul 2022 19:24:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/muli/v28/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2

142.250.74.35

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/muli/v28/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 16932, version 1.0\012- data
Size
17 kB (16932 bytes)
Hash
17cd567923d6ca3aff27c934f0c4ad63
803d9b9901e6efd8fd585106abb804629b414c47
15559265c43e023322fbb97f910244594c12c7c9b60afcfe7bd3529155f560ae

HTTP Headers

GET /s/muli/v28/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.bucherholz.ch
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16932
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 01:46:09 GMT
expires: Mon, 04 Dec 2023 01:46:09 GMT
cache-control: public, max-age=31536000
age: 217688
last-modified: Mon, 11 Jul 2022 20:54:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

142.250.74.106

200 OK

24 kB

URL HTTP/2
fonts.googleapis.com/css?family=Teko:300,400,700|Dosis:200,400,800|Abel|Yellowtail|Permanent+Marker|Arvo:400,700|Playfair+Display:400,900,400italic,900italic|Codystar|Viga|Rozha+One|Fredericka+the+Great|Sail|Gravitas+One|Quicksand:300,400,700|Petit+Formal+Script|Wire+One|Mr+Dafoe|Oranienbaum|Bitter:400,700|Lobster|Kreon:400,700|Fugaz+One|Anton|Rokkitt|Libre+Baskerville:400,700,400italic|Copse|UnifrakturCook:700|Grand+Hotel|Muli|Monoton|Droid+Serif:400,700italic|Bangers|Pacifico|UnifrakturMaguntia|Francois+One|Rubik+Mono+One|Qwigley|Geo|Oswald|Passion+One|Chewy|Changa+One|Merriweather|Montserrat|Bevan|Damion|Play|Oxygen|Playfair+Display+SC:400,900,700,400italic|Love+Ya+Like+A+Sister|Hammersmith+One|Prata|Roboto+Condensed:400,300,700|Ultra|Six+Caps|Open+Sans
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
24 kB (24548 bytes)
Hash
96758e040719d217a47f38a4e03f7fe0
925a403b693e5d3e36f562febba3bfff9b3cc33a
c719674ccc5a363e617eb9960ef3fbf487e6084116bba7b16e32c3db1c108371

HTTP Headers

GET /css?family=Teko:300,400,700|Dosis:200,400,800|Abel|Yellowtail|Permanent+Marker|Arvo:400,700|Playfair+Display:400,900,400italic,900italic|Codystar|Viga|Rozha+One|Fredericka+the+Great|Sail|Gravitas+One|Quicksand:300,400,700|Petit+Formal+Script|Wire+One|Mr+Dafoe|Oranienbaum|Bitter:400,700|Lobster|Kreon:400,700|Fugaz+One|Anton|Rokkitt|Libre+Baskerville:400,700,400italic|Copse|UnifrakturCook:700|Grand+Hotel|Muli|Monoton|Droid+Serif:400,700italic|Bangers|Pacifico|UnifrakturMaguntia|Francois+One|Rubik+Mono+One|Qwigley|Geo|Oswald|Passion+One|Chewy|Changa+One|Merriweather|Montserrat|Bevan|Damion|Play|Oxygen|Playfair+Display+SC:400,900,700,400italic|Love+Ya+Like+A+Sister|Hammersmith+One|Prata|Roboto+Condensed:400,300,700|Ultra|Six+Caps|Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:17 GMT
date: Tue, 06 Dec 2022 14:14:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

start.seitenatelier.ch/js/lightbox.js?v=1.5.8d

216.58.207.211

200 OK

58 kB

URL HTTP/2
start.seitenatelier.ch/js/lightbox.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
data
Size
58 kB (58349 bytes)
Hash
16a2d88aad08e81c4a0c8742f56cecf9
278463dd189c796a362d11b7f300a14f425ca2de
2dbd9cf95e31b8d2956176bd1a2a6e8106f8f5b1dac86b46cbc5b3cb0cca849d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/lightbox.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: *
date: Tue, 06 Dec 2022 14:14:16 GMT
expires: Wed, 06 Dec 2023 14:14:16 GMT
cache-control: public, max-age=31536000
etag: "t11Cvg"
x-cloud-trace-context: f5c1cd6565d15998202197cf5785d197
content-type: application/javascript
content-encoding: gzip
server: Google Frontend
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
007f06d0a9f50d66be88b3ddf28ecd8b
214ecccda1994c59b0b4e19f05435cb482148e7f
14e4152570b9c55d6cb83965c52a4eb6048d7df7db6b892c770ab66f4700fb51

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/2M3h4CZBMs93o0xtkzkIWJqLF3D042oh1uQZyF0VYQlmGWdEDh9Y6hC7cBZ712umyXcTAHz_nrGGA--_=s30

172.217.21.161

200 OK

1.0 kB

URL HTTP/2
lh3.googleusercontent.com/2M3h4CZBMs93o0xtkzkIWJqLF3D042oh1uQZyF0VYQlmGWdEDh9Y6hC7cBZ712umyXcTAHz_nrGGA--_=s30
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1018 bytes)
Hash
d8d2db68c435d33bcc5b846b450c4c89
666f3a245005949f894bbf47e05069dd79b9acfa
0ef6f1bdd6cacc7963cee6e899daa37e6147c5f218b288d66b10d98937a8bdf4

HTTP Headers

GET /2M3h4CZBMs93o0xtkzkIWJqLF3D042oh1uQZyF0VYQlmGWdEDh9Y6hC7cBZ712umyXcTAHz_nrGGA--_=s30 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1018
x-xss-protection: 0
date: Tue, 06 Dec 2022 11:07:55 GMT
expires: Sun, 06 Nov 2022 03:52:08 GMT
cache-control: public, max-age=86400, no-transform
age: 11182
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/Noh7kIm5kfqbPDsQ7iI6rTN4euBfQ7VMAlvb1SR-86_5iQtOVXQ3_UURL-N-97M-RWfKGNH6zjcbX9dCQW8=s30

172.217.21.161

200 OK

1.0 kB

URL HTTP/2
lh3.googleusercontent.com/Noh7kIm5kfqbPDsQ7iI6rTN4euBfQ7VMAlvb1SR-86_5iQtOVXQ3_UURL-N-97M-RWfKGNH6zjcbX9dCQW8=s30
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 kB (1020 bytes)
Hash
749007b55be68b84cdfa313f51c7c37f
46b7f12e2c82210da609c5eae06b01f1019e4342
c0bf440c314408e0ed82a3c5dfea26822122c4d115ffd3db7a7dde897b9f3786

HTTP Headers

GET /Noh7kIm5kfqbPDsQ7iI6rTN4euBfQ7VMAlvb1SR-86_5iQtOVXQ3_UURL-N-97M-RWfKGNH6zjcbX9dCQW8=s30 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1020
x-xss-protection: 0
date: Tue, 06 Dec 2022 12:49:37 GMT
expires: Sun, 14 Nov 2021 01:30:24 GMT
cache-control: public, max-age=86400, no-transform
age: 5080
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/43-pXHjwrpmVO8Oean-6BD0uzARvcqUQrpdi7Yw2bxaXwEoP21UdN5kW6Ks9pdOxf7ropMUrh0djgYPwYPU=s50

172.217.21.161

200 OK

265 B

URL HTTP/2
lh3.googleusercontent.com/43-pXHjwrpmVO8Oean-6BD0uzARvcqUQrpdi7Yw2bxaXwEoP21UdN5kW6Ks9pdOxf7ropMUrh0djgYPwYPU=s50
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
265 B (265 bytes)
Hash
ba19e2d39553eacd580c647b2929b301
01c27c50734058e24205ebd092c179c19fcdeec9
9060a290f229a10d3358d3fb1d89df6eb0e085ce49e1e14a751febb50c27f69a

HTTP Headers

GET /43-pXHjwrpmVO8Oean-6BD0uzARvcqUQrpdi7Yw2bxaXwEoP21UdN5kW6Ks9pdOxf7ropMUrh0djgYPwYPU=s50 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 265
x-xss-protection: 0
date: Tue, 06 Dec 2022 13:05:20 GMT
expires: Wed, 17 Nov 2021 05:34:37 GMT
cache-control: public, max-age=86400, no-transform
age: 4137
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/EWqW7DEI4kOTRMLjK2-ObFHp-EYBt5apFYZ1LVFAhLtTLjigCRfx5hCCTKbIjIm68VQ00p9twloHJ9w8=s50

