Report - turmhof.at/

Report Overview

Submitted URL
turmhof.at/
IP
185.51.8.60
ASN
#208582 Nessus GmbH
Submitted
2023-01-26 08:18:21
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
turmhof.at	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	440 B	530 B	185.51.8.60
www.turmhof.at	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	596 kB	185.51.8.60
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.235.159.98
detectportal.firefox.com	1601	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	909 B	642 B	34.107.221.82
getpocket.cdn.mozilla.net	1369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	47 kB	34.120.5.221
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.6 kB	216 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
firefox-settings-attachments.cdn.mozilla.net	11509	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	412 B	808 kB	34.111.73.144
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	44 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	95.101.11.115
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	840 B	12 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.8 kB	93.184.220.29
shavar.services.mozilla.com	3602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453 B	204 B	44.235.192.196

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-07	medium	turmhof.at/	PayPal Inc.
2022-12-15	medium	www.turmhof.at/neues/	PayPal Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-26	medium	turmhof.at/	Phishing
2023-01-26	medium	www.turmhof.at/	Phishing
2023-01-26	medium	www.turmhof.at/fileadmin/img/weingut-turmhof.svg	Phishing
2023-01-26	medium	www.turmhof.at/typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869	Phishing
2023-01-26	medium	www.turmhof.at/neues/Aktualisiere	Phishing
2023-01-26	medium	www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-300.woff2	Phishing
2023-01-26	medium	www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-600.woff2	Phishing
2023-01-26	medium	www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2	Phishing
2023-01-26	medium	www.turmhof.at/fileadmin/jcart/config-loader.php?ajax=true	Phishing
2023-01-26	medium	www.turmhof.at/neues/Aktualisiere/	Phishing
2023-01-26	medium	www.turmhof.at/neues/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	unknown	0 B	2023-03-07	2024-05-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 01:45:32 Times Seen37532904 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (71)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 25 Jan 2023 11:01:25 GMT
Age: 76599
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f5e46725831d8d722872bf68d752f4c5
cf37793a1b73e3f84fe6c37fb27382c83b49dbc0
0582b6180687dd95c7fd728f1b9db4495b807151e309b608ad203d69708f9da6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0582B6180687DD95C7FD728F1B9DB4495B807151E309B608AD203D69708F9DA6"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6513
Expires: Thu, 26 Jan 2023 10:06:38 GMT
Date: Thu, 26 Jan 2023 08:18:05 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e7ba66945cfda628261cb423449c2ae0
5d29ef74467dc98166de20fdee02f6cecb3f92c7
2bdc7d7051d30b313d678769f7e319f7d58b71cc63b6662b57237743f8aaeb19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2BDC7D7051D30B313D678769F7E319F7D58B71CC63B6662B57237743F8AAEB19"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16472
Expires: Thu, 26 Jan 2023 12:52:37 GMT
Date: Thu, 26 Jan 2023 08:18:05 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

46 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
46 kB (45944 bytes)
Hash
3c72975a114eb37df4b6c5466e12129a
5d1cba6fe69467e3ec3a65ba90c546dca67e5810
d08114e39ef4fc85ea2af7067a10af144b047395fbccbcdbe297ce8a03334330

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: s_RJvwUYxlvFtsxYQY-lgYeeYtT76d1JLyVoJDxyR_8jhmQt7wbRaw==
content-encoding: gzip
via: 1.1 ca66331b52971370c4e54619e8a952cc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 08:16:54 GMT
age: 71
content-type: application/json
content-length: 45944
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7177
Expires: Thu, 26 Jan 2023 10:17:42 GMT
Date: Thu, 26 Jan 2023 08:18:05 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: t2rsLg9NzdizOMq/3g94ohb0oCodAPrfSCB9eB/WKn/dIWF5pJJg/lixgMm0CRNrGfSk8xggpBs=
x-amz-request-id: G2D1GHTXJECTTRFZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 07:34:46 GMT
age: 2599
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10847
Expires: Thu, 26 Jan 2023 11:18:52 GMT
Date: Thu, 26 Jan 2023 08:18:05 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 07:42:52 GMT
content-type: application/json
age: 2113
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 08:18:05 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
0d431d695fe6375255f840bc4aecc7f8
a1c442cc0933b6ca9f3a73f225295aeb3bc63d99
519318f7f5fa50d7c1087adea0761e155d6c84b05ba409acc54ee78270923d02

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=88265
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 08:18:05 GMT
Etag: "63d0ed06-2d7"
Expires: Fri, 27 Jan 2023 08:49:10 GMT
Last-Modified: Wed, 25 Jan 2023 08:49:10 GMT
Server: nginx
Content-Length: 727

turmhof.at/

185.51.8.60

301 Moved Permanently

231 B

URL HTTP/2
turmhof.at/
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
231 B (231 bytes)
Hash
c58ff1004a5b533f63148e534518ebee
4efcab3274124e23ea0e9c78f1dc0dbc16ef6f46
a5cbb3f814003fa4954825e12e07c06e6ac6a249e8dfd67dcc922a6a097fd7b2

Detections

Analyzer	Verdict	Alert
openphish	PayPal Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Thu, 26 Jan 2023 08:13:18 GMT
server: Apache
location: https://www.turmhof.at/
content-length: 231
content-type: text/html; charset=iso-8859-1
age: 287
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 25 Jan 2023 11:01:25 GMT
Age: 76600
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

www.turmhof.at/

185.51.8.60

301 Moved Permanently

20 B

URL HTTP/2
www.turmhof.at/
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
data
Size
20 B (20 bytes)
Hash
4a4dd3598707603b3f76a2378a4504aa
a0fddd5458378c1bf3c10dd2f5c060d1347741ed
f61f27bd17de546264aa58f40f3aafaac7021e0ef69c17f6b1b4cd7664a037ec

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 301 Moved Permanently
date: Thu, 26 Jan 2023 08:13:18 GMT
server: Apache
content-encoding: gzip
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
location: https://www.turmhof.at/neues/
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 20
content-type: text/html
vary: Accept-Encoding
age: 286
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
bcdcda1fe4c7026c0fd0dd8bc6267a4c
705b7acf1fd3fa8f9c6455a61dac7c510de42002
c1fef714b11a6d5c7cd27d38d99e6a58071c92e61cb8f77ab4a3d2dfbcf9494e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1246
Cache-Control: max-age=122280
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 08:18:05 GMT
Etag: "63d16d07-1d7"
Expires: Fri, 27 Jan 2023 18:16:05 GMT
Last-Modified: Wed, 25 Jan 2023 17:55:19 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 07:49:01 GMT
age: 1744
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10128
Expires: Thu, 26 Jan 2023 11:06:53 GMT
Date: Thu, 26 Jan 2023 08:18:05 GMT
Connection: keep-alive

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

44.235.192.196

200 OK

8 B

URL HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
44.235.192.196:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
8 B (8 bytes)
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 26 Jan 2023 08:18:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

www.turmhof.at/fileadmin/img/weingut-turmhof.svg

185.51.8.60

200 OK

2.4 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/weingut-turmhof.svg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.4 kB (2403 bytes)
Hash
95eeedc797487129162268d919ee9971
ad1287dc258d011f91de76e813b6884e5f7c9a19
872d9c4d84c3f738ee1f4a4187cc3a3765837f8388b184e23121f5967fbfebe5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fileadmin/img/weingut-turmhof.svg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 06:01:56 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 11 Nov 2014 15:42:59 GMT
etag: "963-50797223666c0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 2403
content-type: image/svg+xml
cache-control: max-age=86400
age: 8169
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_awc-gold_02.png

185.51.8.60

200 OK

52 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_awc-gold_02.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
52 kB (51813 bytes)
Hash
fb3bed29bf6969942c7c24d578d4df84
0476f65993cef68c42b88d9a54abbe2dc3e71553
4849a28766b47ca0c753c887163b2571edee64a50fb0299903ec6b377f2cd286

HTTP Headers

GET /uploads/RTEmagicC_awc-gold_02.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Thu, 26 Oct 2017 13:05:30 GMT
etag: "ca65-55c72d3aa2e56"
content-length: 51813
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_daniel-spoerri_03.jpg

185.51.8.60

200 OK

2.6 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_daniel-spoerri_03.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 97x65, components 3\012- data
Size
2.6 kB (2555 bytes)
Hash
f375205904abd42869b823bfe7e945d2
3540b4a3343a5e6a3303bbf0dd9a785af69293d9
55497da883add72f844bc744ee9c112d5fad8babc5cc91f593edbe72d76cedaf

HTTP Headers

GET /uploads/RTEmagicC_daniel-spoerri_03.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Thu, 25 Dec 2014 12:07:00 GMT
etag: "9fb-50b093ed04100"
content-length: 2555
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/jpeg
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_loisium_01.jpg

185.51.8.60

200 OK

2.7 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_loisium_01.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 117x134, components 3\012- data
Size
2.7 kB (2690 bytes)
Hash
cd270c7eb83c4d52ae51687230278b97
465a04f7af5c22d62d9fbdd4e842ef83e1f56b1c
1364e00bc3e3b1c59f8e66ea4ed83a3ae06c707491ae1994d270b7600de48c72

HTTP Headers

GET /uploads/RTEmagicC_loisium_01.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:06 GMT
etag: "a82-507eb5f971880"
content-length: 2690
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/jpeg
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_stiegenhaus_01.png

185.51.8.60

200 OK

9.5 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_stiegenhaus_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 228 x 40, 8-bit/color RGB, non-interlaced\012- data
Size
9.5 kB (9461 bytes)
Hash
98493508f06b48fa41e9c5bcdbde8278
e8d6986e81968e8cb4985fa91504364925525005
bb75ba903054bfbb8ea738174516fc8890e97acb0628a3a7919d92397ae8fa78

HTTP Headers

GET /uploads/RTEmagicC_stiegenhaus_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "24f5-507eb5fa65ac0"
content-length: 9461
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_kail_03.jpg

185.51.8.60

200 OK

1.1 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_kail_03.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 40x61, components 3\012- data
Size
1.1 kB (1130 bytes)
Hash
ff86c24c34be9076366198dff4a2239b
1cd533b2f2834a06582310a0ff7e6d2d9f3d1fdd
b5e80290915c963f6c79b8cbc4481231bdc3c17bca0ee9c1c770419413a0ab6f

HTTP Headers

GET /uploads/RTEmagicC_kail_03.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Thu, 25 Dec 2014 12:07:00 GMT
etag: "46a-50b093ed04100"
content-length: 1130
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/jpeg
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869

185.51.8.60

200 OK

5.3 kB

URL HTTP/2
www.turmhof.at/typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
ASCII text, with very long lines (1230)
Size
5.3 kB (5274 bytes)
Hash
fe1e089131a6aca2400aeb622468a454
9ec239548dab5b6ed80d91667f566b7cae7ae256
7009d502328cd91170cbdc5ca45ef195c1f94c4f9f58063d587f904fe8f5a5ca

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 13 Sep 2022 07:24:29 GMT
etag: "149a-5e889e7213546"
accept-ranges: bytes
content-length: 5274
cache-control: max-age=604800
expires: Thu, 02 Feb 2023 08:18:05 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-encoding: gzip
content-type: text/css
vary: Accept-Encoding
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/user_upload/kamptal-winter.jpg

185.51.8.60

200 OK

111 kB

URL HTTP/2
www.turmhof.at/fileadmin/user_upload/kamptal-winter.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 940x300, components 3\012- data
Size
111 kB (110654 bytes)
Hash
51cad4f4b55c555f915a437cf4b3e431
725ab65681adc7700f45c9946eb7a8dfde2de4f2
626c20d0e4f91387472f158524a7efc14502dae586623837b30a8f3548b62c4b

HTTP Headers

GET /fileadmin/user_upload/kamptal-winter.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sun, 04 Jan 2015 15:46:39 GMT
etag: "1b03e-50bd57ac195c0"
content-length: 110654
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/jpeg
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_zertifiziert-nachhaltige-weine_02.png

185.51.8.60

200 OK

24 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_zertifiziert-nachhaltige-weine_02.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 180 x 246, 8-bit/color RGBA, non-interlaced\012- data
Size
24 kB (24194 bytes)
Hash
7c9e8a43a0f0daa6ceee7c0b396929db
463d1af76d54b49eeb4df50d589bc3091b24cd23
1df11a0fe801694d268e1b5551f6236c1bea0af3fd92a0660217a8be7d1882f9

HTTP Headers

GET /uploads/RTEmagicC_zertifiziert-nachhaltige-weine_02.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 26 Aug 2019 10:40:35 GMT
etag: "5e82-59102c932b935"
content-length: 24194
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/img/marillenmarmelade.jpg

185.51.8.60

200 OK

18 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/marillenmarmelade.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x380, components 3\012- data
Size
18 kB (18140 bytes)
Hash
134740414ab039e3b941f6e1e536c80d
2a2f746a78091532169f066362fe3c2d58cd2553
7da6aa4e7eeae27100e27d5aa4d9d33b07ba6806709c5b1403eb4e0dbd122786

HTTP Headers

GET /fileadmin/img/marillenmarmelade.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 31 Mar 2015 16:41:56 GMT
etag: "46dc-5129846d13d00"
content-length: 18140
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/jpeg
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_schlossfestspiele_02.png

185.51.8.60

200 OK

9.8 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_schlossfestspiele_02.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 244 x 31, 8-bit/color RGB, non-interlaced\012- data
Size
9.8 kB (9752 bytes)
Hash
cfd49ae518049a3b9834774c4e07fadc
c49b0f70df83da58ccf25e84f65ef9b50153396f
fdec629e2da1ee95c06049fbfed064f69610951fed3a022b00c202293af598f8

HTTP Headers

GET /uploads/RTEmagicC_schlossfestspiele_02.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "2618-507eb5fa65ac0"
content-length: 9752
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_elsarn_01.png

185.51.8.60

200 OK

7.4 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_elsarn_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 111 x 74, 8-bit/color RGB, non-interlaced\012- data
Size
7.4 kB (7379 bytes)
Hash
1d886e1847806889c6808ac929f30e60
d2ae6cb156283e7b58b522b92ade3068265d9536
4be006758eccd3cf40eb7e42fe0004da0e290df92b14018e792c455fbb0fc6ef

HTTP Headers

GET /uploads/RTEmagicC_elsarn_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "1cd3-507eb5fa65ac0"
content-length: 7379
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_arche-noah.png

185.51.8.60

200 OK

4.6 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_arche-noah.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 75 x 81, 8-bit/color RGB, non-interlaced\012- data
Size
4.6 kB (4598 bytes)
Hash
d49abd24e93496edb8fa090517479857
900372c6f12774dba708b03949369d3f39759dc8
77c40bb6e38f1f9f0745618d7679f809ceb5897c47a89572fdd98243eeeb55e8

HTTP Headers

GET /uploads/RTEmagicC_arche-noah.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:11:32 GMT
etag: "11f6-507eb59fcc500"
content-length: 4598
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_kittenberger_01.png

185.51.8.60

200 OK

17 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_kittenberger_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 168 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (17403 bytes)
Hash
78d0498cf4a1c01fecfe313ed7fa63d8
707b5cc166a1a16dafb59a8a38dfe3f755e0a849
c39ad8ed6d186834171db7fc85fcd8e70dd275ad6cd0a1e3a5186d4fd0425226

HTTP Headers

GET /uploads/RTEmagicC_kittenberger_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "43fb-507eb5fa65ac0"
content-length: 17403
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_straussenland_01.png

185.51.8.60

200 OK

16 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_straussenland_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 228 x 38, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (15961 bytes)
Hash
c281f7ed679dcfcf72bbee8698fec873
0ffb5be7bb29def1ed6245efac2423d88fb7a624
8bec635af1c63eeba2be6326e5ed3e0530aeb02a8bee4a130cf04f1c7d6bb948

HTTP Headers

GET /uploads/RTEmagicC_straussenland_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "3e59-507eb5fa65ac0"
content-length: 15961
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/neues/Aktualisiere

185.51.8.60

301 Moved Permanently

0 B

URL HTTP/2
www.turmhof.at/neues/Aktualisiere
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /neues/Aktualisiere HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
location: https://www.turmhof.at/neues/Aktualisiere/
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 0
content-type: text/html
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869

185.51.8.60

200 OK

140 kB

URL HTTP/2
www.turmhof.at/typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
ASCII text, with very long lines (32065)
Size
140 kB (140516 bytes)
Hash
331db749b23314b1bad5b93fafe609fa
c8e218e61f6918b0a8832fa416651245eb45ec20
123def30c06e0713dce6a1280b0715fb6f206c456027af94699246a25a544edd

HTTP Headers

GET /typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 13 Sep 2022 07:24:29 GMT
etag: "224e4-5e889e7210666"
accept-ranges: bytes
content-length: 140516
cache-control: max-age=604800
expires: Thu, 02 Feb 2023 08:18:06 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-encoding: gzip
content-type: text/javascript
vary: Accept-Encoding
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

push.services.mozilla.com/

44.235.159.98

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.235.159.98:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5scIA4UmjcjDu6fbUEwTBw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Gymy15Zbdji3vgrUZ9LhL4TzV5g=

www.turmhof.at/fileadmin/img/arrow.png

185.51.8.60

200 OK

1.3 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/arrow.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 21 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1296 bytes)
Hash
8fbc42e423abd18859e3e06bcd84b7fa
1d2302191daa4c5afae732600953db77d1c62bd2
496ef5ec0fd6405fa8579c51ec5199485934f64faaf3059ccc974198dc403604

HTTP Headers

GET /fileadmin/img/arrow.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 11 Nov 2014 15:42:56 GMT
etag: "510-507972208a000"
content-length: 1296
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-300.woff2

185.51.8.60

200 OK

13 kB

URL HTTP/2
www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-300.woff2
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Size
13 kB (12956 bytes)
Hash
1c772d9d0531b187db80bcfc199c1786
c0c04fb334190e10dffed0dcc5c817c2a6041a15
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fileadmin/fonts/source-sans-pro-v21-latin-300.woff2 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 06:02:02 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 22 Aug 2022 07:12:28 GMT
etag: "329c-5e6cf2bad1239"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 12956
content-type: font/woff2
age: 8163
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-600.woff2

185.51.8.60

200 OK

13 kB

URL HTTP/2
www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-600.woff2
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Size
13 kB (13052 bytes)
Hash
7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fileadmin/fonts/source-sans-pro-v21-latin-600.woff2 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 06:02:02 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 22 Aug 2022 07:12:29 GMT
etag: "32fc-5e6cf2bb08cda"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 13052
content-type: font/woff2
age: 8163
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2

185.51.8.60

200 OK

13 kB

URL HTTP/2
www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
Web Open Font Format (Version 2), TrueType, length 12580, version 1.0\012- data
Size
13 kB (12580 bytes)
Hash
eaf55d1d3b7c4a30203d2d5226c49b6d
11b63b740965603ef544f261ef036d24e6bb1fb5
e286a9ef7d2064a4cf7026449941a557c7123aa84ef2a17cf79a38820f5474bc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 22 Aug 2022 07:12:29 GMT
etag: "3124-5e6cf2bb4559a"
content-length: 12580
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: font/woff2
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/img/zertifiziert-nachhaltige-weine.png

185.51.8.60

200 OK

109 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/zertifiziert-nachhaltige-weine.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 2249 x 3067, 8-bit colormap, non-interlaced\012- data
Size
109 kB (109417 bytes)
Hash
c6a8590dc805bc91225593002f16aaae
3cf17115e5ca347c710cc03efdf0de8af540d564
f6256e3b713a04fd7cbeaae7e866487a04d0602883a6d01258ffdd9074de0d9e

HTTP Headers

GET /fileadmin/img/zertifiziert-nachhaltige-weine.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 06:02:02 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 16 Apr 2018 18:29:37 GMT
etag: "1ab69-569fb67842272"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 109417
content-type: image/png
cache-control: max-age=86400
age: 8163
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/jcart/config-loader.php?ajax=true

185.51.8.60

200 OK

1.0 kB

URL HTTP/2
www.turmhof.at/fileadmin/jcart/config-loader.php?ajax=true
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JSON data\012- , ASCII text, with very long lines (1007), with no line terminators
Size
1.0 kB (1007 bytes)
Hash
08a170c8da536f62c26625501498ab18
acbb249a30a96b69a7b4ec4df642507a510c0895
fa4b93bfc6318c686ff6584cfe169249efb2dc023372b3976e561ad453f70c46

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /fileadmin/jcart/config-loader.php?ajax=true HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: application/json; charset=utf-8
age: 0
accept-ranges: bytes
content-length: 1007
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674701831021%22

35.241.9.150

200 OK

21 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221674701831021%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Size
21 kB (20973 bytes)
Hash
a4c833f1d6f95d1a8c40621ce4c842bc
f1ac47b1da501214d4141b514d10603de06c6313
5083d01dbacd5ef42dddad24005df8a15b061a0f6d40616fcd0570f86533ac59

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221674701831021%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Thu, 26 Jan 2023 08:02:06 GMT
age: 960
last-modified: Thu, 26 Jan 2023 02:57:11 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.turmhof.at/android-icon-192x192.png

185.51.8.60

200 OK

3.9 kB

URL HTTP/2
www.turmhof.at/android-icon-192x192.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
3.9 kB (3887 bytes)
Hash
3eabb9bf16cbd62536b64227d2f45a3d
4fe2947c933b93a2b1bb2e7b666d89ad95a0e1f9
57c6b9924b6025350f495632c8551f4bbbcbd7e4a1b0b800672b68faa48d1546

HTTP Headers

GET /android-icon-192x192.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
vary: Accept-Encoding
last-modified: Mon, 01 Jul 2019 19:59:54 GMT
etag: "f2f-58ca412642ecd"
content-length: 3887
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/neues/Aktualisiere/

185.51.8.60

404 Not Found

2.1 kB

URL HTTP/2
www.turmhof.at/neues/Aktualisiere/
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
data
Size
2.1 kB (2100 bytes)
Hash
991a32ac9c43c0504526f468a64a4cab
9d804e900aac020be0f4c8274d040f557fceae2f
80f1578ec14561a321359fe59d202db687139599c13bf593470f05ccaf59a65b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /neues/Aktualisiere/ HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 26 Jan 2023 08:18:06 GMT
server: Apache
content-encoding: gzip
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: text/html
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674693435261&_since=%221666204638208%22

35.241.9.150

200 OK

20 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674693435261&_since=%221666204638208%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (19900), with no line terminators
Size
20 kB (19900 bytes)
Hash
4a753c98fdd406a992aabe489bcfa05f
be20e18a142d3f80ac74a27abf0e1943999cdfc5
140c0eddaedda00da54033dd95d58ccb8ff83b32d7191ef531e011887448ebd8

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1674693435261&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 19900
via: 1.1 google
date: Thu, 26 Jan 2023 07:47:47 GMT
age: 1819
last-modified: Thu, 26 Jan 2023 00:37:15 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: SDPermtmNh3ay3ddH5C8oUBzYcL/745pUjltcEAowINJ5yNOCM5AnlSs5/mxgT3BUH/Isuj93E0=
x-amz-request-id: Y64RQFKQXZF7HG73
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 07:20:00 GMT
age: 3486
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 07:35:16 GMT
content-type: application/json
age: 2570
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9c862caf8fb9b1ea74e245cb4715ddee
211a22d6144cf031b791fc7f4ae89192a350ea83
e3a38b3b129fe240435654f9a28842dae0f36444a170141284600722111f7487

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3A38B3B129FE240435654F9A28842DAE0F36444A170141284600722111F7487"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5650
Expires: Thu, 26 Jan 2023 09:52:16 GMT
Date: Thu, 26 Jan 2023 08:18:06 GMT
Connection: keep-alive

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin

34.111.73.144

200 OK

807 kB

URL HTTP/2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
34.111.73.144:0
ASN
#15169 GOOGLE

File type
data
Size
807 kB (807180 bytes)
Hash
914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857

HTTP Headers

GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Iq6MPZChCK4BjPYHRAqh7GKwdL16BV3JcZ1ubU1u5Ex8D4R+4i0Bm+Ku6b288ZVOb/wjAhmLRSqubHL8oVpx8g==
x-amz-request-id: QT4EC7SV4DRZNMPA
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Sat, 21 Jan 2023 15:34:23 GMT
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
age: 405823
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674691273156&_since=%221666483264567%22

35.241.9.150

200 OK

54 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674691273156&_since=%221666483264567%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (53706), with no line terminators
Size
54 kB (53706 bytes)
Hash
8e91726628b774a26fce7a57830ff420
5f69ab7dd164d6dc71a573b1fc79d7c4b7f5c1ad
06364f353d3a2bad9ae40acf5781a0cc091a8f835a52473f20400b3b1d28ca26

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674691273156&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 53706
via: 1.1 google
date: Thu, 26 Jan 2023 08:17:17 GMT
age: 49
last-modified: Thu, 26 Jan 2023 00:01:13 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674671394036&_since=%221666279968541%22

35.241.9.150

200 OK

79 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674671394036&_since=%221666279968541%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
79 kB (79416 bytes)
Hash
8d83023bcabd8c6e289a9267ab002774
8c0899ee84c5726a207bdd7cb43513b5fa24a136
a0964ed65c310f9a014930df04c32d6418aac309b686ba3235f2749991fa8afd

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1674671394036&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 79416
via: 1.1 google
date: Thu, 26 Jan 2023 07:48:23 GMT
age: 1783
last-modified: Wed, 25 Jan 2023 18:29:54 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1743), with no line terminators
Size
1.7 kB (1743 bytes)
Hash
ab262a9bb6f1280c3c36ed0ced90f3d5
e042e56c58964267c5ffada95c35cf17f9f844be
5a6ea549b05e1a0061529a1e08b3863a74f8ae84036353d6e24fac17583d689d

HTTP Headers

GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1743
via: 1.1 google
date: Thu, 26 Jan 2023 08:17:56 GMT
age: 10
last-modified: Tue, 24 Jan 2023 21:17:28 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22

35.241.9.150

200 OK

4.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (4318), with no line terminators
Size
4.3 kB (4318 bytes)
Hash
d2da10d4238679967f2f1b3c1b9b23c4
975faf29a2f3f3e7033760e2dbcfaedacdf10df0
06f2f6e989845778d3804554769b028d9d95378aafbeffd125c1f977a64b82d3

HTTP Headers

GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 4318
via: 1.1 google
date: Thu, 26 Jan 2023 08:17:27 GMT
age: 39
last-modified: Tue, 24 Jan 2023 21:16:52 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
72383bcf75fd3f95b04c04f9b29e6f46
9af7454ba7e71364303c3b2fed36d96138acf802
145b07c9a17c643743a65915536b5c73e7a5bd00b689b1c411a32f3a56ff763d

HTTP Headers

GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Thu, 26 Jan 2023 07:45:12 GMT
age: 1974
last-modified: Tue, 24 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

35.241.9.150

200 OK

1.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Size
1.3 kB (1250 bytes)
Hash
813d4e664d5e77312ff4d33db52751ed
fc198a56a45d8ee8594c067bd17ba4f30569201e
2051a6f05a4a12e0b4a2c0772ab9b7773bdd4ce903c95b9976a9cb1dd1666719

HTTP Headers

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Thu, 26 Jan 2023 07:39:53 GMT
age: 2294
last-modified: Tue, 24 Jan 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

680 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (680), with no line terminators
Size
680 B (680 bytes)
Hash
3c2ab58934d4eb17ff9d1f19e23dd202
0fe30545b9b31860da6b7de765133774fc8677d9
86d6334b6a51c4ec01520e2b7d990bd1cbce3b8202d715e56b1017e2ea82e40c

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 680
via: 1.1 google
date: Thu, 26 Jan 2023 07:46:33 GMT
age: 1894
last-modified: Sat, 21 Jan 2023 16:36:52 GMT
etag: "1674319012896"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22

35.241.9.150

200 OK

935 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Size
935 B (935 bytes)
Hash
c966249f2a521568b08d3b6e83171bdc
779f0a6d305e44f8edbbb8d98b21f79d3fef40a8
7c61a0b5c06684bec4a6936e0e0e9443c23507088415edfbe94e37155966d126

HTTP Headers

GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Thu, 26 Jan 2023 07:36:43 GMT
age: 2484
last-modified: Sat, 21 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22

35.241.9.150

200 OK

17 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (17319), with no line terminators
Size
17 kB (17319 bytes)
Hash
d98a8694f5319841aca0ce5665cb70bd
0343776c07afb11211f5e6b9f5f54156190d37e3
317c9f3e63a171b7fb793250a9720ef5150cb4f795c2f6aa7808a7e589e6318e

HTTP Headers

GET /v1/buckets/main/collections/search-config/changeset?_expected=1674147734521&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 17319
via: 1.1 google
date: Thu, 26 Jan 2023 07:19:24 GMT
age: 3523
last-modified: Thu, 19 Jan 2023 17:02:14 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

35.241.9.150

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
d77c6f3eed3ee3299df7f69d5daa9a96
7089332f1140ccb768a7d778eca42b1f393d68cf
dd907320f63ca60a13d87eea545d3d918e002d23a042f2c31161c9fa5734c3fc

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Thu, 26 Jan 2023 07:35:34 GMT
age: 2553
last-modified: Thu, 19 Jan 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22

35.241.9.150

200 OK

2.1 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (2143), with no line terminators
Size
2.1 kB (2143 bytes)
Hash
adc8f38454b04c324a51f1b3663f110a
12e1d854cc80650b9e00a27eb4ebdc93101e6a51
6bfe98ae6ffe807dc29b973716fdbf44b730fd23ff7941106e9da9d5a366b9f5

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2143
via: 1.1 google
date: Thu, 26 Jan 2023 08:09:53 GMT
last-modified: Thu, 19 Jan 2023 12:49:37 GMT
content-type: application/json
age: 494
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2193
Expires: Thu, 26 Jan 2023 08:54:40 GMT
Date: Thu, 26 Jan 2023 08:18:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2193
Expires: Thu, 26 Jan 2023 08:54:40 GMT
Date: Thu, 26 Jan 2023 08:18:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2193
Expires: Thu, 26 Jan 2023 08:54:40 GMT
Date: Thu, 26 Jan 2023 08:18:07 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11918 bytes)
Hash
4cb7be12333fa7ea3353901b4b3215af
4b758cc432874384f330568177eef5a328d7e69a
d6f86c0ddbabd5c4fd7cee72ce4da62ccddd9d29139c9ab033bb1ab8425bae22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11918
x-amzn-requestid: ff47dd24-004f-4cc7-acfb-283b2e751f23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqxwEyWoAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb580b-1e95f74b0846080f75a757f6;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:12:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ntW_cYMwX6UWInGOxxPlwnV1AJh46X-hiLvwggRz9oa1Yno6jyE51g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:37:14 GMT
age: 13253
etag: "4b758cc432874384f330568177eef5a328d7e69a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4513 bytes)
Hash
3ed67ca9bce75476cc13c83abe463bc7
242e26653f691852678a2a32fd17d58fb4747126
a54b909a228e7ac3c6a98e553445905cac7664a2a9208af9abba149f11881d1f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe22ec7be-6a69-4dd9-9340-9be6624c7434.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4513
x-amzn-requestid: 4caaaf23-4e35-4a1e-983a-5c556d009ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOi2OG15IAMFxKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf4b5a-643a67517111200131d532f6;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jIzVB4TdGNZ2zX-NL2DuwBNVA1nLpbd_KFddr_z0B2vQPSt6mNi8Fg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 03:55:11 GMT
age: 15776
etag: "242e26653f691852678a2a32fd17d58fb4747126"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74736a6-2e9e-46aa-9c09-e96ce23f160c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4774 bytes)
Hash
13fa7641221298b50dd96428df4a60a7
8f306f479049964b44288c97919e3abf3196f785
c5063d45d5222aaf0bf9ddd3a5a24c9856d2684e3c7650e48cd1e9f90d365295

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe74736a6-2e9e-46aa-9c09-e96ce23f160c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4774
x-amzn-requestid: 08241dd7-00f9-46ad-97a8-7cef8f3096d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSY-zFDBoAMFqXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d52b-1dda27b3027ee4a0374a94df;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EGwq_99mkoq7fv9N_uMAtR5aYB4efHUZ-9fAwBB94UsfS29K5e_UlA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:21:43 GMT
age: 3384
etag: "8f306f479049964b44288c97919e3abf3196f785"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5943 bytes)
Hash
ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:49:40 GMT
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
age: 37707
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7426 bytes)
Hash
c331b0423afe4c6888533296b5f275bc
766aba1f8bb596a068f4e611161fa54616f506ed
0551882e8ba5962ca2c3a8634574e75f11321d46f9c901430614a9c73eaeae12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 1c0f08ae-9b11-4c41-a6e9-819343332f34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF-fElWIAMFg8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf838f-6cf92e9d28ec0c9727e7419a;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A9cyJReV84QegjGfuOcBlZ-T6uefiGXXKnIBXIcn3a1x0kRYQ6XI3A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:34:59 GMT
age: 2588
etag: "766aba1f8bb596a068f4e611161fa54616f506ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0617a6db-4b92-4745-b454-37fcbea9f1e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2869 bytes)
Hash
c4aaca9804bfc17f83d66373ce67c0dc
9d0a0f828e312f615ddaa342522ab2ff7872beac
6871737d359006f7eb3086f488b1576283385000fd4ad66718f73faafbcf77ce

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0617a6db-4b92-4745-b454-37fcbea9f1e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2869
x-amzn-requestid: 12669ef8-7d67-44c1-88c7-69ad3afb0cd7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOi00FgtoAMFR6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf4b51-285760c501ecc8546811d017;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 03:06:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aceW8kOi0fzhtJabTmxaLanBA-ToshO5tWi3QcQ4wu1Yb5l3vrzT1g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:22:09 GMT
age: 14158
etag: "9d0a0f828e312f615ddaa342522ab2ff7872beac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 25 Jan 2023 11:01:25 GMT
Age: 76602
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

www.turmhof.at/neues/

185.51.8.60

200 OK

0 B

URL HTTP/2
www.turmhof.at/neues/
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
openphish	PayPal Inc.
fortinet	Phishing

HTTP Headers

GET /neues/ HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 08:18:05 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: private
content-encoding: gzip
vary: Accept-Encoding
set-cookie: PHPSESSID=8001tg6l24brgtqutefvuqgur7; path=/
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: text/html; charset=utf-8
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (71)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers