Report - www.turmhof.at/home/

Report Overview

Submitted URL
www.turmhof.at/home/
IP
185.51.8.60
ASN
#208582 Nessus GmbH
Submitted
2023-02-03 11:52:03
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
78

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www.turmhof.at	unknown	2019-05-15T08:10:19Z	2023-02-22T20:34:49Z	12 kB	613 kB	185.51.8.60
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.149.71.248
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	60 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	341 B	900 B	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-02	medium	www.turmhof.at/home/	PayPal Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	www.turmhof.at/home/	Phishing
2023-02-03	medium	www.turmhof.at/fileadmin/img/weingut-turmhof.svg	Phishing
2023-02-03	medium	www.turmhof.at/typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869	Phishing
2023-02-03	medium	www.turmhof.at/home/Aktualisiere	Phishing
2023-02-03	medium	www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-regular.woff2	Phishing
2023-02-03	medium	www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-300.woff2	Phishing
2023-02-03	medium	www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2	Phishing
2023-02-03	medium	www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-600.woff2	Phishing
2023-02-03	medium	www.turmhof.at/fileadmin/jcart/config-loader.php?ajax=true	Phishing
2023-02-03	medium	www.turmhof.at/home/Aktualisiere/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed
2023-02-03	medium	turmhof.at	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	www.turmhof.at/typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869	493 kB	2023-03-09	2023-03-26
Pretty URL www.turmhof.at/typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869 IP 185.51.8.60 ASN #208582 Nessus GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 12:12:49 Last Seen2023-03-26 13:04:03 Times Seen5 Hash eccc4a750d8bd5383b7048d6e1a9859b 03b0d820bade77c1fb3f508020e43fcb421bb46f a11f97197d4cd40967add843f7686d74fb44d6b3ec095d20c0efca788470d56e Loading...

HTTP Transactions (48)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18317
Expires: Fri, 03 Feb 2023 16:57:08 GMT
Date: Fri, 03 Feb 2023 11:51:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19906
Expires: Fri, 03 Feb 2023 17:23:37 GMT
Date: Fri, 03 Feb 2023 11:51:51 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 11:43:35 GMT
content-type: application/json
age: 496
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
334abd65fba33a14b49ad69b3e7d8904
dffac5b40c325a39dd46a69ab216710125271203
bd58998415fde0e849d1133ecffc816ebdbf398329e8218f8d925bda8dfc8774

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:51:51 GMT
Server: ECS (amb/6BA4)
Content-Length: 727

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20206
Expires: Fri, 03 Feb 2023 17:28:37 GMT
Date: Fri, 03 Feb 2023 11:51:51 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: sjtmwQqT6aMqsGWgZ+83XkXv+XrQCxRD8wQZ0hJoB5V3usN/vCaoNwp3fOLcPKP4W2/vSA4hIhDgy+7CpPb2qQ==
x-amz-request-id: XPQGSCK66SGY9B87
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 11:23:31 GMT
age: 1700
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 11:51:51 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.turmhof.at/home/

185.51.8.60

200 OK

4.3 kB

URL HTTP/2
www.turmhof.at/home/
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12200), with no line terminators
Size
4.3 kB (4270 bytes)
Hash
5fb00800895cec6bbde6fb4819ab0336
ef93497c63d6591745fe008c74b4fec4fb8b581b
92204a1661a2d233fc1eded52ddecdf737f34bd5bd149115257c052944a3599f

Detections

Analyzer	Verdict	Alert
openphish	PayPal Inc.
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /home/ HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:51:51 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: private
content-encoding: gzip
vary: Accept-Encoding
set-cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3; path=/
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: text/html; charset=utf-8
age: 0
accept-ranges: bytes
content-length: 4270
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/img/weingut-turmhof.svg

185.51.8.60

200 OK

2.4 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/weingut-turmhof.svg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.4 kB (2403 bytes)
Hash
95eeedc797487129162268d919ee9971
ad1287dc258d011f91de76e813b6884e5f7c9a19
872d9c4d84c3f738ee1f4a4187cc3a3765837f8388b184e23121f5967fbfebe5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fileadmin/img/weingut-turmhof.svg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 11 Nov 2014 15:42:59 GMT
etag: "963-50797223666c0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 2403
content-type: image/svg+xml
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/user_upload/kamptal-winter.jpg

185.51.8.60

200 OK

111 kB

URL HTTP/2
www.turmhof.at/fileadmin/user_upload/kamptal-winter.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 940x300, components 3\012- data
Size
111 kB (110654 bytes)
Hash
51cad4f4b55c555f915a437cf4b3e431
725ab65681adc7700f45c9946eb7a8dfde2de4f2
626c20d0e4f91387472f158524a7efc14502dae586623837b30a8f3548b62c4b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fileadmin/user_upload/kamptal-winter.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sun, 04 Jan 2015 15:46:39 GMT
etag: "1b03e-50bd57ac195c0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 110654
content-type: image/jpeg
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_zertifiziert-nachhaltige-weine_02.png

185.51.8.60

200 OK

24 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_zertifiziert-nachhaltige-weine_02.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 180 x 246, 8-bit/color RGBA, non-interlaced\012- data
Size
24 kB (24194 bytes)
Hash
7c9e8a43a0f0daa6ceee7c0b396929db
463d1af76d54b49eeb4df50d589bc3091b24cd23
1df11a0fe801694d268e1b5551f6236c1bea0af3fd92a0660217a8be7d1882f9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_zertifiziert-nachhaltige-weine_02.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 26 Aug 2019 10:40:35 GMT
etag: "5e82-59102c932b935"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 24194
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_daniel-spoerri_03.jpg

185.51.8.60

200 OK

2.6 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_daniel-spoerri_03.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 97x65, components 3\012- data
Size
2.6 kB (2555 bytes)
Hash
f375205904abd42869b823bfe7e945d2
3540b4a3343a5e6a3303bbf0dd9a785af69293d9
55497da883add72f844bc744ee9c112d5fad8babc5cc91f593edbe72d76cedaf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_daniel-spoerri_03.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Thu, 25 Dec 2014 12:07:00 GMT
etag: "9fb-50b093ed04100"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 2555
content-type: image/jpeg
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/img/marillenmarmelade.jpg

185.51.8.60

200 OK

18 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/marillenmarmelade.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x380, components 3\012- data
Size
18 kB (18140 bytes)
Hash
134740414ab039e3b941f6e1e536c80d
2a2f746a78091532169f066362fe3c2d58cd2553
7da6aa4e7eeae27100e27d5aa4d9d33b07ba6806709c5b1403eb4e0dbd122786

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fileadmin/img/marillenmarmelade.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 31 Mar 2015 16:41:56 GMT
etag: "46dc-5129846d13d00"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 18140
content-type: image/jpeg
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_awc-gold_02.png

185.51.8.60

200 OK

52 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_awc-gold_02.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
52 kB (51813 bytes)
Hash
fb3bed29bf6969942c7c24d578d4df84
0476f65993cef68c42b88d9a54abbe2dc3e71553
4849a28766b47ca0c753c887163b2571edee64a50fb0299903ec6b377f2cd286

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_awc-gold_02.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Thu, 26 Oct 2017 13:05:30 GMT
etag: "ca65-55c72d3aa2e56"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 51813
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 11:49:06 GMT
age: 166
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_kail_03.jpg

185.51.8.60

200 OK

1.1 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_kail_03.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 40x61, components 3\012- data
Size
1.1 kB (1130 bytes)
Hash
ff86c24c34be9076366198dff4a2239b
1cd533b2f2834a06582310a0ff7e6d2d9f3d1fdd
b5e80290915c963f6c79b8cbc4481231bdc3c17bca0ee9c1c770419413a0ab6f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_kail_03.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Thu, 25 Dec 2014 12:07:00 GMT
etag: "46a-50b093ed04100"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 1130
content-type: image/jpeg
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_loisium_01.jpg

185.51.8.60

200 OK

2.7 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_loisium_01.jpg
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 117x134, components 3\012- data
Size
2.7 kB (2690 bytes)
Hash
cd270c7eb83c4d52ae51687230278b97
465a04f7af5c22d62d9fbdd4e842ef83e1f56b1c
1364e00bc3e3b1c59f8e66ea4ed83a3ae06c707491ae1994d270b7600de48c72

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_loisium_01.jpg HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:06 GMT
etag: "a82-507eb5f971880"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 2690
content-type: image/jpeg
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_stiegenhaus_01.png

185.51.8.60

200 OK

9.5 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_stiegenhaus_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 228 x 40, 8-bit/color RGB, non-interlaced\012- data
Size
9.5 kB (9461 bytes)
Hash
98493508f06b48fa41e9c5bcdbde8278
e8d6986e81968e8cb4985fa91504364925525005
bb75ba903054bfbb8ea738174516fc8890e97acb0628a3a7919d92397ae8fa78

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_stiegenhaus_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "24f5-507eb5fa65ac0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 9461
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869

185.51.8.60

200 OK

5.3 kB

URL HTTP/2
www.turmhof.at/typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
ASCII text, with very long lines (1230)
Size
5.3 kB (5274 bytes)
Hash
fe1e089131a6aca2400aeb622468a454
9ec239548dab5b6ed80d91667f566b7cae7ae256
7009d502328cd91170cbdc5ca45ef195c1f94c4f9f58063d587f904fe8f5a5ca

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /typo3temp/compressor/merged-ff662f81a898aa574edee79f8871491e-795a542870364d232d5704bd747de11b.css.gzip?1663053869 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:51:52 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 13 Sep 2022 07:24:29 GMT
etag: "149a-5e889e7213546"
accept-ranges: bytes
content-length: 5274
cache-control: max-age=604800
expires: Fri, 10 Feb 2023 11:51:52 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-encoding: gzip
content-type: text/css
vary: Accept-Encoding
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_kittenberger_01.png

185.51.8.60

200 OK

17 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_kittenberger_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 168 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (17403 bytes)
Hash
78d0498cf4a1c01fecfe313ed7fa63d8
707b5cc166a1a16dafb59a8a38dfe3f755e0a849
c39ad8ed6d186834171db7fc85fcd8e70dd275ad6cd0a1e3a5186d4fd0425226

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_kittenberger_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "43fb-507eb5fa65ac0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 17403
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_arche-noah.png

185.51.8.60

200 OK

4.6 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_arche-noah.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 75 x 81, 8-bit/color RGB, non-interlaced\012- data
Size
4.6 kB (4598 bytes)
Hash
d49abd24e93496edb8fa090517479857
900372c6f12774dba708b03949369d3f39759dc8
77c40bb6e38f1f9f0745618d7679f809ceb5897c47a89572fdd98243eeeb55e8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_arche-noah.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:11:32 GMT
etag: "11f6-507eb59fcc500"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 4598
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_straussenland_01.png

185.51.8.60

200 OK

16 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_straussenland_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 228 x 38, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (15961 bytes)
Hash
c281f7ed679dcfcf72bbee8698fec873
0ffb5be7bb29def1ed6245efac2423d88fb7a624
8bec635af1c63eeba2be6326e5ed3e0530aeb02a8bee4a130cf04f1c7d6bb948

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_straussenland_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "3e59-507eb5fa65ac0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 15961
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_elsarn_01.png

185.51.8.60

200 OK

7.4 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_elsarn_01.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 111 x 74, 8-bit/color RGB, non-interlaced\012- data
Size
7.4 kB (7379 bytes)
Hash
1d886e1847806889c6808ac929f30e60
d2ae6cb156283e7b58b522b92ade3068265d9536
4be006758eccd3cf40eb7e42fe0004da0e290df92b14018e792c455fbb0fc6ef

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_elsarn_01.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "1cd3-507eb5fa65ac0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 7379
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/uploads/RTEmagicC_schlossfestspiele_02.png

185.51.8.60

200 OK

9.8 kB

URL HTTP/2
www.turmhof.at/uploads/RTEmagicC_schlossfestspiele_02.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 244 x 31, 8-bit/color RGB, non-interlaced\012- data
Size
9.8 kB (9752 bytes)
Hash
cfd49ae518049a3b9834774c4e07fadc
c49b0f70df83da58ccf25e84f65ef9b50153396f
fdec629e2da1ee95c06049fbfed064f69610951fed3a022b00c202293af598f8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/RTEmagicC_schlossfestspiele_02.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Sat, 15 Nov 2014 20:13:07 GMT
etag: "2618-507eb5fa65ac0"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 9752
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/home/Aktualisiere

185.51.8.60

301 Moved Permanently

0 B

URL HTTP/2
www.turmhof.at/home/Aktualisiere
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /home/Aktualisiere HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
date: Fri, 03 Feb 2023 11:51:52 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
location: https://www.turmhof.at/home/Aktualisiere/
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 0
content-type: text/html
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4390
Expires: Fri, 03 Feb 2023 13:05:02 GMT
Date: Fri, 03 Feb 2023 11:51:52 GMT
Connection: keep-alive

www.turmhof.at/typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869

185.51.8.60

200 OK

140 kB

URL HTTP/2
www.turmhof.at/typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
ASCII text, with very long lines (32065)
Size
140 kB (140516 bytes)
Hash
331db749b23314b1bad5b93fafe609fa
c8e218e61f6918b0a8832fa416651245eb45ec20
123def30c06e0713dce6a1280b0715fb6f206c456027af94699246a25a544edd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /typo3temp/compressor/merged-ed6cea7a3e1424b68211fdd94afb718d-89b023a51b7aa2b082e140e2cc7c4a9d.js.gzip?1663053869 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:51:52 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 13 Sep 2022 07:24:29 GMT
etag: "224e4-5e889e7210666"
accept-ranges: bytes
content-length: 140516
cache-control: max-age=604800
expires: Fri, 10 Feb 2023 11:51:52 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-encoding: gzip
content-type: text/javascript
vary: Accept-Encoding
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/img/arrow.png

185.51.8.60

200 OK

1.3 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/arrow.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 21 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1296 bytes)
Hash
8fbc42e423abd18859e3e06bcd84b7fa
1d2302191daa4c5afae732600953db77d1c62bd2
496ef5ec0fd6405fa8579c51ec5199485934f64faaf3059ccc974198dc403604

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fileadmin/img/arrow.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Tue, 11 Nov 2014 15:42:56 GMT
etag: "510-507972208a000"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 1296
content-type: image/png
cache-control: max-age=86400
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-regular.woff2

185.51.8.60

200 OK

13 kB

URL HTTP/2
www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-regular.woff2
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Size
13 kB (13036 bytes)
Hash
0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fileadmin/fonts/source-sans-pro-v21-latin-regular.woff2 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 22 Aug 2022 07:12:29 GMT
etag: "32ec-5e6cf2bb62a5a"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 13036
content-type: font/woff2
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-300.woff2

185.51.8.60

200 OK

13 kB

URL HTTP/2
www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-300.woff2
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Size
13 kB (12956 bytes)
Hash
1c772d9d0531b187db80bcfc199c1786
c0c04fb334190e10dffed0dcc5c817c2a6041a15
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fileadmin/fonts/source-sans-pro-v21-latin-300.woff2 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 22 Aug 2022 07:12:28 GMT
etag: "329c-5e6cf2bad1239"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 12956
content-type: font/woff2
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2

185.51.8.60

200 OK

13 kB

URL HTTP/2
www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
Web Open Font Format (Version 2), TrueType, length 12580, version 1.0\012- data
Size
13 kB (12580 bytes)
Hash
eaf55d1d3b7c4a30203d2d5226c49b6d
11b63b740965603ef544f261ef036d24e6bb1fb5
e286a9ef7d2064a4cf7026449941a557c7123aa84ef2a17cf79a38820f5474bc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fileadmin/fonts/source-sans-pro-v21-latin-italic.woff2 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 22 Aug 2022 07:12:29 GMT
etag: "3124-5e6cf2bb4559a"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 12580
content-type: font/woff2
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-600.woff2

185.51.8.60

200 OK

13 kB

URL HTTP/2
www.turmhof.at/fileadmin/fonts/source-sans-pro-v21-latin-600.woff2
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Size
13 kB (13052 bytes)
Hash
7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fileadmin/fonts/source-sans-pro-v21-latin-600.woff2 HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 22 Aug 2022 07:12:29 GMT
etag: "32fc-5e6cf2bb08cda"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 13052
content-type: font/woff2
age: 221
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/img/zertifiziert-nachhaltige-weine.png

185.51.8.60

200 OK

109 kB

URL HTTP/2
www.turmhof.at/fileadmin/img/zertifiziert-nachhaltige-weine.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 2249 x 3067, 8-bit colormap, non-interlaced\012- data
Size
109 kB (109417 bytes)
Hash
c6a8590dc805bc91225593002f16aaae
3cf17115e5ca347c710cc03efdf0de8af540d564
f6256e3b713a04fd7cbeaae7e866487a04d0602883a6d01258ffdd9074de0d9e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fileadmin/img/zertifiziert-nachhaltige-weine.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:48:12 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
last-modified: Mon, 16 Apr 2018 18:29:37 GMT
etag: "1ab69-569fb67842272"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-length: 109417
content-type: image/png
cache-control: max-age=86400
age: 220
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/fileadmin/jcart/config-loader.php?ajax=true

185.51.8.60

200 OK

1.0 kB

URL HTTP/2
www.turmhof.at/fileadmin/jcart/config-loader.php?ajax=true
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
JSON data\012- , ASCII text, with very long lines (1007), with no line terminators
Size
1.0 kB (1007 bytes)
Hash
08a170c8da536f62c26625501498ab18
acbb249a30a96b69a7b4ec4df642507a510c0895
fa4b93bfc6318c686ff6584cfe169249efb2dc023372b3976e561ad453f70c46

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /fileadmin/jcart/config-loader.php?ajax=true HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:51:52 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: application/json; charset=utf-8
age: 0
accept-ranges: bytes
content-length: 1007
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.149.71.248

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.71.248:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QhdGOZjV7ndDV8l9IobTzA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vGy2BtokMysSEKhvi36nlqji0CM=

www.turmhof.at/android-icon-192x192.png

185.51.8.60

200 OK

3.9 kB

URL HTTP/2
www.turmhof.at/android-icon-192x192.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
3.9 kB (3887 bytes)
Hash
3eabb9bf16cbd62536b64227d2f45a3d
4fe2947c933b93a2b1bb2e7b666d89ad95a0e1f9
57c6b9924b6025350f495632c8551f4bbbcbd7e4a1b0b800672b68faa48d1546

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /android-icon-192x192.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:51:52 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
vary: Accept-Encoding
last-modified: Mon, 01 Jul 2019 19:59:54 GMT
etag: "f2f-58ca412642ecd"
content-length: 3887
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

www.turmhof.at/favicon-16x16.png

185.51.8.60

200 OK

1.3 kB

URL HTTP/2
www.turmhof.at/favicon-16x16.png
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1301 bytes)
Hash
b8a51e07dbc1a9e5f2dcbd46aaa32ddc
45b6b5b239008a0a49740d253584ecaa92b30ad0
cfd5bf87f1faf7b02424ef8a47e0fe0ed16812691b306b65a73e179d8e636906

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 03 Feb 2023 11:51:52 GMT
server: Apache
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
vary: Accept-Encoding
last-modified: Mon, 01 Jul 2019 19:59:55 GMT
etag: "515-58ca41277d611"
content-length: 1301
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: image/png
cache-control: max-age=86400
age: 0
accept-ranges: bytes
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3263
Expires: Fri, 03 Feb 2023 12:46:17 GMT
Date: Fri, 03 Feb 2023 11:51:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3263
Expires: Fri, 03 Feb 2023 12:46:17 GMT
Date: Fri, 03 Feb 2023 11:51:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3263
Expires: Fri, 03 Feb 2023 12:46:17 GMT
Date: Fri, 03 Feb 2023 11:51:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3263
Expires: Fri, 03 Feb 2023 12:46:17 GMT
Date: Fri, 03 Feb 2023 11:51:54 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5641 bytes)
Hash
d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:28:50 GMT
age: 48184
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6398 bytes)
Hash
4a92e881554205ebbe3721a7bbaeab40
b620fc82bd15b55b581bd8c3a699e1b16563ad2e
ff753b8411bfa0df54938a5f829ce25acbad863a2a3540b3bacca02baf9a2c7d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6398
x-amzn-requestid: 843fefd3-8cf4-44ee-bb7c-a010d4149442
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuv1XFXQoAMFe5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2cee-76739fd87b4c0d203eca4114;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EUE3i8Lccx5p9GVN4Dv3DOhFmG_4byC3LrD7SLrk4A5Zbone-NJwVA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:52:34 GMT
age: 50360
etag: "b620fc82bd15b55b581bd8c3a699e1b16563ad2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10166 bytes)
Hash
2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G0R-0w9HtLB5OXb-w-RyR9QCnrddkS29FqF_GeAQa1CRWkqaUJwQoA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:27:53 GMT
age: 48241
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10796 bytes)
Hash
3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vUJO-Pt9Hi1ndrCQQT1nNCGT7oDOYBpA8-EawHanESoZAsZv32dQdg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 00:25:04 GMT
age: 41210
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e690e4c-e16d-49e9-ac12-24a092d6a60c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8543 bytes)
Hash
a1d6fa4715c4e78250b2f72ddd2706f1
be04ac3a50aa6f1b349a2410ad386d92de3222be
d1c3c1b7016428bf2a085b71ca0d1e215a64b3d31ff15b0ef8bf5a78f11d9ae5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e690e4c-e16d-49e9-ac12-24a092d6a60c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8543
x-amzn-requestid: 3dc0960e-97db-42c8-99ac-623a44e8bb3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuv0wGJhIAMFaTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ceb-5ad3ef033a62559762db42b9;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EKWOeGruQEm9HuSlJMiEEw_gN1p37qTTIhYqaiQ6bFaCF65kUfmMtA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:55:01 GMT
age: 50213
etag: "be04ac3a50aa6f1b349a2410ad386d92de3222be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 04:53:21 GMT
age: 25113
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.turmhof.at/home/Aktualisiere/

185.51.8.60

404 Not Found

0 B

URL HTTP/2
www.turmhof.at/home/Aktualisiere/
IP
185.51.8.60:0
ASN
#208582 Nessus GmbH

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /home/Aktualisiere/ HTTP/1.1
Host: www.turmhof.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=edlor2c6osie4jlogggnfi6tm3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Fri, 03 Feb 2023 11:51:52 GMT
server: Apache
content-encoding: gzip
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
feature-policy: microphone 'none'; payment 'none'; sync-xhr 'self' https://www.turmhof.at
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
content-type: text/html
age: 0
strict-transport-security: max-age=15768000
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (48)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type