172.217.21.161

200 OK

688 B

URL HTTP/2
lh3.googleusercontent.com/EWqW7DEI4kOTRMLjK2-ObFHp-EYBt5apFYZ1LVFAhLtTLjigCRfx5hCCTKbIjIm68VQ00p9twloHJ9w8=s50
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
688 B (688 bytes)
Hash
7768150b1a689b83d6ba2ae0f2f41989
d302195fa69bef759aec6d554f8f26bdad8fe5fd
c3e0d1b01c02cca5545bbe9a85d904b97723600a61a4e157b1f7116ae2aee4d8

HTTP Headers

GET /EWqW7DEI4kOTRMLjK2-ObFHp-EYBt5apFYZ1LVFAhLtTLjigCRfx5hCCTKbIjIm68VQ00p9twloHJ9w8=s50 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 688
x-xss-protection: 0
date: Tue, 06 Dec 2022 11:53:24 GMT
expires: Wed, 02 Nov 2022 15:17:55 GMT
cache-control: public, max-age=86400, no-transform
age: 8453
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/TgRyMQvJ3_h9RmOnu7AlhIE7NLOOBsRoBounARrs8fQv8HCRPaFtpBneSqJOSZpI6l7He_bAZKN179JBig=s50

172.217.21.161

200 OK

206 B

URL HTTP/2
lh3.googleusercontent.com/TgRyMQvJ3_h9RmOnu7AlhIE7NLOOBsRoBounARrs8fQv8HCRPaFtpBneSqJOSZpI6l7He_bAZKN179JBig=s50
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 30 x 30, 4-bit colormap, non-interlaced\012- data
Size
206 B (206 bytes)
Hash
9d8d6bd3ec3d55cd74446084740e114d
bc6219eda93f5f7f261e348f697aa799b3a1d3e5
f20e26f58626bee6c98e4ae3b104bbf633079c4127beff649dd57afbbd6444e8

HTTP Headers

GET /TgRyMQvJ3_h9RmOnu7AlhIE7NLOOBsRoBounARrs8fQv8HCRPaFtpBneSqJOSZpI6l7He_bAZKN179JBig=s50 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 206
x-xss-protection: 0
date: Tue, 06 Dec 2022 13:55:15 GMT
expires: Wed, 17 Nov 2021 05:45:19 GMT
cache-control: public, max-age=86400, no-transform
age: 1142
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/ZMARmveTg1geksYKXZKdh71KW09XrhDLg8N-XrfXCGsDBEHnuKwhmYpHd55Y2-NwuwLX8qsyx26JNyJWtr1jEcxD=s50

172.217.21.161

200 OK

265 B

URL HTTP/2
lh3.googleusercontent.com/ZMARmveTg1geksYKXZKdh71KW09XrhDLg8N-XrfXCGsDBEHnuKwhmYpHd55Y2-NwuwLX8qsyx26JNyJWtr1jEcxD=s50
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
265 B (265 bytes)
Hash
ba19e2d39553eacd580c647b2929b301
01c27c50734058e24205ebd092c179c19fcdeec9
9060a290f229a10d3358d3fb1d89df6eb0e085ce49e1e14a751febb50c27f69a

HTTP Headers

GET /ZMARmveTg1geksYKXZKdh71KW09XrhDLg8N-XrfXCGsDBEHnuKwhmYpHd55Y2-NwuwLX8qsyx26JNyJWtr1jEcxD=s50 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 265
x-xss-protection: 0
date: Tue, 06 Dec 2022 10:14:50 GMT
expires: Fri, 15 Jul 2022 17:25:01 GMT
cache-control: public, max-age=86400, no-transform
age: 14367
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/9rwgVnDglPdPFugSu98fhDmxzjXC9KovZ_7BuHkXPIv6jvg9S96flGnhL_e4y8mIpPpZQstfqEV-WitY=s50

172.217.21.161

200 OK

262 B

URL HTTP/2
lh3.googleusercontent.com/9rwgVnDglPdPFugSu98fhDmxzjXC9KovZ_7BuHkXPIv6jvg9S96flGnhL_e4y8mIpPpZQstfqEV-WitY=s50
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
262 B (262 bytes)
Hash
229368d2ae80cee8c2d0ca74a3e8d785
325eebe844f6637330d47f27d8c950289aa1ec0d
bce587a05f16dcc4c6160c77318f9cbc0253c0c178469bdf4dcb3ee74a4c6009

HTTP Headers

GET /9rwgVnDglPdPFugSu98fhDmxzjXC9KovZ_7BuHkXPIv6jvg9S96flGnhL_e4y8mIpPpZQstfqEV-WitY=s50 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 262
x-xss-protection: 0
date: Tue, 06 Dec 2022 11:36:15 GMT
expires: Tue, 19 Jul 2022 20:02:58 GMT
cache-control: public, max-age=86400, no-transform
age: 9482
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
007f06d0a9f50d66be88b3ddf28ecd8b
214ecccda1994c59b0b4e19f05435cb482148e7f
14e4152570b9c55d6cb83965c52a4eb6048d7df7db6b892c770ab66f4700fb51

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3ba864a4daffd79d4639e98e35cf5a8f
4e2dfdbff3ce773c1c39031bdf854e2b0a31131c
73a684466e34cc6ab4250dbab0c6afb73a92c4239e37076020b9e1c446b69b7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/dd_e0xA19up9208Tv6odcjHEw6z4cKAA6fTgjZ9ynkKoSnr5R4vFxI7gZp6pnZH1Vi5T5f-fphjFsrLG=s30

172.217.21.161

200 OK

1.1 kB

URL HTTP/2
lh3.googleusercontent.com/dd_e0xA19up9208Tv6odcjHEw6z4cKAA6fTgjZ9ynkKoSnr5R4vFxI7gZp6pnZH1Vi5T5f-fphjFsrLG=s30
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1074 bytes)
Hash
bd65b5feb0dfebb391e3b7f97452518a
edba45f52d5eea04570662436f7c722916e341aa
09377aece6d13145f5fa8dbd7c4d82ec6d124c455150ade4d940b8ac1d9a2cec

HTTP Headers

GET /dd_e0xA19up9208Tv6odcjHEw6z4cKAA6fTgjZ9ynkKoSnr5R4vFxI7gZp6pnZH1Vi5T5f-fphjFsrLG=s30 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1074
x-xss-protection: 0
date: Tue, 06 Dec 2022 11:20:23 GMT
expires: Wed, 09 Nov 2022 22:06:11 GMT
cache-control: public, max-age=86400, no-transform
age: 10434
etag: "v1"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
007f06d0a9f50d66be88b3ddf28ecd8b
214ecccda1994c59b0b4e19f05435cb482148e7f
14e4152570b9c55d6cb83965c52a4eb6048d7df7db6b892c770ab66f4700fb51

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
007f06d0a9f50d66be88b3ddf28ecd8b
214ecccda1994c59b0b4e19f05435cb482148e7f
14e4152570b9c55d6cb83965c52a4eb6048d7df7db6b892c770ab66f4700fb51

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3ba864a4daffd79d4639e98e35cf5a8f
4e2dfdbff3ce773c1c39031bdf854e2b0a31131c
73a684466e34cc6ab4250dbab0c6afb73a92c4239e37076020b9e1c446b69b7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
007f06d0a9f50d66be88b3ddf28ecd8b
214ecccda1994c59b0b4e19f05435cb482148e7f
14e4152570b9c55d6cb83965c52a4eb6048d7df7db6b892c770ab66f4700fb51

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 14:14:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

142.250.74.106

200 OK

31 kB

URL HTTP/2
fonts.googleapis.com/css?family=Alef|Amatica+SC|Arimo|Assistant|Cousine|David+Libre|Frank+Ruhl+Libre|Heebo|Miriam+Libre|Rubik:400,500|Secular+One|Suez+One|Tinos|Varela+Round
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
31 kB (31066 bytes)
Hash
8c0fd6b466735cfc826058e5e5eeb17d
d4a1d9218de37e238a9d763d0d9d4bf06efc7e7f
c3e47c579fca7ea8eb8611b6e9f42dbab119e370f10fba68c678c5067b714d5e

HTTP Headers

GET /css?family=Alef|Amatica+SC|Arimo|Assistant|Cousine|David+Libre|Frank+Ruhl+Libre|Heebo|Miriam+Libre|Rubik:400,500|Secular+One|Suez+One|Tinos|Varela+Round HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:17 GMT
date: Tue, 06 Dec 2022 14:14:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/TXKh0yunx_FdNN9vYMjFYxZc22a-3ZnkB7XLqigIIacIzgNp3gGqaSoY705zgMhh5QgOW5lnTgfRFuHTJQ=s300

172.217.21.161

200 OK

26 kB

URL HTTP/2
lh3.googleusercontent.com/TXKh0yunx_FdNN9vYMjFYxZc22a-3ZnkB7XLqigIIacIzgNp3gGqaSoY705zgMhh5QgOW5lnTgfRFuHTJQ=s300
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x214, components 3\012- data
Size
26 kB (26080 bytes)
Hash
a00b754d4dc09e278f1e5906e420da25
46a2ed079a1a99980df191406b97f370adea501b
88e404a100c8adf27e0601e3093d4bf51656fe8ba11ba70c5a499df3d07e9219

HTTP Headers

GET /TXKh0yunx_FdNN9vYMjFYxZc22a-3ZnkB7XLqigIIacIzgNp3gGqaSoY705zgMhh5QgOW5lnTgfRFuHTJQ=s300 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 26080
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Josefin+Slab

142.250.74.106

200 OK

23 kB

URL HTTP/2
fonts.googleapis.com/css?family=Josefin+Slab
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
23 kB (22552 bytes)
Hash
a5516241b4d652bba37e6395dee8d33e
136b507c72b09b988009f639f1ea5a73cbf6fb00
ae8631d276d143a46e7a03bc7f590db959ed4be93b01022cdc7fd14351769ec0

HTTP Headers

GET /css?family=Josefin+Slab HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:17 GMT
date: Tue, 06 Dec 2022 14:14:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Inconsolata|Ubuntu+Mono|Fira+Mono

142.250.74.106

200 OK

30 kB

URL HTTP/2
fonts.googleapis.com/css?family=Inconsolata|Ubuntu+Mono|Fira+Mono
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
30 kB (29987 bytes)
Hash
b60f5fe08389e4d2e79873874c70d1e9
8e02549045a38f44ed3d65cf831d935977f71cec
fb207bda90ea9ad22952ab6f53d85ea693a159b4e26f82cf05e056f28d2528a0

HTTP Headers

GET /css?family=Inconsolata|Ubuntu+Mono|Fira+Mono HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:17 GMT
date: Tue, 06 Dec 2022 14:14:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/8iN-SHtANRsn_Zq8-h2w-LCJ4m5C3IWlaw6u9MZCyOuiCRkrLtvHeH1WWeYYa-sTB_N_T7QUnCQHElVB=s300

172.217.21.161

200 OK

22 kB

URL HTTP/2
lh3.googleusercontent.com/8iN-SHtANRsn_Zq8-h2w-LCJ4m5C3IWlaw6u9MZCyOuiCRkrLtvHeH1WWeYYa-sTB_N_T7QUnCQHElVB=s300
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x225, components 3\012- data
Size
22 kB (22206 bytes)
Hash
32f38c70fa01955bfa205e8d8f0766f4
6a63310d5a1f2631807d67a9660302bae9cd64cb
647f66a062929a68813fb0f5af1a236fb1008cd060b54d10c4d64040abad3edd

HTTP Headers

GET /8iN-SHtANRsn_Zq8-h2w-LCJ4m5C3IWlaw6u9MZCyOuiCRkrLtvHeH1WWeYYa-sTB_N_T7QUnCQHElVB=s300 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 22206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/ux6MdI5JGyNTOsYWKAckB8hDaUqRL0d4Gam1JfHfJ7wLLJyOTFTr9RcNF7iDXbuLS_beQEG-vYixP-QF=s300

172.217.21.161

200 OK

29 kB

URL HTTP/2
lh3.googleusercontent.com/ux6MdI5JGyNTOsYWKAckB8hDaUqRL0d4Gam1JfHfJ7wLLJyOTFTr9RcNF7iDXbuLS_beQEG-vYixP-QF=s300
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x225, components 3\012- data
Size
29 kB (29056 bytes)
Hash
0e2670de69eb5fbc938bf05d4c98111a
4dd46c454df327f42d55a87ef78d6d1fb3320282
feceed9e43706fd8b05d0f994c9347b3e82ca5b8e4fa7164e9d88199ca183efc

HTTP Headers

GET /ux6MdI5JGyNTOsYWKAckB8hDaUqRL0d4Gam1JfHfJ7wLLJyOTFTr9RcNF7iDXbuLS_beQEG-vYixP-QF=s300 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 29056
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/ggDf3DWIqiQfeaJrMlcSlaBAnM1YTkaStrD6LrqGHwSSErYQLqXD8-lAraq6BwcZZw2b8Af0ZNb3f68lzQ=s360

172.217.21.161

200 OK

24 kB

URL HTTP/2
lh3.googleusercontent.com/ggDf3DWIqiQfeaJrMlcSlaBAnM1YTkaStrD6LrqGHwSSErYQLqXD8-lAraq6BwcZZw2b8Af0ZNb3f68lzQ=s360
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 360 x 148, 8-bit/color RGBA, non-interlaced\012- data
Size
24 kB (23477 bytes)
Hash
d912cd3af2d7b49f8a0adf2d4a347a82
5c8eb04d144957177eb0d579a4f5047ca087bf22
e8d76056afa6b0f0b381c399964b7608161ff5d6e07d905e4e08ee83cbdb0a01

HTTP Headers

GET /ggDf3DWIqiQfeaJrMlcSlaBAnM1YTkaStrD6LrqGHwSSErYQLqXD8-lAraq6BwcZZw2b8Af0ZNb3f68lzQ=s360 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 23477
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/1ezOoCbxucoNeldPRXFk9Ic0a95OlbQzaKqD3Iaxm9aEPWbFcclfw3bes4ylHQu0akT2IzTJApozAFrCEQ=s120

172.217.21.161

200 OK

2.8 kB

URL HTTP/2
lh3.googleusercontent.com/1ezOoCbxucoNeldPRXFk9Ic0a95OlbQzaKqD3Iaxm9aEPWbFcclfw3bes4ylHQu0akT2IzTJApozAFrCEQ=s120
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
2.8 kB (2829 bytes)
Hash
0c658ca4dd43121adaee016c22364a6b
e2a003e101a8a4cd70b411246bdbf71132cc6981
2b9de6d4702423143eac0a6ccff32bc86acd3f14954ba88812e0a029cae33cb7

HTTP Headers

GET /1ezOoCbxucoNeldPRXFk9Ic0a95OlbQzaKqD3Iaxm9aEPWbFcclfw3bes4ylHQu0akT2IzTJApozAFrCEQ=s120 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 2829
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/QMTWONpJLVR_gRJuDyj9bQHrya4jcPVr2wmb0ZltUjDbWeRiq9njv5aAbiHy3GpZj5a_EcAjmISzlJySxA=s300

172.217.21.161

200 OK

32 kB

URL HTTP/2
lh3.googleusercontent.com/QMTWONpJLVR_gRJuDyj9bQHrya4jcPVr2wmb0ZltUjDbWeRiq9njv5aAbiHy3GpZj5a_EcAjmISzlJySxA=s300
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 300x225, components 3\012- data
Size
32 kB (32001 bytes)
Hash
a409a469b633df9199ab5e43ce1c270f
67dee3dde6365767ad8cbac395fc871d6f707166
6787a7b5d333f6042f80188cd78028e79693560d506f46501dd1c76fa3d5cfd4

HTTP Headers

GET /QMTWONpJLVR_gRJuDyj9bQHrya4jcPVr2wmb0ZltUjDbWeRiq9njv5aAbiHy3GpZj5a_EcAjmISzlJySxA=s300 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 32001
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/9PfYn9XMImos4yHMyjEDmFwhD6E95UAb_wLysUz-uND2YnpDBZ1oKmUJJyWuht0tooY7x2b3Bi8lJKue=s120

172.217.21.161

200 OK

8.4 kB

URL HTTP/2
lh3.googleusercontent.com/9PfYn9XMImos4yHMyjEDmFwhD6E95UAb_wLysUz-uND2YnpDBZ1oKmUJJyWuht0tooY7x2b3Bi8lJKue=s120
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
8.4 kB (8367 bytes)
Hash
04ff0e881bf7a45eaa974edd2aef2fe0
a38ca11cc41cb69aa46e0126e4f3e2b89c4127e5
80963513da05a3cfed967075e5cea9cad81b67dd4a3e464591054311b32806c3

HTTP Headers

GET /9PfYn9XMImos4yHMyjEDmFwhD6E95UAb_wLysUz-uND2YnpDBZ1oKmUJJyWuht0tooY7x2b3Bi8lJKue=s120 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 8367
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/nktrqBn7-2kkSHmNiitLTFeHSdES1zRCxTf7XqGvUtZyNxfkg0shoZu2X5M5USASs2wsmMmqYHbYSQdRMZ8=s554

172.217.21.161

200 OK

27 kB

URL HTTP/2
lh3.googleusercontent.com/nktrqBn7-2kkSHmNiitLTFeHSdES1zRCxTf7XqGvUtZyNxfkg0shoZu2X5M5USASs2wsmMmqYHbYSQdRMZ8=s554
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 554 x 117, 8-bit/color RGBA, non-interlaced\012- data
Size
27 kB (26768 bytes)
Hash
70f97a129325f81bc905424506671a3e
b37fac4be9d5fd3cea930b0267eca4be6a829a3c
c12a04f5d7bf6ec70515b1927f66f89059dd577a87f0e2f6ee2d1741c5b498c5

HTTP Headers

GET /nktrqBn7-2kkSHmNiitLTFeHSdES1zRCxTf7XqGvUtZyNxfkg0shoZu2X5M5USASs2wsmMmqYHbYSQdRMZ8=s554 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 26768
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

lh3.googleusercontent.com/Ua2rk8_SBuDbIL3tN-WgB0i385Eo5yBv5I0eAsESyb8KpfND27qHeIlZQbi81aGfd7riX1vPcrDpFhkeMQ=s120

172.217.21.161

200 OK

2.6 kB

URL HTTP/2
lh3.googleusercontent.com/Ua2rk8_SBuDbIL3tN-WgB0i385Eo5yBv5I0eAsESyb8KpfND27qHeIlZQbi81aGfd7riX1vPcrDpFhkeMQ=s120
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
2.6 kB (2551 bytes)
Hash
b8f3bb08e91496386ef985675445ee5b
3817efd85b0d1a62613f22d8bd4b1e75ec71cea9
ed4f7c456823108deca0dabae7246246792cc8a7c15585583bef49cbd087d910

HTTP Headers

GET /Ua2rk8_SBuDbIL3tN-WgB0i385Eo5yBv5I0eAsESyb8KpfND27qHeIlZQbi81aGfd7riX1vPcrDpFhkeMQ=s120 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Wed, 07 Dec 2022 14:14:18 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
content-type: image/png
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Tue, 06 Dec 2022 14:14:18 GMT
server: fife
content-length: 2551
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Cairo|Changa|Lalezar|Reem+Kufi

142.250.74.106

200 OK

34 kB

URL HTTP/2
fonts.googleapis.com/css?family=Cairo|Changa|Lalezar|Reem+Kufi
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
34 kB (33561 bytes)
Hash
966fb363140da6a2026caca86a9c22b9
da87c51d008ce8cef9be0169df9882b47ebfcea1
d265e67a517adf14ab7d62438b3d0a9e8b62a51bc94b9d5276a3d8b290cecc69

HTTP Headers

GET /css?family=Cairo|Changa|Lalezar|Reem+Kufi HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:17 GMT
date: Tue, 06 Dec 2022 14:14:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

start.seitenatelier.ch/css/effects.css?v=1.5.8d

216.58.207.211

200 OK

505 kB

URL HTTP/2
start.seitenatelier.ch/css/effects.css?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type
data
Size
505 kB (505098 bytes)
Hash
6be710df1fe3a664e0e67db7c2013127
bb2fa64a7ba37f82a88db4092e619c3cefba0bf2
af2b2459c3f3167dd00e26c4f1ae5bd652b4a3434120561e5440a08efb2e7eb6

HTTP Headers

GET /css/effects.css?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: *
date: Tue, 06 Dec 2022 14:14:18 GMT
expires: Wed, 06 Dec 2023 14:14:18 GMT
cache-control: public, max-age=31536000
etag: "t11Cvg"
x-cloud-trace-context: 89452103ca053f772258b37c53de902b
content-type: text/css
content-encoding: gzip
server: Google Frontend
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.0 kB (3968 bytes)
Hash
9838b65dde746487c806ee9739f8b222
1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8
cf3ddc240b33d0f588d5acb30593b6846874a192bff9f5b69455877d7f63be53

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 3968
x-amzn-requestid: 55111bc4-d002-44a0-855a-533251b144fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSveGo_IAMFQvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c9-28e0a83d7f9f1ffc7544bb3d;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _Hf2XblY73dHIIWTqWgeDzJJalBo6ooCAit1eQ8G8n4385ORBBDakA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:06 GMT
etag: "1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8"
content-type: image/jpeg
age: 59237
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.youtube.com/iframe_api

142.250.74.110

200 OK

0 B

URL HTTP/2
www.youtube.com/iframe_api
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 06 Dec 2022 14:14:16 GMT
date: Tue, 06 Dec 2022 14:14:16 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Ft7p4dWGZV0; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Mivvib68f0w; Domain=.youtube.com; Expires=Sun, 04-Jun-2023 14:14:16 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+587; expires=Thu, 05-Dec-2024 14:14:16 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

start.seitenatelier.ch/css/lightbox.css?v=1.5.8d

216.58.207.211

200 OK

0 B

URL HTTP/2
start.seitenatelier.ch/css/lightbox.css?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/lightbox.css?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: *
date: Tue, 06 Dec 2022 14:14:18 GMT
expires: Wed, 06 Dec 2023 14:14:18 GMT
cache-control: public, max-age=31536000
etag: "t11Cvg"
x-cloud-trace-context: bdf0d37ff84b406f438470028a1ab7a4
content-type: text/css
content-encoding: gzip
server: Google Frontend
X-Firefox-Spdy: h2

start.seitenatelier.ch/css/fonts.css?v=1.5.8d

216.58.207.211

200 OK

0 B

URL HTTP/2
start.seitenatelier.ch/css/fonts.css?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /css/fonts.css?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: *
date: Tue, 06 Dec 2022 14:14:16 GMT
expires: Wed, 06 Dec 2023 14:14:16 GMT
cache-control: public, max-age=31536000
etag: "t11Cvg"
x-cloud-trace-context: 0bb06ab0f89ff99b34f3fe320dd170a7
content-type: text/css
content-encoding: gzip
server: Google Frontend
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Libre+Baskerville:400italic

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Libre+Baskerville:400italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Libre+Baskerville:400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:17 GMT
date: Tue, 06 Dec 2022 14:14:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Cairo|Changa|Lalezar|Reem+Kufi

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Cairo|Changa|Lalezar|Reem+Kufi
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Cairo|Changa|Lalezar|Reem+Kufi HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Inconsolata|Ubuntu+Mono|Fira+Mono

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Inconsolata|Ubuntu+Mono|Fira+Mono
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Inconsolata|Ubuntu+Mono|Fira+Mono HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d

216.58.207.211

200 OK

0 B

URL HTTP/2
start.seitenatelier.ch/js/spimeengine.js?v=1.5.8d
IP
216.58.207.211:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/spimeengine.js?v=1.5.8d HTTP/1.1
Host: start.seitenatelier.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bucherholz.ch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: *
date: Tue, 06 Dec 2022 14:14:16 GMT
expires: Wed, 06 Dec 2023 14:14:16 GMT
cache-control: public, max-age=31536000
etag: "t11Cvg"
x-cloud-trace-context: 48624142a462fe7315e9480e24711c69
content-type: application/javascript
content-encoding: gzip
server: Google Frontend
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Alef|Amatica+SC|Arimo|Assistant|Cousine|David+Libre|Frank+Ruhl+Libre|Heebo|Miriam+Libre|Rubik:400,500|Secular+One|Suez+One|Tinos|Varela+Round
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Alef|Amatica+SC|Arimo|Assistant|Cousine|David+Libre|Frank+Ruhl+Libre|Heebo|Miriam+Libre|Rubik:400,500|Secular+One|Suez+One|Tinos|Varela+Round HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Libre+Baskerville:400italic

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Libre+Baskerville:400italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Libre+Baskerville:400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://start.seitenatelier.ch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 14:14:15 GMT
date: Tue, 06 Dec 2022 14:14:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations