Report - xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/

Report Overview

Visited public
2023-11-03 12:35:40
Tags
crypto phishing
URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Finishing URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
IP / ASN
122.201.127.227
#38719 Dreamscape Networks Limited
Title
MetaMask - A crypto wallet & gateway to blockchain apps
Phishing - Generic Crypto/Wallet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xcx3gsz9.dreamwp.com	unknown	2016-06-23	2023-10-28 21:52:35	2023-11-03 07:59:31	28 kB	3.9 MB	122.201.127.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-03 09:31:26	1.4 kB	48 kB	142.250.74.106
forms.hsforms.com	5160	2013-09-18	2018-03-07 16:21:13	2023-11-03 08:31:20	984 B	8.0 kB	104.18.176.125
lpcdn.lpsnmedia.net	3501	2010-08-04	2014-04-27 12:17:58	2023-10-31 06:32:06	1.2 kB	56 kB	34.120.154.120
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-11-03 10:14:24	11 kB	1.8 MB	142.250.74.99
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2023-11-03 05:10:39	513 B	1.2 kB	35.244.181.201
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-03 09:30:40	9.6 kB	271 kB	216.58.207.227
perf.hsforms.com	10768	2013-09-18	2020-07-03 15:11:28	2023-11-03 07:52:03	1.0 kB	2.1 kB	104.18.176.125
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-09-20 20:05:47	11 kB	1.6 MB	142.250.74.132
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07 07:43:56	2023-11-03 09:55:53	295 B	512 kB	2.22.61.56

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-03 12:35:14	low	Client IP	Internal IP	ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)
2023-11-03 12:35:14	low	Client IP	Internal IP	ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-02	medium	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/	Crypto/Wallet

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
2.22.61.56
ASN
#20940 Akamai International B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

JavaScript (48)

	URL	From	Size	First Seen	Last Seen
	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jsonp	ScriptElement	278 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jsonp IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2024-12-31 05:03 Times Seen36 Hash 7efac8c0fa8e30db7a423500ef59abab be73717f776f24dd31498c27a1b02b784570d5bb 102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html	ScriptElement	73 B	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2025-05-10 22:20 Times Seen201 Hash ccf7a258eee5e12d2cb3d813a5da86c8 0d0c6985e493d2f610870c9259901a2511734328 441b05bfa42c0b589fd682ec21e9ba36e55f6ec2718fbb259a812cd0b999c28e Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html	ScriptElement	181 B	2023-03-07	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:17 Last Seen2025-05-11 14:34 Times Seen15974 Hash 0e9e3ad57abeefde87342864450cc232 4dc8676bf3417d597053d5f253fce034007f63da 9a37601d1f5a5f2fba3b000694d4bf5e035c606d5485dd94e2997cbe2efe5c26 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/enterprise.js.download	ScriptElement	1.0 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/enterprise.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2024-12-31 05:03 Times Seen67 Hash d07e7630bc23cbdd7520d0a4f086c922 b50685923a96d55109959fdf21f369d902971b2a 15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.js.download	ScriptElement	601 kB	2023-03-07	2025-05-06
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-05-06 11:44 Times Seen100 Hash 9758f7e3aa0c79ea7a3cadb16d10087b 07f3c4e552e28eba6172f53d6dcf981a55f42031 0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/sandbox%20eval%20code		147 B	2023-04-11	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 14:49 Times Seen341941 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/v2.js.download	ScriptElement	579 kB	2023-03-09	2024-12-23
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/v2.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen62 Hash d3b2366c9977c975fc6abdc6a119c361 ed6031ba0b0efe5b77acd0382f8d647f2cc88018 7f82030e7f8b2956fcb539a7cf3f1d80907d28d02c2696ac0560daf3cfafaa25 Loading...

	www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js	ScriptElement	478 kB	2023-11-02	2023-11-10
Pretty URL www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 08:53 Last Seen2023-11-10 04:27 Times Seen4605 Hash 0de5995e9ac19853eeffb8bbe74e6a7d 719e6fbcd0b38df859a6f7a8c51a820d7bf5970d c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37 Loading...

	www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 14:49 Times Seen4655234 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true	ScriptElement	1.0 kB	2023-11-03	2023-11-09
Pretty URL www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 12:38 Last Seen2023-11-09 14:37 Times Seen7 Hash ca445e0df8314d77d3379a952f63c0d2 f54afdecc94ba50b0cfbb9c4575ec38c6ea220e5 65e4a80ef2db9200ad31b69f5a00d380699f5f9bb32b624ae930954f516cdd7e Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download	ScriptElement	354 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2024-12-31 05:03 Times Seen66 Hash e735084e8ffed1ad8d89df08d98d4d23 6cdab8dac12030c8bc980ec129affecc626285c3 6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true	ScriptElement	39 kB	2023-03-07	2024-12-23
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true IP 34.120.154.120 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2024-12-23 16:45 Times Seen55 Hash a3a38a5d6888ddc1831a811e9d428c77 2ca5b076aea8b4c6ff7ad1873de4ade91d66511f d4676cbbadec76c9f89f5b771a7f4927d544b4d76801e40e9957493e038e0db4 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/js	ScriptElement	92 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/js IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2024-12-31 05:03 Times Seen37 Hash fb2ab9b8632250b0d7aa50c08150cfe1 73b3f266ac08c9fb07e1de1664fed384ccd5bc86 5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b Loading...

	accdn.lpsnmedia.net/api/account/88982875/configuration/domainprotection/refererrestrictions?cb=lpCb88516x8648	ScriptElement	112 B	2024-08-20	2024-08-20
Pretty URL accdn.lpsnmedia.net/api/account/88982875/configuration/domainprotection/refererrestrictions?cb=lpCb88516x8648 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 497e82c3c9d1c1907c663b4d27a24c7d d2be00c4e46fbe44e94f2be8d0d4a4609eb26e37 52a089517c085cc8f704cbe5f9a8394f29c14c3ef152a15692fd19782f0818bc Loading...

	js.hsforms.net/forms-next/shell-recaptcha	ScriptElement	540 B	2023-04-05	2025-02-03
Pretty URL js.hsforms.net/forms-next/shell-recaptcha IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 05:29 Last Seen2025-02-03 10:04 Times Seen100 Hash 0ef8295b6b00040322f2dcbc2dad3a7b 3c3f471eb10ddba84126b623484930b3c99a8014 8f6e0ed5457a4e0086d8f5754cf5beb474f716ed08184676d4768c88bffb2c63 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/plx.chock.js	ScriptElement	3.4 kB	2023-03-07	2025-05-03
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/plx.chock.js IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2025-05-03 11:49 Times Seen81 Hash 5acfeead7d13511cdef767305b87e3f8 ec5337e62f1e64d3aaba3bf41a41b5f876964922 b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html	ScriptElement	164 B	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-05-10 22:20 Times Seen135 Hash 9fb685752617cf9403453cc16f9b0469 84d82954770f482fbea43960d5a5dc36e3572d1a d57443d0c7faf37db40a6058be8401314277c4b2662d8ed301ee6c0bd99a8c4d Loading...

	accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb33285x41372	ScriptElement	6.7 kB	2024-08-20	2024-08-20
Pretty URL accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb33285x41372 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 58722225460f4d331319665de24d571d 1d3571ddfe5c6310df900f29c8c9f051b44ba799 9d6ae60130387e9c2692eb1b64bcfb4da5c428be6847316941a5c7f7740ef372 Loading...

	forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=	ScriptElement	5.8 kB	2023-11-03	2023-11-03
Pretty URL forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= IP 104.18.176.125 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 13:35 Last Seen2023-11-03 13:35 Times Seen1 Hash d664d20c8f4002e097389d280c8490c0 16f7975c61fc3f7c5073faf6157834c5e106a64c d6e2ad145ac48db2acd510d419a68a9ca7c0d566b4b048e20455035d66809f7b Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=9t77e9nq5x6x	ScriptElement	75 B	2023-03-07	2025-05-11
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=9t77e9nq5x6x IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-05-11 14:27 Times Seen14267 Hash dca9d53787fff314e5bd1a123b28906a 1350c858f60bbb03d1b53b05cbad6cea82ff29d1 2475d902b4182bac667d464a44c89ee405e5cfd64156b30f811557cf2b347e2f Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-11
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 14:49 Times Seen341141 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download	ScriptElement	39 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2024-12-31 05:03 Times Seen69 Hash 3386ec5559f1ba569cf0ab6acab436cc e98e11d37c5172ee128a85f68447efb3cb0e853c 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webfont.js.download	ScriptElement	13 kB	2023-03-07	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webfont.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-11 14:34 Times Seen17545 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jquery-3.5.1.min.dc5e7f18c8.js.download	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jquery-3.5.1.min.dc5e7f18c8.js.download IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 14:38 Times Seen108953 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/analytics.js.download	ScriptElement	50 kB	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/analytics.js.download IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 21:02 Times Seen273 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html	ScriptElement	1.8 kB	2023-03-07	2025-05-06
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 17:55 Last Seen2025-05-06 11:44 Times Seen114 Hash 8b1fb904d189e68aaf32a2223915fdfd d1a510fab3db50f7482275581d2171914e1d6631 c1863d7b43731c0cb9a160099c3fa80215e0b0966f27061f78eb6af1da84f026 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html	ScriptElement	116 B	2023-03-07	2025-05-06
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-05-06 11:44 Times Seen140 Hash 65eedcd8ea68974fc10b18a001f5ff0d d57d865c29e2ba5f817f850194c33f6d1e7ea064 681e6299492c0b7a15980513d81a420ff8d912dadc14d90148b77bd81018926e Loading...

	accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB	ScriptElement	3.4 kB	2024-08-20	2024-08-20
Pretty URL accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 6d81ca6c890b9577c184e5ad189b3ebf 5e0aeef37ade40b0de916e95ac53d1c7e2d9533c fd8044507618ea697eebd4b04d161eff8aafa0a17f48831686f9a39e70c9274d Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html	ScriptElement	184 B	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-05-10 22:20 Times Seen150 Hash 12c0659e2686c193368d09f53edc8090 e2a481f856253ec2b3dfe266ab035bc1ca650b72 7269e1e3bae2d22edc632e41922fd7e090dd785fdb749c05b577f78e9126075c Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/tag.js.download	ScriptElement	22 kB	2023-03-07	2024-12-23
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/tag.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2024-12-23 16:45 Times Seen103 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 272eb139968a9665de1db4beccf568d2	22 B	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen63 Hash 272eb139968a9665de1db4beccf568d2 e6505fdd0680c557e102b20212d31942c7d24429 26ef4c313a8ffd1b7fc79977328690a19336ac1187fa07d9cfc3a8327f5a08ba Loading...

	#2 Eval - f60c656379be73a5e44b4331024fb695	22 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash f60c656379be73a5e44b4331024fb695 0e9952da0fc27e124d505aca7bd4122152f6004b 51ec33a20277f0e4647367108160a3704d78df052b41fc040d75c3d0f4a7a5b9 Loading...

	#3 Eval - 8239ee6044ad7e817a1f26d19412f6eb	22 B	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen62 Hash 8239ee6044ad7e817a1f26d19412f6eb 7116e217d05810b609ff09ac21e2c6097f14484c df78f0db59a013604da430bf67714a0445ddb583f42925592cfed1774716374d Loading...

	#4 Eval - dcc7b5db5e0385ddfedd09c646d528a1	16 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash dcc7b5db5e0385ddfedd09c646d528a1 d0d903b72d27f4f0df60a9394797a0740f831165 ac4855da6971f4490b5e1ec27ce057e3533e1128f3e1fb1c1331d76529f2359d Loading...

	#5 Eval - 755ddff2f46272d1251d11b92781d4fd	20 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 755ddff2f46272d1251d11b92781d4fd 12ceed479436b27e2fd6f9f6bdf9031386ff6776 ebb6582e054686423a5057ec34a8a13809fa643e066798e8488d92aef7e2a367 Loading...

	#6 Eval - 7dc2c476c6ccbd80181bd324384ea894	22 B	2023-10-13 09:47	2024-08-21 04:53
Pretty Observations First Seen2023-10-13 09:47 Last Seen2024-08-21 04:53 Times Seen1231 Hash 7dc2c476c6ccbd80181bd324384ea894 1f1f55ece4b8eb31dfaee05c3b08d8dfc19685bf 46370a37ee616c1a60a35a0b564e04dddab73b92cd11d8b738368fd10b28351b Loading...

	#7 Eval - 15760900e488ec647450f20eeaa49944	15 kB	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen60 Hash 15760900e488ec647450f20eeaa49944 208ad236b244f8adbd138cda9ad9f7f1d4e7758e 90d9c75dc0b4578e5468206d805353952b0a650c707ac7f9632b29f3694c1dff Loading...

	#8 Eval - e42107aa5a7c56f54caa9985352cd3c9	16 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash e42107aa5a7c56f54caa9985352cd3c9 a544d82b06b42905f72600c0e96fb7d77b48580f 2cfa0d54f7a1ec1e55dd25def1c68d8a3406046751ea39ebcb34d6eb2c615207 Loading...

	#9 Eval - bce9a75eb927e759d069f8860d625d3a	17 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash bce9a75eb927e759d069f8860d625d3a 8d136dd786515fd7693333a3c9c92ca307e653a4 2fe4f8f2ac09ceef4cd632c85acbc6444d53b0c978f51e91b7b0983d0eaa7055 Loading...

	#10 Eval - 5de85a488bbf362a048b002da06847b7	18 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 5de85a488bbf362a048b002da06847b7 50b227dc426f07ddcd5d29372dba2a95f6a76cdd 9d9717ec5a966c8d8a754044834953229aebd432161f321f7d4f43b34722a245 Loading...

	#11 Eval - 0864b4bb6b4edc4aedac969fe2776693	62 B	2023-10-13 09:47	2024-08-21 04:53
Pretty Observations First Seen2023-10-13 09:47 Last Seen2024-08-21 04:53 Times Seen1231 Hash 0864b4bb6b4edc4aedac969fe2776693 a11f92051a10ac896b4fb9c491cdfb020a03222e 8c6a7c304f4357251c394c2c95f9897105af3bcdb8cfa7342cab05738bdbf1b3 Loading...

	#12 Eval - 885e137c3d6a19d2c304f32e27fa34d9	22 B	2023-10-13 09:47	2024-08-21 04:53
Pretty Observations First Seen2023-10-13 09:47 Last Seen2024-08-21 04:53 Times Seen1233 Hash 885e137c3d6a19d2c304f32e27fa34d9 d3640e49392f353a89efc8cc20087cfcfa4f47a0 de7e883d0c05bc451a88f0b0645c6469fc7498038237a7e93898d9893adc701f Loading...

	#13 Eval - 7b4da598b16e00536724635dbfa9bdec	17 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 7b4da598b16e00536724635dbfa9bdec 62f4afac746adb67910a9ae65908905f95e782ec 5e39a56776b1e499cb4491b9c3ff119acf8b441248e2fec19219adfa882277f3 Loading...

	#14 Eval - 562834e908d6706f5e9085bbc01b0a5e	21 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 562834e908d6706f5e9085bbc01b0a5e aa74531a312bd29e82ba489cb4de674cc6bd35a8 36346c8580fa07d43c86fe23da84a3811fdbeb79d672aaa768554053ce66723f Loading...

	#15 Eval - eb94905b9da3f67da3f000d1bb6efbde	64 B	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen62 Hash eb94905b9da3f67da3f000d1bb6efbde 1d3286e8759266d0f632990a00153ac614ca6c39 ef56a8332ced72dcd8b9a2756ce1fe129be6db47ca4863412b51e8028a9d1eb2 Loading...

	#16 Eval - 599a43ada6c4650cbff88fae4ae8483b	18 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash 599a43ada6c4650cbff88fae4ae8483b dfb0d4caca0a641e4b4a92e120eb7767028d0bcc f52e242269a4e3c8d12e8125e8a1c6572b0eb6ff885da254e8741939c31266ec Loading...

	#17 Eval - aaad149362cb8bcb611eaba9c8edbcad	21 kB	2024-08-20 21:16	2024-08-20 21:16
Pretty Observations First Seen2024-08-20 21:16 Last Seen2024-08-20 21:16 Times Seen1 Hash aaad149362cb8bcb611eaba9c8edbcad 868c7e4b38032e0ca4e534106f378a971212e28e 7231fbfc1bc6c460679c9c83e3bb22c4c024102926fae46b668597c9184ed2ce Loading...

	#18 Eval - 370b0dc3463c51449bc5065058bd39a5	16 kB	2023-10-13 09:47	2024-08-21 04:53
Pretty Observations First Seen2023-10-13 09:47 Last Seen2024-08-21 04:53 Times Seen1234 Hash 370b0dc3463c51449bc5065058bd39a5 483c8db61e092691514e22b6ec3ac9cd16f19101 d9ec3eea1586bee3c7d9c47f2b26e73ba2989ebf0b9d6112c3a6081dcce49f28 Loading...

HTTP Transactions (114)

URL IP Response Size

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/

122.201.127.227

7.0 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1843)
Size
7.0 kB (6954 bytes)
Hash
f53243c713f7cd597cdd7f0233a18057
033d242dee09c182a3693c7810c8094639f47c61
42e6154d96d541f7507b1fcdf07095e5e9b6b0a0e734d5e2594b006bc5eb31ef

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/ HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:15 GMT
content-type: text/html
content-length: 6954
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=7200
expires: Fri, 03 Nov 2023 14:35:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

812 B

URL
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
812 B (812 bytes)
Hash
d8d2b124ee6db27046a832caa981460b
fd61c2ad8700a8626e33e3eb0abcc9445d83cbdc
cb4c56672ba09456ca4e977267cd43cfa5eff2bdceab3d3fbf0f05d731334298

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Nov 2023 12:35:15 GMT
date: Fri, 03 Nov 2023 12:35:15 GMT
cache-control: private, max-age=86400
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html

122.201.127.227

684 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:15 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-2ac"
expires: Sun, 03 Dec 2023 12:35:15 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.js.download

122.201.127.227

200 OK

190 B

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
190 B (190 bytes)
Hash
3267dd8f0e96711dd54dbb1f5676b447
202602c4ec4a5e2498e3d24a3ed025ce70bf749c
b429e25e7813a9e2b90dcec11d9cb5287751246128dd6c76a7349774829c5554

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/webflow.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 503 Service Unavailable
server: nginx
date: Fri, 03 Nov 2023 12:35:15 GMT
content-type: text/html
content-length: 190
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download

122.201.127.227

190 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
190 B (190 bytes)
Hash
3267dd8f0e96711dd54dbb1f5676b447
202602c4ec4a5e2498e3d24a3ed025ce70bf749c
b429e25e7813a9e2b90dcec11d9cb5287751246128dd6c76a7349774829c5554

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 503 Service Unavailable
server: nginx
date: Fri, 03 Nov 2023 12:35:15 GMT
content-type: text/html
content-length: 190
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/wpp.gif

122.201.127.227

3.9 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/wpp.gif
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
GIF image data, version 87a, 470 x 40\012- data
Size
3.9 kB (3877 bytes)
Hash
941648b845842a709da73e24652cf8a4
099e5f97e602d026c51537c9b45328dc99261d7c
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/wpp.gif HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:16 GMT
content-type: image/gif
content-length: 3877
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-f25"
expires: Sun, 03 Dec 2023 12:35:16 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webfont.js.download

122.201.127.227

200 OK

6.0 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webfont.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2134)
Size
6.0 kB (6022 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/webfont.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:16 GMT
content-type: application/javascript
content-length: 6022
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/js

122.201.127.227

92 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1815)
Size
92 kB (92325 bytes)
Hash
fb2ab9b8632250b0d7aa50c08150cfe1
73b3f266ac08c9fb07e1de1664fed384ccd5bc86
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:16 GMT
content-length: 92325
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/tag.js.download

122.201.127.227

9.1 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/tag.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (21652), with no line terminators
Size
9.1 kB (9066 bytes)
Hash
e2ee8a9cd68c3d310a4c62fdb4b5c93a
67eb5f9547f1d9de0a8b143c3b50511c26281399
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/tag.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:16 GMT
content-type: application/javascript
content-length: 9066
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/enterprise.js.download

122.201.127.227

614 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/enterprise.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1008), with no line terminators
Size
614 B (614 bytes)
Hash
d07e7630bc23cbdd7520d0a4f086c922
b50685923a96d55109959fdf21f369d902971b2a
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/enterprise.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:16 GMT
content-type: application/javascript
content-length: 614
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jsonp

122.201.127.227

278 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jsonp
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
278 kB (278382 bytes)
Hash
7efac8c0fa8e30db7a423500ef59abab
be73717f776f24dd31498c27a1b02b784570d5bb
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/jsonp HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:16 GMT
content-length: 278382
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html

122.201.127.227

684 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:16 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-2ac"
expires: Sun, 03 Dec 2023 12:35:16 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/normalize.css

122.201.127.227

3.1 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/normalize.css
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
3.1 kB (3130 bytes)
Hash
56b91535cb05c6e1547a08877d7f9af5
9fabc29a78e54477d6c2df2bccca4d4b6dfad22b
b7937ac60e590ca054977cbc6b3b3ffb74dd298b286af9d76054cea3c908b2a2

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/normalize.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:15 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-1e5c"
expires: Sun, 03 Dec 2023 12:35:15 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/mm-logo.svg

122.201.127.227

12 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/mm-logo.svg
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
12 kB (12019 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/mm-logo.svg HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:17 GMT
content-type: image/svg+xml
content-length: 12019
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:17 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

7.9 kB

URL
fonts.gstatic.com/s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 18:15:30 GMT
expires: Sat, 26 Oct 2024 18:15:30 GMT
cache-control: public, max-age=31536000
age: 584387
last-modified: Thu, 24 Aug 2023 21:10:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

8.4 kB

URL
fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 18:24:00 GMT
expires: Sat, 26 Oct 2024 18:24:00 GMT
cache-control: public, max-age=31536000
age: 583877
last-modified: Thu, 24 Aug 2023 20:56:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/hero2.4.png

122.201.127.227

590 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/hero2.4.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
PNG image data, 1752 x 1452, 8-bit/color RGBA, non-interlaced\012- data
Size
590 kB (589568 bytes)
Hash
d0ec70f4c666fbf6ad0d30a52d08c5c9
e48f0688bc4f592824840478d12c05df0dd12002
3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/hero2.4.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/metamask-staging-2.webflow.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:17 GMT
content-type: image/png
content-length: 589568
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-8ff00"
expires: Sun, 03 Dec 2023 12:35:17 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/EuclidCircularB-Regular-WebXL.woff2

122.201.127.227

45 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/EuclidCircularB-Regular-WebXL.woff2
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/metamask-staging-2.webflow.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:17 GMT
content-type: font/woff2
content-length: 45196
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:17 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.106

45 kB

URL
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
45 kB (44856 bytes)
Hash
4333c7fabe7b02525f144471353b69fb
50136e42c0088df7a3fdaa2d39d6e3c1f564a226
fda6c68a597e4cd459a876f36255f1e842080d3ad9131b054cf29d2094ea160a

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Nov 2023 12:35:17 GMT
date: Fri, 03 Nov 2023 12:35:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=

104.18.176.125

200 OK

2.1 kB

URL GET HTTP/3
forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=
IP
104.18.176.125:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1E:9D:91:27:86:63:DC:7B:9D:15:4E:99:31:FC:AA:1D:DC:9E:06:3B
ValidityThu, 18 May 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5788), with no line terminators
Size
2.1 kB (2145 bytes)
Hash
c175addc4f2675e5719aae564b890cf2
3186124aab461260cd670c43de825c289a373a04
8675d51f351e102f7cf0a1366d37937f08f0c059b89f5a4c1101b1e3e16daaa7

HTTP Headers

GET /embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 Nov 2023 12:35:18 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace: 2B122218DA2E81BAA76C352AB50EB12E74F2C6B5E2000000000000000000
X-Origin-Hublet: na1
Vary: origin
Content-Disposition: attachment; filename=no-rfd.txt
X-Content-Type-Options: nosniff
Access-Control-Allow-Credentials: false
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
x-envoy-upstream-service-time: 17
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-swd7n
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
X-HubSpot-Correlation-Id: 311af193-678a-45e8-b3ea-e93dbf03046e
x-request-id: 311af193-678a-45e8-b3ea-e93dbf03046e
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8204a8051aafb518-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource(1).html

122.201.127.227

504 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource(1).html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
504 B (504 bytes)
Hash
938be7d50aa827110de3ba6d24f24ceb
499a6b9239bbf79c2363a2ecf3cc405a957b24ec
58092d87121c0af28a0ae8ad3e9afcfb4c50156ca369a9a2dfafc8d516a25d5c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/saved_resource(1).html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:18 GMT
content-type: text/html
content-length: 504
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-1f8"
expires: Sun, 03 Dec 2023 12:35:18 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&force=1&env=prod&isCrossDomain=true

34.120.154.120

14 kB

URL
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&force=1&env=prod&isCrossDomain=true
IP
34.120.154.120:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38562), with no line terminators
Size
14 kB (14417 bytes)
Hash
3386ec5559f1ba569cf0ab6acab436cc
e98e11d37c5172ee128a85f68447efb3cb0e853c
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

HTTP Headers

GET /le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPqUfBRC2g-prUjO34DfdlMiJCqavjU3R9CZ24YRmEMBmwBbRPhMHA9tlmzmk_R26bdPILh9VcTE20uNlP2MOXWzOQ
date: Fri, 03 Nov 2023 12:35:17 GMT
last-modified: Sat, 17 Jun 2023 09:58:10 GMT
etag: W/"3386ec5559f1ba569cf0ab6acab436cc"
x-goog-generation: 1686995890633718
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 38562
content-type: application/javascript
x-goog-hash: crc32c=O9g67g==, md5=M4bsVVnxulac8KtqyrQ2zA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
server: UploadServer
vary: Accept-Encoding
content-encoding: br
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/js.hsforms.net/forms/v2.js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Nov 2023 12:35:18 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download

122.201.127.227

16 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (38562), with no line terminators
Size
16 kB (16166 bytes)
Hash
3386ec5559f1ba569cf0ab6acab436cc
e98e11d37c5172ee128a85f68447efb3cb0e853c
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:18 GMT
content-type: application/javascript
content-length: 16166
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:18 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource(2).html

122.201.127.227

504 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource(2).html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
504 B (504 bytes)
Hash
be8f11582f8b9d35f9b9476b810c0468
59600ce9d68f20be69bbaead09ac058abf650dd2
1898ec2fd073040a6d445e0a662e7fdbccbd59946a629b82c2db1e202665f46d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/saved_resource(2).html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/anchor.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:18 GMT
content-type: text/html
content-length: 504
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-1f8"
expires: Sun, 03 Dec 2023 12:35:18 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57127
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

142.250.74.99

1.6 kB

URL
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Fri, 03 Nov 2023 12:35:19 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://js.hsforms.net
DNT: 1
Connection: keep-alive
Referer: https://js.hsforms.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57127
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/favicon.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Nov 2023 12:35:19 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/webclip.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Nov 2023 12:35:19 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css

142.250.74.99

25 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Nov 2023 10:07:26 GMT
expires: Sat, 02 Nov 2024 10:07:26 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/css
vary: Accept-Encoding
age: 8873
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57127
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57127
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.99

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 10:36:30 GMT
expires: Sat, 04 Nov 2023 10:36:30 GMT
cache-control: public, max-age=604800
age: 525529
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.99

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 09:20:06 GMT
expires: Tue, 07 Nov 2023 09:20:06 GMT
cache-control: public, max-age=604800
age: 270913
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.99

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 00:56:30 GMT
expires: Sat, 04 Nov 2023 00:56:30 GMT
cache-control: public, max-age=604800
age: 560329
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 23:51:35 GMT
expires: Fri, 01 Nov 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 45824
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067

104.18.176.125

35 B

URL
perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067
IP
104.18.176.125:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067 HTTP/1.1
Host: perf.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 Nov 2023 12:35:19 GMT
content-type: image/gif
content-length: 35
x-trace: 2B66DAF16DD3793D639E410535455FACD009B94733000000000000000000
cache-control: max-age=0, no-cache, no-store
vary: origin, Accept-Encoding
access-control-allow-credentials: false
x-content-type-options: nosniff
access-control-expose-headers: X-Origin-Hublet
x-robots-tag: none
x-envoy-upstream-service-time: 9
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-t2vvv
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-hubspot-correlation-id: fc074a9b-b31c-4549-8674-9f638cabc642
x-request-id: fc074a9b-b31c-4549-8674-9f638cabc642
last-modified: Fri, 03 Nov 2023 12:35:19 GMT
cf-cache-status: MISS
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8204a80e78fab523-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 569718
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr

142.250.74.132

2.3 kB

URL
www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
2.3 kB (2338 bytes)
Hash
74706ed3628f57f62a9a167ceee0ed91
7a31f43d5d7b468472d9db96a492d4631ac416b6
718a7b82f67a521aefbb3fe6957b3c59ec42b9617331577271b8af293a905272

HTTP Headers

GET /recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=cqkqow15guw1
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Fri, 03 Nov 2023 12:35:19 GMT
date: Fri, 03 Nov 2023 12:35:19 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 23:51:35 GMT
expires: Fri, 01 Nov 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 45824
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 569718
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr

142.250.74.132

192 kB

URL
www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
192 kB (191486 bytes)
Hash
bf61137bfa6d3cd8c3da31743841c05f
7e27453d681bc9212488097e2946bf1a69b1571d
cec4a656c353360720801b94e5d9c6c7cda3487e2b4040fda37862c6926d02a0

HTTP Headers

GET /recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=r9lac1ljjlp7
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Fri, 03 Nov 2023 12:35:19 GMT
date: Fri, 03 Nov 2023 12:35:19 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57128
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

26 kB

URL GET
www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56425)
Size
26 kB (25773 bytes)
Hash
53f8c5ac5c38613d63c52c30e58836cd
bd81b13bd9cbf7ea977225aa7dfafac14e6cf7f5
6b3e9559bf42f61f44a83c5793cb07f673b4145268ed5ac6ae2ed95fe5f6610d

HTTP Headers

GET /recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://js.hsforms.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 12:35:20 GMT
content-security-policy: script-src 'nonce-_BC8JhUM-DZmpQwpRtmWlg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/anchor.html

122.201.127.227

238 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/anchor.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (33133)
Size
238 kB (237671 bytes)
Hash
9374b336e7a44c8bc305bf2245b1a340
60781a722257544af6618fc4b02bf716d1645d7a
8472e59c2d1180d251c1e921d0e7ad6b62b761f5d95795185a39ad7d7dcdcea9

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/anchor.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:18 GMT
content-type: text/html
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-a636"
expires: Sun, 03 Dec 2023 12:35:18 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

362 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (820)
Size
362 kB (362121 bytes)
Hash
c88de1ccbc5a9390f7054857b735f02b
c3fa63ab85aec53407081cb2788aa55b1d8c0882
208f9fa7796fd8a91473cf9f8a971d01d3bd26a5fbfe72daec53dde118ea24fe

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/bframe.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:19 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

40 kB

URL
www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
40 kB (40005 bytes)
Hash
6d3766923fcc4cab9def6a8e6d412db4
45fa8ac64a41f42f0fba2c8e389655f391e3c6b5
875fd5ee4f1b8c051b789f9eab4a6bd78c39cfc95080e6cb8794d21c1cf04731

HTTP Headers

POST /recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 6778
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Fri, 03 Nov 2023 12:35:20 GMT
expires: Fri, 03 Nov 2023 12:35:20 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09ABQWEJouurJiTN8h2W3t9yML4JOOwNiEDbxab9qZ2UIA0Vot4RMugZiUjhKOvw13aHVoSYlMZlCeTMN1VLJHsF8;Path=/recaptcha;Expires=Wed, 01-May-2024 12:35:20 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=cqkqow15guw1

142.250.74.132

49 kB

URL
www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=cqkqow15guw1
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
49 kB (49342 bytes)
Hash
33a0a46b073c6878dfc56103a10e5c67
3a7b70fa8216a5d6bb565d6a19154f45afb23a41
7f71e57ad532916527f265b5d636c18a3250ab2f77e62c5f8178fb898bd7ac9d

HTTP Headers

GET /recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=cqkqow15guw1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 12:35:19 GMT
content-security-policy: script-src 'nonce-jngVxevNFpS_GKUqhuK9Wg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 569719
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/canonical_car.png

142.250.74.99

11 kB

URL
www.gstatic.com/recaptcha/api2/canonical_car.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 98 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
11 kB (11174 bytes)
Hash
a4741c6089e163f0e5c0cdb2c698a03e
03b190c8d9350802cbabbccd2757cff1fb7115f0
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805

HTTP Headers

GET /recaptcha/api2/canonical_car.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 11174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 21:22:37 GMT
expires: Thu, 09 Nov 2023 21:22:37 GMT
cache-control: public, max-age=604800
age: 54763
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

25 kB

URL
www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
25 kB (25291 bytes)
Hash
2987eb9df5a7ce1675f188a15d53fcdb
dfae4d96e788f2031dcc01d9981a1632463ad159
9649bebb84951630ce616dbddc1dc8d6bd668e1f77bdcc84366584536d53330c

HTTP Headers

POST /recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 8408
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Fri, 03 Nov 2023 12:35:20 GMT
expires: Fri, 03 Nov 2023 12:35:20 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w;Path=/recaptcha;Expires=Wed, 01-May-2024 12:35:20 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.99

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 00:56:30 GMT
expires: Sat, 04 Nov 2023 00:56:30 GMT
cache-control: public, max-age=604800
age: 560330
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/payload?p=06AFcWeA6xau2LE3nnWTTrpbelwsr1FOgC_vUXYsjtrdxMNzjwNhk2gABS3GrllBo7JkH7ZJ-LOFXTEHUn8KntQZmSX9ggJu1JVJ9KtTmqZ_00vBR9HfzOwZoe0nhtlRipEgoMdFHvXfwjWQdXJVTWhQE-ahx1R6PcTvLDwCUdYyCcjnRoZoLv41F6fQcdy20SgrLrtZqid4UQ&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

31 kB

URL
www.google.com/recaptcha/enterprise/payload?p=06AFcWeA6xau2LE3nnWTTrpbelwsr1FOgC_vUXYsjtrdxMNzjwNhk2gABS3GrllBo7JkH7ZJ-LOFXTEHUn8KntQZmSX9ggJu1JVJ9KtTmqZ_00vBR9HfzOwZoe0nhtlRipEgoMdFHvXfwjWQdXJVTWhQE-ahx1R6PcTvLDwCUdYyCcjnRoZoLv41F6fQcdy20SgrLrtZqid4UQ&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Size
31 kB (30638 bytes)
Hash
38835d69c644c0ceafe9232712adc33b
d486d18de17da810d818ec85f3a155e86fa901bc
59f0294d09179baef1b249eb7b8e6d5c1b2b5c4522efe207ac2f2bc9e23edf25

HTTP Headers

GET /recaptcha/enterprise/payload?p=06AFcWeA6xau2LE3nnWTTrpbelwsr1FOgC_vUXYsjtrdxMNzjwNhk2gABS3GrllBo7JkH7ZJ-LOFXTEHUn8KntQZmSX9ggJu1JVJ9KtTmqZ_00vBR9HfzOwZoe0nhtlRipEgoMdFHvXfwjWQdXJVTWhQE-ahx1R6PcTvLDwCUdYyCcjnRoZoLv41F6fQcdy20SgrLrtZqid4UQ&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/jpeg
expires: Fri, 03 Nov 2023 12:35:20 GMT
date: Fri, 03 Nov 2023 12:35:20 GMT
cache-control: private, max-age=30
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 23:51:35 GMT
expires: Fri, 01 Nov 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 45826
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 569720
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Size
15 kB (15340 bytes)
Hash
19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:15:32 GMT
expires: Fri, 01 Nov 2024 15:15:32 GMT
cache-control: public, max-age=31536000
age: 76789
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html

122.201.127.227

684 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:25 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-2ac"
expires: Sun, 03 Dec 2023 12:35:25 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download

122.201.127.227

190 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
190 B (190 bytes)
Hash
3267dd8f0e96711dd54dbb1f5676b447
202602c4ec4a5e2498e3d24a3ed025ce70bf749c
b429e25e7813a9e2b90dcec11d9cb5287751246128dd6c76a7349774829c5554

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/storage.secure.min.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 503 Service Unavailable
server: nginx
date: Fri, 03 Nov 2023 12:35:25 GMT
content-type: text/html
content-length: 190
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webfont.js.download

122.201.127.227

200 OK

6.0 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webfont.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2134)
Size
6.0 kB (6022 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/webfont.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:26 GMT
content-type: application/javascript
content-length: 6022
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/js

122.201.127.227

92 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1815)
Size
92 kB (92325 bytes)
Hash
fb2ab9b8632250b0d7aa50c08150cfe1
73b3f266ac08c9fb07e1de1664fed384ccd5bc86
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:26 GMT
content-length: 92325
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/tag.js.download

122.201.127.227

9.1 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/tag.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (21652), with no line terminators
Size
9.1 kB (9066 bytes)
Hash
e2ee8a9cd68c3d310a4c62fdb4b5c93a
67eb5f9547f1d9de0a8b143c3b50511c26281399
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/tag.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:26 GMT
content-type: application/javascript
content-length: 9066
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/enterprise.js.download

122.201.127.227

614 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/enterprise.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1008), with no line terminators
Size
614 B (614 bytes)
Hash
d07e7630bc23cbdd7520d0a4f086c922
b50685923a96d55109959fdf21f369d902971b2a
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/enterprise.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:26 GMT
content-type: application/javascript
content-length: 614
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jsonp

122.201.127.227

278 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/jsonp
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
278 kB (278382 bytes)
Hash
7efac8c0fa8e30db7a423500ef59abab
be73717f776f24dd31498c27a1b02b784570d5bb
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/jsonp HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:26 GMT
content-length: 278382
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:16 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html

122.201.127.227

684 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/css.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:27 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-2ac"
expires: Sun, 03 Dec 2023 12:35:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

299 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
299 kB (299097 bytes)
Hash
72603142ce543cdcbaca2d6041f0f2c5
1942c4bffed1e32a89f5d1ea8c4f0adf17150f80
7bc54c9151e47ca410df69bc17f77b73cedc012bdeab4d6687c85e85c9c5b2e9

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:25 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/v2.js.download

122.201.127.227

592 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/v2.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
592 kB (592352 bytes)
Hash
29eb00f2109e365f6bbf09bfcea85b13
57fc4bf3a0ceee96d57f10e2e57e13de915be510
5ef7035142a7d1bc5e2029f9367160c05276eb5a054b9278b3442dba599b8f5e

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/v2.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:17 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:17 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

8.4 kB

URL
fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 18:24:00 GMT
expires: Sat, 26 Oct 2024 18:24:00 GMT
cache-control: public, max-age=31536000
age: 583887
last-modified: Thu, 24 Aug 2023 20:56:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/payload?p=06AFcWeA5C3e_-nVcSFu1X09_YXaDU5lSbCKSy4NYXBzZMdGFVHu8AndC9wx8ogdYUeMeCKo2dbDemK6IJZrHhHDYujcJSSXrze6kwdo4e5b6Af0ktXv1PIxeuWJU1oXfUZcXoeNXH-MdtxbLOrIBXUbwFojO1TqhrLiQISGdIo2kwAtz3PYDtqJJkQdZA5WcleNUA5uW10V9k&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

340 kB

URL
www.google.com/recaptcha/enterprise/payload?p=06AFcWeA5C3e_-nVcSFu1X09_YXaDU5lSbCKSy4NYXBzZMdGFVHu8AndC9wx8ogdYUeMeCKo2dbDemK6IJZrHhHDYujcJSSXrze6kwdo4e5b6Af0ktXv1PIxeuWJU1oXfUZcXoeNXH-MdtxbLOrIBXUbwFojO1TqhrLiQISGdIo2kwAtz3PYDtqJJkQdZA5WcleNUA5uW10V9k&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3\012- data
Size
340 kB (339818 bytes)
Hash
5eb24b9c87f0569eb3a4789afeb4c6e1
7da6e0e56692754f9f2f60f60d8432d38dd10d4f
7ec2addfe6da4f64bc19cb1f3caaf468ff4ddc5225fb294b04e9f65ae368f129

HTTP Headers

GET /recaptcha/enterprise/payload?p=06AFcWeA5C3e_-nVcSFu1X09_YXaDU5lSbCKSy4NYXBzZMdGFVHu8AndC9wx8ogdYUeMeCKo2dbDemK6IJZrHhHDYujcJSSXrze6kwdo4e5b6Af0ktXv1PIxeuWJU1oXfUZcXoeNXH-MdtxbLOrIBXUbwFojO1TqhrLiQISGdIo2kwAtz3PYDtqJJkQdZA5WcleNUA5uW10V9k&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/jpeg
expires: Fri, 03 Nov 2023 12:35:21 GMT
date: Fri, 03 Nov 2023 12:35:21 GMT
cache-control: private, max-age=30
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource(1).html

122.201.127.227

504 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource(1).html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
504 B (504 bytes)
Hash
938be7d50aa827110de3ba6d24f24ceb
499a6b9239bbf79c2363a2ecf3cc405a957b24ec
58092d87121c0af28a0ae8ad3e9afcfb4c50156ca369a9a2dfafc8d516a25d5c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/saved_resource(1).html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:27 GMT
content-type: text/html
content-length: 504
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
etag: "65436bfb-1f8"
expires: Sun, 03 Dec 2023 12:35:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/mm-logo.svg

122.201.127.227

12 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/mm-logo.svg
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
12 kB (12019 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/mm-logo.svg HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:27 GMT
content-type: image/svg+xml
content-length: 12019
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:17 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/metamask-staging-2.webflow.css

122.201.127.227

200 OK

63 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/metamask-staging-2.webflow.css
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
63 kB (62817 bytes)
Hash
81ced2000c2b2f68e6dc90bbb7c2fd48
db4abf68061b24f33f1ebbf20a3dc25ad70b9cdd
5e203631daf29c16b9da4acff18cb2298a6c36ef989ec31f57e8574f20e0bb02

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/metamask-staging-2.webflow.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:25 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-22adb"
expires: Sun, 03 Dec 2023 12:35:25 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/plx.chock.js

122.201.127.227

45 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/plx.chock.js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
45 kB (44855 bytes)
Hash
0e650a1976b7671d1c8ae13ede078658
e0d5ddf3002204a5caab3ceb6824bdd97e1aaf01
0be86af6bfa35263c6ea6d5b1f005e41fe4c2ef5ca0498993668e59c0af69942

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/plx.chock.js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:25 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-d41"
expires: Sun, 03 Dec 2023 12:35:25 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/js.hsforms.net/forms/v2.js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/saved_resource.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Nov 2023 12:35:28 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/plx.chock.js

122.201.127.227

16 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/plx.chock.js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (38563)
Size
16 kB (16477 bytes)
Hash
08d15352284fd2199b801e150d09c71b
31b10c5f1983897ca4fb6e6b73b387551f4aa42e
bfa7a8f1fc0a7f3cc9a0236ca2326d7ea6d74ccb5b1c8cad7e57627e4e0a9a4d

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/plx.chock.js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:15 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-d41"
expires: Sun, 03 Dec 2023 12:35:15 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=

104.18.176.125

200 OK

3.7 kB

URL GET HTTP/3
forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=
IP
104.18.176.125:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1E:9D:91:27:86:63:DC:7B:9D:15:4E:99:31:FC:AA:1D:DC:9E:06:3B
ValidityThu, 18 May 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5788), with no line terminators
Size
3.7 kB (3731 bytes)
Hash
d664d20c8f4002e097389d280c8490c0
16f7975c61fc3f7c5073faf6157834c5e106a64c
d6e2ad145ac48db2acd510d419a68a9ca7c0d566b4b048e20455035d66809f7b

HTTP Headers

GET /embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 Nov 2023 12:35:27 GMT
content-type: application/javascript;charset=utf-8
x-trace: 2B2838ED3287FE888B87AFD7FFF221FB833B882B93000000000000000000
x-origin-hublet: na1
vary: origin
content-disposition: attachment; filename=no-rfd.txt
x-content-type-options: nosniff
access-control-allow-credentials: false
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
x-envoy-upstream-service-time: 9
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-t2vvv
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-hubspot-correlation-id: b946a05a-2728-4420-ac6d-b72832d88dd0
x-request-id: b946a05a-2728-4420-ac6d-b72832d88dd0
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8204a840bc81b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

203 kB

URL GET
www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32691)
Size
203 kB (202906 bytes)
Hash
e0467c4c14a5842e2156af59961e3f03
9dbdf0835bea2c1dea213a2f1a3c954588b8ee6e
56ba292b16bf32231c024593bd6bad00d6c6746b1ab1d828d8569e89d8dedb8b

HTTP Headers

GET /recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 12:35:20 GMT
content-security-policy: script-src 'nonce-ZXokI7iB2MtFCX9sAhi24g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/webclip.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Nov 2023 12:35:28 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/favicon.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Fri, 03 Nov 2023 12:35:28 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067

104.18.176.125

35 B

URL
perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067
IP
104.18.176.125:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067 HTTP/1.1
Host: perf.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 Nov 2023 12:35:28 GMT
content-type: image/gif
content-length: 35
x-trace: 2B81FAC75BAA0EDC4C37F93291F1409375BE36DF15000000000000000000
cache-control: max-age=0, no-cache, no-store
vary: origin, Accept-Encoding
access-control-allow-credentials: false
x-content-type-options: nosniff
access-control-expose-headers: X-Origin-Hublet
x-robots-tag: none
x-envoy-upstream-service-time: 12
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-4qqf5
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-hubspot-correlation-id: 4ec94073-409a-42f9-9f18-d2d8b5ce823f
x-request-id: 4ec94073-409a-42f9-9f18-d2d8b5ce823f
last-modified: Fri, 03 Nov 2023 12:35:28 GMT
cf-cache-status: MISS
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8204a8486895b523-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css

142.250.74.99

25 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Nov 2023 10:07:26 GMT
expires: Sat, 02 Nov 2024 10:07:26 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/css
vary: Accept-Encoding
age: 8882
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

142.250.74.132

226 kB

URL
www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=scbpzky88gxa
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (53279)
Size
226 kB (226542 bytes)
Hash
f04febc5650274e62a6c42afc034ab78
ad68d1f5614ab5570c40063fc2f6383822ee73f0
e135116b6e879abd41f7fcd133b64d2b640c373917592297341e1e5c95c794e7

HTTP Headers

GET /recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=scbpzky88gxa HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 12:35:28 GMT
content-security-policy: script-src 'nonce-wp04-lh734i88h23POS-mw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/anchor.html

122.201.127.227

227 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/anchor.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
227 kB (226960 bytes)
Hash
1364ec0461a442d94738d63f76a0e2d2
b022270b20dfed59f5a7ec1235ed7ca7d59e25bc
6cb8b4c570829c462178650faed956efaa596a52ed0bc6d61076dc690e1fdfb5

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/anchor.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:27 GMT
content-type: text/html
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-a636"
expires: Sun, 03 Dec 2023 12:35:27 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 23:51:35 GMT
expires: Fri, 01 Nov 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 45834
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 569728
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr

142.250.74.132

2.3 kB

URL
www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
2.3 kB (2338 bytes)
Hash
74706ed3628f57f62a9a167ceee0ed91
7a31f43d5d7b468472d9db96a492d4631ac416b6
718a7b82f67a521aefbb3fe6957b3c59ec42b9617331577271b8af293a905272

HTTP Headers

GET /recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=9t77e9nq5x6x
Cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Fri, 03 Nov 2023 12:35:29 GMT
date: Fri, 03 Nov 2023 12:35:29 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/styles__ltr.css

122.201.127.227

39 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/styles__ltr.css
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
39 kB (39436 bytes)
Hash
efb9a6878f2c4dbd40feb46b4c7305f4
ab595d9c2bc79a921f75605fdd47e9c826e20592
7bc5c6b9c37ed89d2cb6fdcf30e6c6c8d050a25ab2fd248330477db176aedbd2

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/styles__ltr.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/bframe.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:29 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-cc90"
expires: Sun, 03 Dec 2023 12:35:29 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

186 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
186 kB (186297 bytes)
Hash
dc1d626c57e000c422db8e615099919c
708fdb1706ee82e931a9dd96b573966c4d506ebd
57d1b847685bb0392f3338b2ca72847d3de7bdef4bf440f96f6faaed43f6b17e

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/bframe.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:29 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
cache-control: max-age=86400
expires: Sat, 04 Nov 2023 12:35:15 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57137
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr

142.250.74.132

192 kB

URL
www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
192 kB (191486 bytes)
Hash
bf61137bfa6d3cd8c3da31743841c05f
7e27453d681bc9212488097e2946bf1a69b1571d
cec4a656c353360720801b94e5d9c6c7cda3487e2b4040fda37862c6926d02a0

HTTP Headers

GET /recaptcha/enterprise/webworker.js?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&badge=inline&cb=scbpzky88gxa
Cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Fri, 03 Nov 2023 12:35:29 GMT
date: Fri, 03 Nov 2023 12:35:29 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.99

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 09:20:06 GMT
expires: Tue, 07 Nov 2023 09:20:06 GMT
cache-control: public, max-age=604800
age: 270923
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.99

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 10:36:30 GMT
expires: Sat, 04 Nov 2023 10:36:30 GMT
cache-control: public, max-age=604800
age: 525539
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.css

122.201.127.227

10 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.css
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
10 kB (10464 bytes)
Hash
f340d6254925d395b9103f4993d602bf
74c61aeb64e1a33da7ce332ca8d09a50aaf5d910
340e6cb4c2bd575b62c288d4bb351847e3de4bcd28ecda4703e97d8a88dc616b

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/webflow.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:15 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-98c5"
expires: Sun, 03 Dec 2023 12:35:15 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css

142.250.74.99

25 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Nov 2023 10:07:26 GMT
expires: Sat, 02 Nov 2024 10:07:26 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/css
vary: Accept-Encoding
age: 8884
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js

142.250.74.99

191 kB

URL
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (537)
Size
191 kB (191376 bytes)
Hash
0de5995e9ac19853eeffb8bbe74e6a7d
719e6fbcd0b38df859a6f7a8c51a820d7bf5970d
c7f150e7d0ed3cf657e531221f2640209e6daebed0fbaa6ab7e430ce8eb56a37

HTTP Headers

GET /recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 191376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 20:43:12 GMT
expires: Fri, 01 Nov 2024 20:43:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 57138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

192 kB

URL GET
www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (537)
Size
192 kB (192544 bytes)
Hash
0f1a84011e290a99bf7603bb6b0623f7
f2266a6f342028e990f2b6e249b6706d664538da
1b7ce8b5f6e88dbba785cffe7cda387bf27e44c670a0b2aee271f83093e09be6

HTTP Headers

GET /recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 12:35:30 GMT
content-security-policy: script-src 'nonce-4URe1vp9YG77eRZle6FlBA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.99

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 10:36:30 GMT
expires: Sat, 04 Nov 2023 10:36:30 GMT
cache-control: public, max-age=604800
age: 525540
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

65 kB

URL
www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
65 kB (65288 bytes)
Hash
5708de5d1415ba856b99a1f288f1367b
6444e0270faa382074e6a562cbb28a55c4d24ec2
2bf70049fd2df63fce640b48463a2e1d725557e86f9aa53806cf1e71ae2fb689

HTTP Headers

POST /recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 6709
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ABQWEJp8rXew6LxpTc5wmGmdAPzKx3-tJ5n2eA6CXLEmgoCupau2Jt7cD1w1YjcF70xtdh-QrvqSXMA5k0aNy_w
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Fri, 03 Nov 2023 12:35:30 GMT
expires: Fri, 03 Nov 2023 12:35:30 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09ABQWEJpNsWHVDkrliLJIJ05D-KuoS_fYm5MWep28kXmx5cc4fViaesCxJaJfgZr0uNjTuoiC44rUvrUpVVnnnw8;Path=/recaptcha;Expires=Wed, 01-May-2024 12:35:30 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 569729
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Size
15 kB (15340 bytes)
Hash
19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:15:32 GMT
expires: Fri, 01 Nov 2024 15:15:32 GMT
cache-control: public, max-age=31536000
age: 76798
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.106

842 B

URL
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
842 B (842 bytes)
Hash
a36a887d47e7de063c2550e76eaa42d7
53de12ece480fb32abaeb60483c50e9e7d41ca3d
ddee9532442c98574aa5a3e32df55fe0e38ac5b5dd9fef7da9eae7c3e1d18dcc

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Nov 2023 12:35:27 GMT
date: Fri, 03 Nov 2023 12:35:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/payload?p=06AFcWeA5k20VguLzRJhBKZs2a3Oz-0tinBKZZ3L6amI9lr7xA5F_inbfIAatfKtjba7aPig2KlJtGp3Zrikp939yBxqDCsCCBXE0NYhIIhFXGY-_j2uOT2xRJvNiHDj2jbPYKF1she80rjLlwCfLBSDEfLPlnND4-yXyabug_GxUleqdRw5eK9NlP5LG1NNrUXLGyMpIQRzz_&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.132

29 kB

URL
www.google.com/recaptcha/enterprise/payload?p=06AFcWeA5k20VguLzRJhBKZs2a3Oz-0tinBKZZ3L6amI9lr7xA5F_inbfIAatfKtjba7aPig2KlJtGp3Zrikp939yBxqDCsCCBXE0NYhIIhFXGY-_j2uOT2xRJvNiHDj2jbPYKF1she80rjLlwCfLBSDEfLPlnND4-yXyabug_GxUleqdRw5eK9NlP5LG1NNrUXLGyMpIQRzz_&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3, ASCII text, with very long lines (2134)\012- data
Size
29 kB (29303 bytes)
Hash
bdb93f2c7a2598a66fc8b820c003a4fc
417cf1088ef690aa3ac2ba46eb74b1be60e982fa
09fc5d8f83327c111b588b1ed9f036fe11813d5f4cfc72ee032ed6643c976142

HTTP Headers

GET /recaptcha/enterprise/payload?p=06AFcWeA5k20VguLzRJhBKZs2a3Oz-0tinBKZZ3L6amI9lr7xA5F_inbfIAatfKtjba7aPig2KlJtGp3Zrikp939yBxqDCsCCBXE0NYhIIhFXGY-_j2uOT2xRJvNiHDj2jbPYKF1she80rjLlwCfLBSDEfLPlnND4-yXyabug_GxUleqdRw5eK9NlP5LG1NNrUXLGyMpIQRzz_&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=3sU2vDRVDmUU2E0Ro4VadvPr&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ABQWEJqeq9g64p7BaqLCJlVA3fHOJdb70heHTpNefGP651rROBXnaHtjyca4YddkeNSUNEsK4Lz8b_GHRazgcvk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/jpeg
expires: Fri, 03 Nov 2023 12:35:30 GMT
date: Fri, 03 Nov 2023 12:35:30 GMT
cache-control: private, max-age=30
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/canonical_car.png

142.250.74.99

11 kB

URL
www.gstatic.com/recaptcha/api2/canonical_car.png
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
PNG image data, 98 x 90, 8-bit/color RGB, non-interlaced\012- data
Size
11 kB (11174 bytes)
Hash
a4741c6089e163f0e5c0cdb2c698a03e
03b190c8d9350802cbabbccd2757cff1fb7115f0
c9685b413894b0647b42edf9cac1fc0b2ed044c1fe238d843b9ca3d29db1b805

HTTP Headers

GET /recaptcha/api2/canonical_car.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 11174
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 21:22:37 GMT
expires: Thu, 09 Nov 2023 21:22:37 GMT
cache-control: public, max-age=604800
age: 54773
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 23:51:35 GMT
expires: Fri, 01 Nov 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 45835
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Size
15 kB (15340 bytes)
Hash
19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:15:32 GMT
expires: Fri, 01 Nov 2024 15:15:32 GMT
cache-control: public, max-age=31536000
age: 76798
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 569729
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#15169 GOOGLE

File type
XML 1.0 document text\012- XML document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: 17856
rule-data-version: 3
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2023-12-08-22-56-18.chain; p384ecdsa=r4lmuEZz7HxwT_v5OuOu0HEKqglgZgdjBS2iAlFsLEkc1O3ZMRYFUyTPfZjrnBYmwnUCjXIRjkjq6IQhHuGbgNK-KsFSaMkIslAMnYdtrVENM9K_hk_fkwUYATfwLZs3
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 03 Nov 2023 12:35:17 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 16
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

2.22.61.56

512 kB

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
2.22.61.56:0
ASN
#20940 Akamai International B.V.

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

HTTP Headers

GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Last-Modified: Wed, 07 Jun 2023 18:17:03 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1686161822.36709
Content-Type: application/zip
X-Trans-Id: tx5d74d51dc63e41b488f08-006481c906dfw1
Cache-Control: public, max-age=29991
Expires: Fri, 03 Nov 2023 20:55:24 GMT
Date: Fri, 03 Nov 2023 12:35:33 GMT
Connection: keep-alive

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.css

122.201.127.227

10 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/webflow.css
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
10 kB (10229 bytes)
Hash
c9550da32b3e8d8de194d020d24cce14
aa39c8da20c6de3466a25de5d2cfe099648b0c5b
1e52ef2e32995c0b885084715ae84ab5953394487f2b90e72174333395d191ba

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/webflow.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Cookie: _ga=GA1.2.1864924593.1699014917; _gid=GA1.2.893756081.1699014917; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:25 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-98c5"
expires: Sun, 03 Dec 2023 12:35:25 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/bframe.html

122.201.127.227

15 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/bframe.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
15 kB (15331 bytes)
Hash
216988ea40972de8acecfde95de2b709
b8c50e0491f7f2da4704a748df2c9aca84e2e6fd
3dad4116c8b8facad7667bd5508a8f2ad39551c6493aed9a8f0dc84cad2f82fd

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/bframe.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:32 GMT
content-type: text/html
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-2e07"
expires: Sun, 03 Dec 2023 12:35:32 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/anchor.html

122.201.127.227

204 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/meta/anchor.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
204 kB (204395 bytes)
Hash
99ae384295851c2241e3b5a5c02ae364
6ce64d407df4df81e9ed2a085df65f5942ac4c3f
d81bb4a147e3393287706fc5193be8ffb4cd1b5eed5cb855a7ed10e773609851

HTTP Headers

GET /wp-includes/IXR/meta/log/84216/meta/anchor.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 03 Nov 2023 12:35:33 GMT
content-type: text/html
last-modified: Thu, 02 Nov 2023 09:29:31 GMT
vary: Accept-Encoding
etag: W/"65436bfb-a636"
expires: Sun, 03 Dec 2023 12:35:33 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true

34.120.154.120

200 OK

40 kB

URL GET HTTP/3
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true
IP
34.120.154.120:443
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/84216/secure.html
Certificate
IssuerSectigo Limited
Subject*.lpsnmedia.net
Fingerprint50:71:62:B3:88:93:98:3D:CC:EF:A7:C6:82:00:2D:1E:44:64:14:BB
ValidityMon, 09 Jan 2023 00:00:00 GMT - Tue, 09 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32207)
Size
40 kB (39478 bytes)
Hash
e57f19d47b3b07b577d844ae827ea4b3
7fab7227b3a1fb72d016a40685952c4483909eb8
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

HTTP Headers

GET /le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
x-guploader-uploadid: ABPtcPo00maEkGJd3FJtMf1jqDkLp0DJn8JwpSbzjaUPNkFc098E7qsN57i6sD8JrQLAg59RbBvmYY3NfXTBn6CcBJyclmcAoTzL
date: Fri, 03 Nov 2023 12:35:27 GMT
last-modified: Sat, 17 Jun 2023 09:58:10 GMT
etag: W/"e57f19d47b3b07b577d844ae827ea4b3"
x-goog-generation: 1686995890733494
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 39478
content-type: text/html
x-goog-hash: crc32c=7aa2PA==, md5=5X8Z1Hs7B7V32ESugn6ksw==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
server: UploadServer
vary: Accept-Encoding
content-encoding: br
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (48)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by