Report - xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/

Report Overview

Visited public
2023-11-02 23:26:59
Tags
crypto phishing
URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Finishing URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
IP / ASN
122.201.127.227
#38719 Dreamscape Networks Limited
Title
MetaMask - A crypto wallet & gateway to blockchain apps
Phishing - Generic Crypto/Wallet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2023-11-02 05:09:14	513 B	1.2 kB	35.244.181.201
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07 07:43:56	2023-11-02 10:24:00	295 B	512 kB	2.18.121.79
xcx3gsz9.dreamwp.com	unknown	2016-06-23	2023-10-28 21:52:35	2023-11-01 15:14:03	31 kB	4.9 MB	122.201.127.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-02 13:05:16	1.8 kB	24 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-02 13:19:16	9.0 kB	375 kB	216.58.207.227
js.hsforms.net	7264	2013-09-18	2013-09-26 04:52:40	2023-11-02 10:21:33	535 B	18 kB	104.16.140.206
perf.hsforms.com	10768	unknown	2020-07-03 15:11:28	2023-11-02 20:58:39	511 B	1.1 kB	104.18.160.125
forms.hsforms.com	5160	2013-09-18	2018-03-07 16:21:13	2023-11-02 09:50:12	984 B	20 kB	104.18.160.125
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-11-02 12:28:34	16 kB	2.1 MB	142.250.74.35
lpcdn.lpsnmedia.net	3501	2010-08-04	2014-04-27 12:17:58	2023-10-31 06:32:06	1.2 kB	226 kB	34.120.154.120
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-09-20 20:05:47	9.1 kB	764 kB	142.250.74.164
accdn.lpsnmedia.net	3410	2010-08-04	2014-02-08 00:25:14	2023-10-26 18:14:16	514 B	204 kB	178.249.97.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-02 23:26:34	low	Client IP	Internal IP	ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)
2023-11-02 23:26:34	low	Client IP	Internal IP	ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-02	medium	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/	Crypto/Wallet

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
2.18.121.79
ASN
#16625 AKAMAI-AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

JavaScript (48)

	URL	From	Size	First Seen	Last Seen
	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html	ScriptElement	73 B	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24 Last Seen2025-05-10 22:20 Times Seen201 Hash ccf7a258eee5e12d2cb3d813a5da86c8 0d0c6985e493d2f610870c9259901a2511734328 441b05bfa42c0b589fd682ec21e9ba36e55f6ec2718fbb259a812cd0b999c28e Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html	ScriptElement	181 B	2023-03-07	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:17 Last Seen2025-05-11 18:57 Times Seen15982 Hash 0e9e3ad57abeefde87342864450cc232 4dc8676bf3417d597053d5f253fce034007f63da 9a37601d1f5a5f2fba3b000694d4bf5e035c606d5485dd94e2997cbe2efe5c26 Loading...

	www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 19:19 Times Seen4656747 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/analytics.js.download	ScriptElement	50 kB	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/analytics.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 21:02 Times Seen273 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/plx.chock.js	ScriptElement	3.4 kB	2023-03-07	2025-05-03
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/plx.chock.js IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2025-05-03 11:49 Times Seen81 Hash 5acfeead7d13511cdef767305b87e3f8 ec5337e62f1e64d3aaba3bf41a41b5f876964922 b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webflow.js.download	ScriptElement	601 kB	2023-03-07	2025-05-06
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webflow.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-05-06 11:44 Times Seen100 Hash 9758f7e3aa0c79ea7a3cadb16d10087b 07f3c4e552e28eba6172f53d6dcf981a55f42031 0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/js	ScriptElement	92 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/js IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2024-12-31 05:03 Times Seen37 Hash fb2ab9b8632250b0d7aa50c08150cfe1 73b3f266ac08c9fb07e1de1664fed384ccd5bc86 5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/bframe.html	ScriptElement	75 B	2023-03-07	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/bframe.html IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-05-11 18:53 Times Seen14270 Hash dca9d53787fff314e5bd1a123b28906a 1350c858f60bbb03d1b53b05cbad6cea82ff29d1 2475d902b4182bac667d464a44c89ee405e5cfd64156b30f811557cf2b347e2f Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download	ScriptElement	1.0 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2024-12-31 05:03 Times Seen67 Hash d07e7630bc23cbdd7520d0a4f086c922 b50685923a96d55109959fdf21f369d902971b2a 15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2 Loading...

	accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB	ScriptElement	3.4 kB	2024-08-20	2024-08-20
Pretty URL accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB IP 178.249.97.99 ASN #11054 LIVEPERSON Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 9e183546c106edc916d47adbaaf344ba 70d5d5ea75f513150797585a51870a51eb62ea73 c09cde46f522b6a6f465cc1d95f54f4949b8db3bb5ccc3675f4aa207f3d00aeb Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jsonp	ScriptElement	278 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jsonp IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2024-12-31 05:03 Times Seen36 Hash 7efac8c0fa8e30db7a423500ef59abab be73717f776f24dd31498c27a1b02b784570d5bb 102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d Loading...

	www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js	ScriptElement	473 kB	2023-10-18	2024-08-22
Pretty URL www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-18 16:21 Last Seen2024-08-22 11:17 Times Seen8871 Hash 4efc45f285352a5b252b651160e1ced9 c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7 253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html	ScriptElement	164 B	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-05-10 22:20 Times Seen135 Hash 9fb685752617cf9403453cc16f9b0469 84d82954770f482fbea43960d5a5dc36e3572d1a d57443d0c7faf37db40a6058be8401314277c4b2662d8ed301ee6c0bd99a8c4d Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html	ScriptElement	1.8 kB	2023-03-07	2025-05-06
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 17:55 Last Seen2025-05-06 11:44 Times Seen114 Hash 8b1fb904d189e68aaf32a2223915fdfd d1a510fab3db50f7482275581d2171914e1d6631 c1863d7b43731c0cb9a160099c3fa80215e0b0966f27061f78eb6af1da84f026 Loading...

	lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true	ScriptElement	39 kB	2023-03-07	2024-12-23
Pretty URL lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true IP 34.120.154.120 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2024-12-23 16:45 Times Seen55 Hash a3a38a5d6888ddc1831a811e9d428c77 2ca5b076aea8b4c6ff7ad1873de4ade91d66511f d4676cbbadec76c9f89f5b771a7f4927d544b4d76801e40e9957493e038e0db4 Loading...

	forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=	ScriptElement	5.8 kB	2023-11-03	2023-11-03
Pretty URL forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= IP 104.18.160.125 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 00:27 Last Seen2023-11-03 00:27 Times Seen1 Hash fa151c787216d40fb289bbc3d415c6f9 85e7716387898e205d91eed94c97bf73ad5b96c9 959a0ceb88f05f27fceb196a3c4f7ea2758d3d1d167cb06c65e451c6f0661c0b Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-11
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 19:08 Times Seen341192 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/tag.js.download	ScriptElement	22 kB	2023-03-07	2024-12-23
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/tag.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2024-12-23 16:45 Times Seen103 Hash e2ee8a9cd68c3d310a4c62fdb4b5c93a 67eb5f9547f1d9de0a8b143c3b50511c26281399 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/sandbox%20eval%20code		147 B	2023-04-11	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-11 19:08 Times Seen341994 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download	ScriptElement	39 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2024-12-31 05:03 Times Seen69 Hash 3386ec5559f1ba569cf0ab6acab436cc e98e11d37c5172ee128a85f68447efb3cb0e853c 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download	ScriptElement	354 kB	2023-03-07	2024-12-31
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:29 Last Seen2024-12-31 05:03 Times Seen66 Hash e735084e8ffed1ad8d89df08d98d4d23 6cdab8dac12030c8bc980ec129affecc626285c3 6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/v2.js.download	ScriptElement	579 kB	2023-03-09	2024-12-23
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/v2.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen62 Hash d3b2366c9977c975fc6abdc6a119c361 ed6031ba0b0efe5b77acd0382f8d647f2cc88018 7f82030e7f8b2956fcb539a7cf3f1d80907d28d02c2696ac0560daf3cfafaa25 Loading...

	accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb41437x52026	ScriptElement	6.7 kB	2024-08-20	2024-08-20
Pretty URL accdn.lpsnmedia.net/api/account/88982875/configuration/setting/accountproperties/?cb=lpCb41437x52026 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 475ea96579ec5c83ece49f8b974780a2 ccc7772928e26e4b4d5c7e2386d5a9984f456d7e 010694af8f71e6497edb29af7e91d772fac770ee16b5b561ec02ae2238c1e8e5 Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html	ScriptElement	116 B	2023-03-07	2025-05-06
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-05-06 11:44 Times Seen140 Hash 65eedcd8ea68974fc10b18a001f5ff0d d57d865c29e2ba5f817f850194c33f6d1e7ea064 681e6299492c0b7a15980513d81a420ff8d912dadc14d90148b77bd81018926e Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 18:57 Times Seen108976 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html	ScriptElement	184 B	2023-03-07	2025-05-10
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:02 Last Seen2025-05-10 22:20 Times Seen150 Hash 12c0659e2686c193368d09f53edc8090 e2a481f856253ec2b3dfe266ab035bc1ca650b72 7269e1e3bae2d22edc632e41922fd7e090dd785fdb749c05b577f78e9126075c Loading...

	xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webfont.js.download	ScriptElement	13 kB	2023-03-07	2025-05-11
Pretty URL xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webfont.js.download IP 122.201.127.227 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-11 16:24 Times Seen17548 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true	ScriptElement	1.0 kB	2023-10-23	2024-08-21
Pretty URL www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-23 03:19 Last Seen2024-08-21 03:48 Times Seen7 Hash 80964b848a10e726499276c826faf98f b06fc2d6748caa000a87701df51132e04931a70b 2eabf576d7ce2e12a3267177225aaa2f5203fc377fdeaeb2fa9315bbc36539c7 Loading...

	js.hsforms.net/forms-next/shell-recaptcha	ScriptElement	540 B	2023-04-05	2025-02-03
Pretty URL js.hsforms.net/forms-next/shell-recaptcha IP 104.16.140.206 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 05:29 Last Seen2025-02-03 10:04 Times Seen100 Hash 0ef8295b6b00040322f2dcbc2dad3a7b 3c3f471eb10ddba84126b623484930b3c99a8014 8f6e0ed5457a4e0086d8f5754cf5beb474f716ed08184676d4768c88bffb2c63 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 05f0311c501819c27274fa16e8c1174b	21 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 05f0311c501819c27274fa16e8c1174b e75eb2dd6e9acae1977cd6bc5ba6202c1988f92f 62e5fdf2aedee1c8dc451fb471a012956a46a8fb8905c76fbabdded56da176c3 Loading...

	#2 Eval - 57824cab34a4a7305aaf00dce51fd41e	22 B	2023-10-16 09:31	2024-08-21 04:34
Pretty Observations First Seen2023-10-16 09:31 Last Seen2024-08-21 04:34 Times Seen1907 Hash 57824cab34a4a7305aaf00dce51fd41e 9a3abe5be836c305a41da6a63f5e56685059e975 2fea753e0757ef8f3649bab42f3909db13f650aca519e4871e52781939e19af9 Loading...

	#3 Eval - a0185105b868e3f290d6c218e2aef71e	17 kB	2023-11-03 00:27	2024-08-20 21:20
Pretty Observations First Seen2023-11-03 00:27 Last Seen2024-08-20 21:20 Times Seen2 Hash a0185105b868e3f290d6c218e2aef71e 653e72e0bce090a927307d5b0ed769094becbeaf 73a9a2b4314f5cadf7d2818add4b7e9e02c1754184a809072b9a94fb84ff8544 Loading...

	#4 Eval - b17f7110857e02eac676414e484273e9	22 B	2023-10-16 09:31	2024-08-21 04:34
Pretty Observations First Seen2023-10-16 09:31 Last Seen2024-08-21 04:34 Times Seen1907 Hash b17f7110857e02eac676414e484273e9 b6904638d155f26304801dd8a8f67b1822560f2b 76698e9fabb0bc8a2cfe6685276abc44d9dcb66295c013caa7360ce1f95b6004 Loading...

	#5 Eval - 6d3217f8c14fdc2a87fc5ac2efb57748	64 B	2023-10-16 09:31	2024-08-21 04:34
Pretty Observations First Seen2023-10-16 09:31 Last Seen2024-08-21 04:34 Times Seen1909 Hash 6d3217f8c14fdc2a87fc5ac2efb57748 7b08ad6c6bb6a34fdc1a1ecca2659c4793263c5c 961d3533203f66b9d4592bd6a9bed92fffb3d87eef3aef1972aaf2ec571138c5 Loading...

	#6 Eval - 53ab5e5bd22fd742f08b8694c52d4dcb	19 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 53ab5e5bd22fd742f08b8694c52d4dcb 5de05a3c5014480fbd60ed8af7c8bfde1cb46a14 bfca58759f2419b9bb927323b2d8b75d70a1cd776458a724fa416c2fb5677c89 Loading...

	#7 Eval - 5b3e75e0396346d10b71feee3c749137	16 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 5b3e75e0396346d10b71feee3c749137 4af0e4efac4a9b1268bbc232f6f550dbdc5f58bd 0d6eefc3cf7dfcc1d85814673da5c0ebe31c571282c89d73135eb75de3636182 Loading...

	#8 Eval - d6f082f187bd5c59d8f039d6db12f77a	16 kB	2023-10-16 13:22	2024-08-21 04:33
Pretty Observations First Seen2023-10-16 13:22 Last Seen2024-08-21 04:33 Times Seen1905 Hash d6f082f187bd5c59d8f039d6db12f77a e09349d9ead83df26a9afc91906b95eb8fe16ed9 02b2e3d7f64e119afe950d3826c86d01bfe28f6bc3e61159e065eaaae5462bd3 Loading...

	#9 Eval - 391b3de6896ec9aa9dd2251491b5823c	18 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 391b3de6896ec9aa9dd2251491b5823c 76d30d0868ab2b23275d60f29a9384d06909cd0b aa7757b884d7871ef30e5e589b2401b63b89cfa0b79c862b744f65e9592c3dbc Loading...

	#10 Eval - 0283df5b777b6e3c5d2ee0ee43ceae80	19 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 0283df5b777b6e3c5d2ee0ee43ceae80 92f629846095a2554d0091f4623e58bbf31c1d9f 126bb8cb19ccbc2a7b7bb5a199b15488aa1864d5d38d1aa08d5fbf0d5efb54b4 Loading...

	#11 Eval - 8239ee6044ad7e817a1f26d19412f6eb	22 B	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen62 Hash 8239ee6044ad7e817a1f26d19412f6eb 7116e217d05810b609ff09ac21e2c6097f14484c df78f0db59a013604da430bf67714a0445ddb583f42925592cfed1774716374d Loading...

	#12 Eval - 272eb139968a9665de1db4beccf568d2	22 B	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen63 Hash 272eb139968a9665de1db4beccf568d2 e6505fdd0680c557e102b20212d31942c7d24429 26ef4c313a8ffd1b7fc79977328690a19336ac1187fa07d9cfc3a8327f5a08ba Loading...

	#13 Eval - 5844b7e1b86d01d3516acbe3196792ff	22 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 5844b7e1b86d01d3516acbe3196792ff 38679059084c6861192980ecd1be7913871bcd1d 7c6416fb5d080108b7c781dfcd40d24efeb8bc6b6382b058c279c130323b9f69 Loading...

	#14 Eval - 8b6352a469ef8cf794aa17fccbcd0d95	19 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 8b6352a469ef8cf794aa17fccbcd0d95 e7910b8575f2200c22f0ed7f6d1a4482144ea5ed f94ae128b11c1ab2c05e7b793ff267be967c5a04bd54a4ae6c46bebee4f6a089 Loading...

	#15 Eval - eb94905b9da3f67da3f000d1bb6efbde	64 B	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen62 Hash eb94905b9da3f67da3f000d1bb6efbde 1d3286e8759266d0f632990a00153ac614ca6c39 ef56a8332ced72dcd8b9a2756ce1fe129be6db47ca4863412b51e8028a9d1eb2 Loading...

	#16 Eval - f186217753c37b9b9f958d906208506e	1 B	2023-03-07 01:36	2025-05-11 16:53
Pretty Observations First Seen2023-03-07 01:36 Last Seen2025-05-11 16:53 Times Seen8560 Hash f186217753c37b9b9f958d906208506e 08a914cde05039694ef0194d9ee79ff9a79dde33 c4694f2e93d5c4e7d51f9c5deb75e6cc8be5e1114178c6a45b6fc2c566a0aa8c Loading...

	#17 Eval - 15760900e488ec647450f20eeaa49944	15 kB	2023-03-09 10:05	2024-12-23 16:45
Pretty Observations First Seen2023-03-09 10:05 Last Seen2024-12-23 16:45 Times Seen60 Hash 15760900e488ec647450f20eeaa49944 208ad236b244f8adbd138cda9ad9f7f1d4e7758e 90d9c75dc0b4578e5468206d805353952b0a650c707ac7f9632b29f3694c1dff Loading...

	#18 Eval - 612369d9f1c5ca44625191cfc5f732bd	18 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 612369d9f1c5ca44625191cfc5f732bd 0cb2a3edd672a43fdcfcb2c65d0aa650546a450d e86fa5192fab0fe7633bf57010466b96d15e56f315b2dbc910c8a4c5a708c7bb Loading...

	#19 Eval - 643f9f54da66880e7d2ad72dc55fa95e	15 kB	2024-08-20 21:20	2024-08-20 21:20
Pretty Observations First Seen2024-08-20 21:20 Last Seen2024-08-20 21:20 Times Seen1 Hash 643f9f54da66880e7d2ad72dc55fa95e 461794c5d2dd7c99f9f6e3a559fda3f1183de070 d5d65fd7deb080e26dce26af0295c812f474bd65de2e0bf0ed1d59facb4674cf Loading...

HTTP Transactions (127)

URL IP Response Size

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/

122.201.127.227

7.0 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1843)
Size
7.0 kB (6954 bytes)
Hash
f53243c713f7cd597cdd7f0233a18057
033d242dee09c182a3693c7810c8094639f47c61
42e6154d96d541f7507b1fcdf07095e5e9b6b0a0e734d5e2594b006bc5eb31ef

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/ HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:35 GMT
content-type: text/html
content-length: 6954
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=7200
expires: Fri, 03 Nov 2023 01:26:35 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

811 B

URL GET HTTP/3
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
gzip compressed data, max compression\012- data
Size
811 B (811 bytes)
Hash
503dfd95202db515f35f56025faa13ab
37535792e9101874e9649af5cd0451e02a1f8810
f4e03c9d5ef4ae158d006123ed753ad6721eaf3755f9ff7e6a973b2a95971935

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 Nov 2023 23:26:35 GMT
date: Thu, 02 Nov 2023 23:26:35 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html

122.201.127.227

200 OK

684 B

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-2ac"
expires: Sat, 02 Dec 2023 23:26:36 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webflow.js.download

122.201.127.227

200 OK

190 B

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webflow.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
190 B (190 bytes)
Hash
3267dd8f0e96711dd54dbb1f5676b447
202602c4ec4a5e2498e3d24a3ed025ce70bf749c
b429e25e7813a9e2b90dcec11d9cb5287751246128dd6c76a7349774829c5554

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/webflow.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 503 Service Unavailable
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-type: text/html
content-length: 190
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download

122.201.127.227

190 B

URL GET
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
190 B (190 bytes)
Hash
3267dd8f0e96711dd54dbb1f5676b447
202602c4ec4a5e2498e3d24a3ed025ce70bf749c
b429e25e7813a9e2b90dcec11d9cb5287751246128dd6c76a7349774829c5554

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 503 Service Unavailable
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-type: text/html
content-length: 190
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/wpp.gif

122.201.127.227

3.9 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/wpp.gif
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
GIF image data, version 87a, 470 x 40\012- data
Size
3.9 kB (3877 bytes)
Hash
941648b845842a709da73e24652cf8a4
099e5f97e602d026c51537c9b45328dc99261d7c
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/wpp.gif HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-type: image/gif
content-length: 3877
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-f25"
expires: Sat, 02 Dec 2023 23:26:36 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webfont.js.download

122.201.127.227

6.0 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webfont.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (2134)
Size
6.0 kB (6022 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/webfont.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-type: application/javascript
content-length: 6022
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/js

122.201.127.227

92 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1815)
Size
92 kB (92325 bytes)
Hash
fb2ab9b8632250b0d7aa50c08150cfe1
73b3f266ac08c9fb07e1de1664fed384ccd5bc86
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-length: 92325
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/tag.js.download

122.201.127.227

9.1 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/tag.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (21652), with no line terminators
Size
9.1 kB (9066 bytes)
Hash
e2ee8a9cd68c3d310a4c62fdb4b5c93a
67eb5f9547f1d9de0a8b143c3b50511c26281399
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/tag.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-type: application/javascript
content-length: 9066
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download

122.201.127.227

614 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1008), with no line terminators
Size
614 B (614 bytes)
Hash
d07e7630bc23cbdd7520d0a4f086c922
b50685923a96d55109959fdf21f369d902971b2a
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:37 GMT
content-type: application/javascript
content-length: 614
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jsonp

122.201.127.227

278 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jsonp
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
278 kB (278382 bytes)
Hash
7efac8c0fa8e30db7a423500ef59abab
be73717f776f24dd31498c27a1b02b784570d5bb
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/jsonp HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:37 GMT
content-length: 278382
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html

122.201.127.227

200 OK

684 B

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:37 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-2ac"
expires: Sat, 02 Dec 2023 23:26:37 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/mm-logo.svg

122.201.127.227

12 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/mm-logo.svg
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
12 kB (12019 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/mm-logo.svg HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:37 GMT
content-type: image/svg+xml
content-length: 12019
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/3
fonts.gstatic.com/s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size
7.9 kB (7900 bytes)
Hash
61e86e7a20ecf3ba181ca4b9a9a1cdbd
482a65cffc69109af26669d64accbef71db3b836
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18

HTTP Headers

GET /s/changaone/v20/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 18:15:30 GMT
expires: Sat, 26 Oct 2024 18:15:30 GMT
cache-control: public, max-age=31536000
age: 537067
last-modified: Thu, 24 Aug 2023 21:10:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2

216.58.207.227

8.4 kB

URL
fonts.gstatic.com/s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size
8.4 kB (8404 bytes)
Hash
141119ae119bf7ca75e10ef82f66e442
adebf435aa078db3c116cb9faae15f2ad81d3ac5
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff

HTTP Headers

GET /s/changaone/v20/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 18:24:00 GMT
expires: Sat, 26 Oct 2024 18:24:00 GMT
cache-control: public, max-age=31536000
age: 536557
last-modified: Thu, 24 Aug 2023 20:56:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/hero2.4.png

122.201.127.227

590 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/hero2.4.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
PNG image data, 1752 x 1452, 8-bit/color RGBA, non-interlaced\012- data
Size
590 kB (589568 bytes)
Hash
d0ec70f4c666fbf6ad0d30a52d08c5c9
e48f0688bc4f592824840478d12c05df0dd12002
3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/hero2.4.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:37 GMT
content-type: image/png
content-length: 589568
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-8ff00"
expires: Sat, 02 Dec 2023 23:26:37 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Regular-WebXL.woff2

122.201.127.227

45 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Regular-WebXL.woff2
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size
45 kB (45196 bytes)
Hash
2d75957df3bb3aa6ed84f6591b0d5a1a
906424e75625f63b0188471067065794d0348536
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:38 GMT
content-type: font/woff2
content-length: 45196
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:38 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Bold-WebXL.woff2

122.201.127.227

44 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Bold-WebXL.woff2
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size
44 kB (44544 bytes)
Hash
9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:38 GMT
content-type: font/woff2
content-length: 44544
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:38 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=

104.18.160.125

2.1 kB

URL
forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=
IP
104.18.160.125:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (5788), with no line terminators
Size
2.1 kB (2111 bytes)
Hash
bd9f32ec8f38d09bc767d9ed2a87d29d
5beb9c41f62b42523a4162540254fe291d982d38
5b3c69dcee1f8765c9b3ffff41dad02e76673833f8126cccc3c05ff814a3504a

HTTP Headers

GET /embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 02 Nov 2023 23:26:38 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace: 2B7FCF9EAF43B41B6366406FFCA6438F9272C1B68A000000000000000000
X-Origin-Hublet: na1
Vary: origin
Content-Disposition: attachment; filename=no-rfd.txt
X-Content-Type-Options: nosniff
Access-Control-Allow-Credentials: false
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
x-envoy-upstream-service-time: 15
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-r4cs8
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
X-HubSpot-Correlation-Id: 13b483ed-b5eb-4c74-8d2b-cc48d8bd6401
x-request-id: 13b483ed-b5eb-4c74-8d2b-cc48d8bd6401
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 820024c15e715684-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource(1).html

122.201.127.227

504 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource(1).html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
504 B (504 bytes)
Hash
938be7d50aa827110de3ba6d24f24ceb
499a6b9239bbf79c2363a2ecf3cc405a957b24ec
58092d87121c0af28a0ae8ad3e9afcfb4c50156ca369a9a2dfafc8d516a25d5c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/saved_resource(1).html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:38 GMT
content-type: text/html
content-length: 504
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-1f8"
expires: Sat, 02 Dec 2023 23:26:38 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.106

3.1 kB

URL
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
gzip compressed data, max compression\012- data
Size
3.1 kB (3065 bytes)
Hash
c28cdf3b49df02ee2f7c80b63a58354e
cdd59abe0cf4ec4dcf08d826a33bb5e8844040bf
3687a6088f0b973d53ceba7d10768d1ddcb4b84d1d9f5d032d8c50b8c09c16c6

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 Nov 2023 23:26:37 GMT
date: Thu, 02 Nov 2023 23:26:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download

122.201.127.227

16 kB

URL GET
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html

File type
ASCII text, with very long lines (38562), with no line terminators
Size
16 kB (16166 bytes)
Hash
3386ec5559f1ba569cf0ab6acab436cc
e98e11d37c5172ee128a85f68447efb3cb0e853c
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:38 GMT
content-type: application/javascript
content-length: 16166
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:38 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/styles__ltr.css

122.201.127.227

26 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/styles__ltr.css
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
26 kB (25713 bytes)
Hash
7eea5cd018eed92993f432536f9e53a5
b859a7893167011250721a1db90a5e1036188235
097a5519a703d07708dfcfc046b65ab056feded9c5bf5be67cddf590a33c1d10

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/styles__ltr.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/anchor.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:38 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
vary: Accept-Encoding
etag: W/"65436c91-cc90"
expires: Sat, 02 Dec 2023 23:26:38 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&force=1&env=prod&isCrossDomain=true

34.120.154.120

200 OK

185 kB

URL GET HTTP/3
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&force=1&env=prod&isCrossDomain=true
IP
34.120.154.120:443
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.lpsnmedia.net
Fingerprint50:71:62:B3:88:93:98:3D:CC:EF:A7:C6:82:00:2D:1E:44:64:14:BB
ValidityMon, 09 Jan 2023 00:00:00 GMT - Tue, 09 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (38562), with no line terminators
Size
185 kB (184574 bytes)
Hash
3386ec5559f1ba569cf0ab6acab436cc
e98e11d37c5172ee128a85f68447efb3cb0e853c
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

HTTP Headers

GET /le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&force=1&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPr1OOaBP9PgQE6MXekM84EfgLKZYR-hVO7AQYnHE5v6l84qr9KcHHiwPheuJoB2YvXrTcE0SV0qhuUCZSnSF_3gCQ
date: Thu, 02 Nov 2023 23:26:38 GMT
last-modified: Sat, 17 Jun 2023 09:58:10 GMT
etag: W/"3386ec5559f1ba569cf0ab6acab436cc"
x-goog-generation: 1686995890633718
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 38562
content-type: application/javascript
x-goog-hash: crc32c=O9g67g==, md5=M4bsVVnxulac8KtqyrQ2zA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
server: UploadServer
vary: Accept-Encoding
content-encoding: br
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

171 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
171 kB (170780 bytes)
Hash
0225c3500c6a719b27da3372af720919
5e07ca23e43f85117bfd179be8d09150cfb7b5ac
5d2fcec44c8d498f0b27e6bbc96abcf7b762a723ea2e53da137bd1efa08cbd0a

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:36 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

25 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 20:17:34 GMT
expires: Thu, 31 Oct 2024 20:17:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 97745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/js.hsforms.net/forms/v2.js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Nov 2023 23:26:39 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/favicon.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Nov 2023 23:26:39 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Oct 2023 23:51:35 GMT
expires: Fri, 25 Oct 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 603304
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 522398
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2

142.250.74.164

2.3 kB

URL
www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
2.3 kB (2340 bytes)
Hash
e6363783753692a915c754190afc779e
4dd66a108fe586228535772e7daa0bf4c6fda325
ed53b29d33704dadc2597ebd23185378b2e6d86e498fd291f3f66b4a53d76892

HTTP Headers

GET /recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=bvpzo1b915hh
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Thu, 02 Nov 2023 23:26:39 GMT
date: Thu, 02 Nov 2023 23:26:39 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/webclip.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Nov 2023 23:26:39 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://js.hsforms.net
DNT: 1
Connection: keep-alive
Referer: https://js.hsforms.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101029
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.35

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:12:23 GMT
expires: Thu, 09 Nov 2023 15:12:23 GMT
cache-control: public, max-age=604800
age: 29657
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 11:00:47 GMT
expires: Sat, 04 Nov 2023 11:00:47 GMT
cache-control: public, max-age=604800
age: 476753
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

171 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
171 kB (171275 bytes)
Hash
92a3d82e9a5bbc7e1107aa6551bdcce1
430a67a36839dc48259df324da89f95bc862a09e
ebedef574ab580b3d1b5e1981f8a0483ba26a70160ff6e47c5147cdad29d946e

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/bframe.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:40 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

25 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 20:17:34 GMT
expires: Thu, 31 Oct 2024 20:17:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 97746
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101029
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

25 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 20:17:34 GMT
expires: Thu, 31 Oct 2024 20:17:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 97746
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101029
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=bvpzo1b915hh

142.250.74.164

49 kB

URL
www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=bvpzo1b915hh
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
49 kB (49164 bytes)
Hash
ed7bbe1287f753ef2911071dec656dc6
f8c45cd8b85a9be95975d83f87a5d0e947308bb2
a297026705ac13b589846b8b78dfb9478074e09d199cd987b4941f1b28d7961e

HTTP Headers

GET /recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly94Y3gzZ3N6OS5kcmVhbXdwLmNvbTo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=bvpzo1b915hh HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Nov 2023 23:26:39 GMT
content-security-policy: script-src 'nonce-c5VEpsbm_fF0IbAa16R9Og' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

js.hsforms.net/forms-next/shell-recaptcha

104.16.140.206

17 kB

URL
js.hsforms.net/forms-next/shell-recaptcha
IP
104.16.140.206:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
17 kB (16622 bytes)
Hash
b398fe98f83c84b8e686c2169573245a
6b5610c4d51770d21119485a9ac316566aae8b1c
df7ea8fd76f1aa2239de4eba7d7a325c85695e822b1cdeb2fefb3a90394cb724

HTTP Headers

GET /forms-next/shell-recaptcha HTTP/1.1
Host: js.hsforms.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 Nov 2023 23:26:40 GMT
content-type: text/html; charset=utf-8
x-amz-replication-status: COMPLETED
last-modified: Fri, 22 Sep 2023 08:42:59 UTC
x-amz-server-side-encryption: AES256
x-amz-meta-ao: {}
x-amz-version-id: qF26dczikdE7sYNxyNuwUDJOerv3jn7y
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-amz-cf-id: fGNGwBSKEfR3VLsp92uR5fP9lAGDl170pZQuKnsHEmyCvJwcqn7Gkw==
age: 2934
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: FormsNext/static-5.684/html/recaptcha.html
x-content-type-options: nosniff
access-control-allow-origin: *
x-hs-cache-status: MISS
x-envoy-upstream-service-time: 5
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-s4jft
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-hubspot-correlation-id: 775c32ae-5db8-4c16-a518-324324b482ea
x-request-id: 775c32ae-5db8-4c16-a518-324324b482ea
cache-tag: staticjsapp-FormsNext-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k4CW7QgOd%2Fz1zAMI9pYWglc4fBBPd7yiGGcDUX%2Fp1f6ZAA6dFybOLlKDzXZZ0Soza90VGEy8rE5QPFZ6%2Bty35yDyj5HvFWtAvamfz0L%2FxrS5P5MWgOMcltXohj%2FqJLwO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 820024cb99611c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.35

2.2 kB

URL
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 05:14:09 GMT
expires: Tue, 07 Nov 2023 05:14:09 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 238351
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101029
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Oct 2023 23:51:35 GMT
expires: Fri, 25 Oct 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 603305
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Size
15 kB (15340 bytes)
Hash
19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:15:32 GMT
expires: Fri, 01 Nov 2024 15:15:32 GMT
cache-control: public, max-age=31536000
age: 29468
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 522399
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/payload?p=06AFcWeA4LhSqgXx_WZf59AdsCSa2y0TMB14n0rJcsEPZQh-wZMKSefJFDU8e91dEj6MkO7vFUqKrShYH_jOfFWl_IzI88aVFIBcF5OzjZRcLp9oorxolXLwFfiyuXCItIuaFmzmFICqgsloQgb3ro1yAJAcRCdwMBc3QgrpNfH_O5-5-31Xt8WVKyO7FobF4CxTQ38KM1F4DVv6XZ0eQKqFjFvynqw8UOcw&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.164

31 kB

URL
www.google.com/recaptcha/enterprise/payload?p=06AFcWeA4LhSqgXx_WZf59AdsCSa2y0TMB14n0rJcsEPZQh-wZMKSefJFDU8e91dEj6MkO7vFUqKrShYH_jOfFWl_IzI88aVFIBcF5OzjZRcLp9oorxolXLwFfiyuXCItIuaFmzmFICqgsloQgb3ro1yAJAcRCdwMBc3QgrpNfH_O5-5-31Xt8WVKyO7FobF4CxTQ38KM1F4DVv6XZ0eQKqFjFvynqw8UOcw&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Size
31 kB (30726 bytes)
Hash
e56aa6d0998e7d0f8a5cf677fa30d589
3e088e7aacd583bb6f8370a7a4c0d22db734c30c
04e43c5f75f74365cf18d173453baf468cc23fd6924ecc769750335005471340

HTTP Headers

GET /recaptcha/enterprise/payload?p=06AFcWeA4LhSqgXx_WZf59AdsCSa2y0TMB14n0rJcsEPZQh-wZMKSefJFDU8e91dEj6MkO7vFUqKrShYH_jOfFWl_IzI88aVFIBcF5OzjZRcLp9oorxolXLwFfiyuXCItIuaFmzmFICqgsloQgb3ro1yAJAcRCdwMBc3QgrpNfH_O5-5-31Xt8WVKyO7FobF4CxTQ38KM1F4DVv6XZ0eQKqFjFvynqw8UOcw&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ALsHHK2bqQ_TfwFKB2nyyt3OjEfnqFJLpvm84gHYR4stcB2zmi15GHIH1FwFwFTYKOmpMBw-ntiQ1yph0C0ifKM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/jpeg
expires: Thu, 02 Nov 2023 23:26:41 GMT
date: Thu, 02 Nov 2023 23:26:41 GMT
cache-control: private, max-age=30
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.35

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 05:32:22 GMT
expires: Tue, 07 Nov 2023 05:32:22 GMT
cache-control: public, max-age=604800
age: 237259
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 11:00:47 GMT
expires: Sat, 04 Nov 2023 11:00:47 GMT
cache-control: public, max-age=604800
age: 476754
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

25 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 20:17:34 GMT
expires: Thu, 31 Oct 2024 20:17:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 97747
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101030
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2

142.250.74.164

17 kB

URL
www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
17 kB (16627 bytes)
Hash
ce4d29252dffa921e5b3ac32345118a3
9f460d20618ede9ac5b453cbd203b4e89a218a5e
9dd1d37de01cdca35b2805884a70293733801624f1e2e8662cbddf6432729d52

HTTP Headers

GET /recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=nuuab477bntb
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Thu, 02 Nov 2023 23:26:40 GMT
date: Thu, 02 Nov 2023 23:26:40 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 522400
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Size
15 kB (15340 bytes)
Hash
19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:15:32 GMT
expires: Fri, 01 Nov 2024 15:15:32 GMT
cache-control: public, max-age=31536000
age: 29469
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.35

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:12:23 GMT
expires: Thu, 09 Nov 2023 15:12:23 GMT
cache-control: public, max-age=604800
age: 29658
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.35

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 05:32:22 GMT
expires: Tue, 07 Nov 2023 05:32:22 GMT
cache-control: public, max-age=604800
age: 237259
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 11:00:47 GMT
expires: Sat, 04 Nov 2023 11:00:47 GMT
cache-control: public, max-age=604800
age: 476754
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html

122.201.127.227

200 OK

684 B

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-2ac"
expires: Sat, 02 Dec 2023 23:26:46 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download

122.201.127.227

190 B

URL GET
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
190 B (190 bytes)
Hash
3267dd8f0e96711dd54dbb1f5676b447
202602c4ec4a5e2498e3d24a3ed025ce70bf749c
b429e25e7813a9e2b90dcec11d9cb5287751246128dd6c76a7349774829c5554

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/storage.secure.min.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 503 Service Unavailable
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: text/html
content-length: 190
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webfont.js.download

122.201.127.227

6.0 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webfont.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (2134)
Size
6.0 kB (6022 bytes)
Hash
7c96a5f11d9741541d5e3c42ff6380d7
d3fa2564c021cf730e58ffddb138cf6b57ed126e
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/webfont.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: application/javascript
content-length: 6022
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/js

122.201.127.227

92 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1815)
Size
92 kB (92325 bytes)
Hash
fb2ab9b8632250b0d7aa50c08150cfe1
73b3f266ac08c9fb07e1de1664fed384ccd5bc86
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-length: 92325
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.164

10 kB

URL
www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (21679)
Size
10 kB (10234 bytes)
Hash
7f7238fa1d624434806f713fd6a37f12
2cb23a1d3cf6074e0035480ae89f5dfd75c78294
ee26e814bc2a1f58524d2556d78244090037fe84b3d81246b73312c2753416b6

HTTP Headers

GET /recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Nov 2023 23:26:40 GMT
content-security-policy: script-src 'nonce-cwN_5tm19gyitqxe09_8Ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download

122.201.127.227

614 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (1008), with no line terminators
Size
614 B (614 bytes)
Hash
d07e7630bc23cbdd7520d0a4f086c922
b50685923a96d55109959fdf21f369d902971b2a
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/enterprise.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:47 GMT
content-type: application/javascript
content-length: 614
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jsonp

122.201.127.227

278 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jsonp
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
278 kB (278382 bytes)
Hash
7efac8c0fa8e30db7a423500ef59abab
be73717f776f24dd31498c27a1b02b784570d5bb
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/jsonp HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:47 GMT
content-length: 278382
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html

122.201.127.227

200 OK

684 B

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/css.html
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text
Size
684 B (684 bytes)
Hash
147429fb2ddc3861e2ae0f473f17d78e
f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/css.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:47 GMT
content-type: text/html
content-length: 684
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-2ac"
expires: Sat, 02 Dec 2023 23:26:47 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

179 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
179 kB (178645 bytes)
Hash
3c174cfb4c2b1f6404eddfe0a48fbd94
b35274bef924d4cc95a48a50433236d687b88f67
64ba5ffc3a7c3cd231bdc8d1d0d242989fc48ea73de1968d01bcc77428b8249a

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html

122.201.127.227

143 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
143 kB (143448 bytes)
Hash
dc908539689adb30f6b2df8d11b41089
36ee44a820d5246beeb034df96dd984f5b2bf349
277e73d741e167cddc651cab78759ef3f95e843f7654e09035229ca8004bdaf1

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/secure.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:45 GMT
content-type: text/html
last-modified: Thu, 02 Nov 2023 09:32:02 GMT
vary: Accept-Encoding
etag: W/"65436c92-5177"
expires: Sat, 02 Dec 2023 23:26:45 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download

122.201.127.227

48 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
48 kB (47474 bytes)
Hash
43ca8224baf76c959586c45721ade0be
22a34cc0c229404d1b96d15411bb2af29da28a2c
c0383c07061929a462c8f9c3f081c4211152b23559d4004b6c3cbf6dfb89ac50

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:37 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/v2.js.download

122.201.127.227

514 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/v2.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
514 kB (513866 bytes)
Hash
f190d8fc6dc8dadc1504cedaeaaa5a72
5a09224fced20196812b46e1fd865a4f2f4ca8d6
745b5c47a0e1704703450303e2a8349343b9123b5f9022442194b91615d9d1da

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/v2.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:47 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=

104.18.160.125

15 kB

URL
forms.hsforms.com/embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk=
IP
104.18.160.125:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (5788), with no line terminators
Size
15 kB (15436 bytes)
Hash
fa151c787216d40fb289bbc3d415c6f9
85e7716387898e205d91eed94c97bf73ad5b96c9
959a0ceb88f05f27fceb196a3c4f7ea2758d3d1d167cb06c65e451c6f0661c0b

HTTP Headers

GET /embed/v3/form/4795067/2b64112b-f442-4840-9ace-b11dccd5f744?callback=hs_reqwest_0&hutk= HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 Nov 2023 23:26:48 GMT
content-type: application/javascript;charset=utf-8
x-trace: 2BB27C37E619C8622A912EE01AA4DB90309F6D9119000000000000000000
x-origin-hublet: na1
vary: origin
content-disposition: attachment; filename=no-rfd.txt
x-content-type-options: nosniff
access-control-allow-credentials: false
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
x-envoy-upstream-service-time: 5
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-hjwld
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-hubspot-correlation-id: 673205d5-fb74-4dc9-8a2d-c12883b05cfc
x-request-id: 673205d5-fb74-4dc9-8a2d-c12883b05cfc
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 820024ff3e4eb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource(1).html

122.201.127.227

504 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource(1).html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
504 B (504 bytes)
Hash
938be7d50aa827110de3ba6d24f24ceb
499a6b9239bbf79c2363a2ecf3cc405a957b24ec
58092d87121c0af28a0ae8ad3e9afcfb4c50156ca369a9a2dfafc8d516a25d5c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/saved_resource(1).html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:48 GMT
content-type: text/html
content-length: 504
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-1f8"
expires: Sat, 02 Dec 2023 23:26:48 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/mm-logo.svg

122.201.127.227

12 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/mm-logo.svg
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
12 kB (12019 bytes)
Hash
51bcea2625eb2c6e9268a7377a792c86
5eeb306e6584eed1747c36c11724f193711d430e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/mm-logo.svg HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:48 GMT
content-type: image/svg+xml
content-length: 12019
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/analytics.js.download

122.201.127.227

200 OK

69 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/analytics.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
69 kB (69207 bytes)
Hash
26d0fd10c6543c9bc7e31796cf6c685d
6d4a308747a68b50d147dda88ed0989176e36245
52a50c08328863179ee12008c1d6180840d023b196cdf44fc6653dd148a0b536

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/analytics.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Bold-WebXL.woff2

122.201.127.227

44 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Bold-WebXL.woff2
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size
44 kB (44544 bytes)
Hash
9024d0bf73943172297c4628d0054e20
36c3795e7b297d06589e15ef59592683d9ed0974
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:48 GMT
content-type: font/woff2
content-length: 44544
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:38 GMT
x-newfold-cache-level: 2
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/js.hsforms.net/forms/v2.js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/js.hsforms.net/forms/v2.js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Nov 2023 23:26:48 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Changa+One:400,400italic

142.250.74.106

16 kB

URL
fonts.googleapis.com/css?family=Changa+One:400,400italic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
ASCII text, with very long lines (38562)
Size
16 kB (16478 bytes)
Hash
e5133d689366ef4ff39c2c6da1dc4b8c
985a8a67a810edbd4c9f569cc7c228e540e94fb7
be7f8fcf1fee0f02a1429c7cc2d5ca54c6eebb3b0332b3c6217f0cd3c0bd5eed

HTTP Headers

GET /css?family=Changa+One:400,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 Nov 2023 23:26:48 GMT
date: Thu, 02 Nov 2023 23:26:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

142.250.74.164

190 kB

URL
www.google.com/recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1022)
Size
190 kB (189475 bytes)
Hash
a2bce1f6bb0bd8da5d441b30a6aa2edd
78d20427539ebaa932b390e11f7dfc0b0a29f409
8be35f4b47d7318dbaa4cc1d7e1614ca03a180879947a04c5d38f42089b96d02

HTTP Headers

GET /recaptcha/enterprise.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Cookie: _GRECAPTCHA=09ALsHHK1YRSpAUHypC3yunMlg6tw5nIWT2cuJi8sNJiz6_NhEscuhu-CPlQ9B-u1kjhwMj80rVLF0rN9BO_3beFk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/javascript; charset=UTF-8
expires: Thu, 02 Nov 2023 23:26:48 GMT
date: Thu, 02 Nov 2023 23:26:48 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js

142.250.74.35

1.6 kB

URL
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
c90524d6a02b27addb56c350fe6fbb2d
d713d1b53323c0169ffe0649be8c9d04a189f999
4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0

HTTP Headers

GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/webclip.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/webclip.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png

122.201.127.227

11 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/metamask.io/images/favicon.png
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (16458)
Size
11 kB (11189 bytes)
Hash
c1558e2a3775cf75ad955a7ec8b14eb5
c8cfe74fbd098e5be40f668a42a0dc8f9a025b48
cc6218b4fdab7ebfbe785c67faa63916e889a11f43c91d6fdcfcaab8d4210dde

HTTP Headers

GET /wp-includes/IXR/meta/metamask.io/images/favicon.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: text/html; charset=UTF-8
content-length: 11189
x-powered-by: PHP/8.2.10
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://xcx3gsz9.dreamwp.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

25 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 20:17:34 GMT
expires: Thu, 31 Oct 2024 20:17:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 97755
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

178.249.97.99

203 kB

URL
accdn.lpsnmedia.net/api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP
178.249.97.99:0
ASN
#11054 LIVEPERSON

File type
gzip compressed data, from Unix\012- data
Size
203 kB (203189 bytes)
Hash
c3098a8f4eea8161c51605a6932576de
625d91af89a156964a53f3b2838f86e410bd8019
17fe4010cde24c50d9b11c7741591876d4abad15d5029cf2e57fd640803e732e

HTTP Headers

GET /api/account/88982875/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Nov 2023 23:26:48 GMT
content-type: application/javascript
vary: Accept
expires: Thu, 02 Nov 2023 23:27:16 GMT
x-envoy-upstream-service-time: 1
x-envoy-decorator-operation: lp-accdn-app.default.svc.lokube01.int.liveperson.net:8080/*
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: HIT
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067

104.18.160.125

35 B

URL
perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067
IP
104.18.160.125:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=4795067 HTTP/1.1
Host: perf.hsforms.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: image/gif
content-length: 35
x-trace: 2BA79D43044FAC7C126ABF47596834620F26990C63000000000000000000
cache-control: max-age=0, no-cache, no-store
vary: origin, Accept-Encoding
access-control-allow-credentials: false
x-content-type-options: nosniff
access-control-expose-headers: X-Origin-Hublet
x-robots-tag: none
x-envoy-upstream-service-time: 14
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-79986f96f-r55k7
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-hubspot-correlation-id: 9569be19-d454-48dd-a81d-94a93719d398
x-request-id: 9569be19-d454-48dd-a81d-94a93719d398
last-modified: Thu, 02 Nov 2023 23:26:49 GMT
cf-cache-status: MISS
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 820025066a46b4f1-OSL
alt-svc: h3=":443"; ma=86400

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/plx.chock.js

122.201.127.227

239 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/plx.chock.js
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (33133)
Size
239 kB (239045 bytes)
Hash
0702b5b5ab100383e21578e601833e84
1cdf6b53c84ec79c949d510862b0745b7f6fca3e
7b30243774c980ed8f3786aff6f162837acead86950524ef555c4deea94af1f0

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/plx.chock.js HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
vary: Accept-Encoding
etag: W/"65436c91-d41"
expires: Sat, 02 Dec 2023 23:26:46 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

220 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
220 kB (219959 bytes)
Hash
12955984f09adc138991d8882f6f82d6
aee91572e0852e99ca147d608880ded53c1bee90
479a6db3f03df08bb43ee2b51aa03f010a728c59ed0c6e9dee81667a0d8e62d5

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/anchor.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 522408
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource(2).html

122.201.127.227

504 B

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/saved_resource(2).html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
504 B (504 bytes)
Hash
be8f11582f8b9d35f9b9476b810c0468
59600ce9d68f20be69bbaead09ac058abf650dd2
1898ec2fd073040a6d445e0a662e7fdbccbd59946a629b82c2db1e202665f46d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/saved_resource(2).html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/anchor.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: text/html
content-length: 504
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-1f8"
expires: Sat, 02 Dec 2023 23:26:49 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/normalize.css

122.201.127.227

200 OK

5.0 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/normalize.css
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
5.0 kB (4999 bytes)
Hash
0e5e10a53a0ffb1bbacb14b7bb817e35
903e47a53cceeb3bacd112e9ceaca65ade4ceeed
0c7774c0128e1c6bfbee65eecaf8ff7d2b079b4e287909d084dc665a7792087e

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/normalize.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
vary: Accept-Encoding
etag: W/"65436c91-1e5c"
expires: Sat, 02 Dec 2023 23:26:46 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/v2.js.download

122.201.127.227

413 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/v2.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (65536), with no line terminators
Size
413 kB (413162 bytes)
Hash
cdb45e830e11e02471fc3630c1e843a8
51050023d7b9c3e95953e19f61020fa72ac34b32
61bd74a80fde927e8a4807382e997d32f43506208f9e08b22d90e0f2e520d598

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/v2.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:37 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=w7jlzfpkos3g

142.250.74.164

58 kB

URL
www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=w7jlzfpkos3g
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (51067)
Size
58 kB (58270 bytes)
Hash
c775b2fee036331751c0fe1feba6c351
fed12b9f3154be129e382b3ff1ceb37152847e35
ec673e79cc768f803c4b4c33b21c12677750c5c22d86b568b0f60fd71584a617

HTTP Headers

GET /recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9qcy5oc2Zvcm1zLm5ldDo0NDM.&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&badge=inline&cb=w7jlzfpkos3g HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://js.hsforms.net/
Cookie: _GRECAPTCHA=09ALsHHK1YRSpAUHypC3yunMlg6tw5nIWT2cuJi8sNJiz6_NhEscuhu-CPlQ9B-u1kjhwMj80rVLF0rN9BO_3beFk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Nov 2023 23:26:49 GMT
content-security-policy: script-src 'nonce--9Ur_2ku0QUxec4LV1od1w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download

122.201.127.227

200 OK

360 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (820)
Size
360 kB (359605 bytes)
Hash
3904f71eaa323499be7a52482795f568
7092d1c74ade5f0214769af4c0b5db2aa8f67054
0fca61efecac25e92d8b083547dbab5c132f40fa41ec04321d7e6002eb9a3d48

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/recaptcha__nl.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/bframe.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:36 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 11:00:47 GMT
expires: Sat, 04 Nov 2023 11:00:47 GMT
cache-control: public, max-age=604800
age: 476763
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/styles__ltr.css

122.201.127.227

25 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/styles__ltr.css
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
25 kB (24692 bytes)
Hash
ed2ce1b042f7b373e2dedd8ba817b150
45b1acfada3e37fd13323fdd3edb7101d461918e
153910e0f6bf20072e8e01fbcfff0a65ba164ce658567dc9ba47fa18b4b3548d

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/styles__ltr.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/bframe.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:49 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
vary: Accept-Encoding
etag: W/"65436c91-cc90"
expires: Sat, 02 Dec 2023 23:26:49 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

870 B

URL GET HTTP/3
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
gzip compressed data, max compression\012- data
Size
870 B (870 bytes)
Hash
4e1a29b23c2f7ca93c26c1f9a55ffb7c
666429dd6d765ea87aee90e9a087d99199b9d237
6286aed9e3615b4c09d38c19047019dcc7a7ad8944366659dba3fb37896b0394

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 02 Nov 2023 23:26:46 GMT
date: Thu, 02 Nov 2023 23:26:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Oct 2023 23:51:35 GMT
expires: Fri, 25 Oct 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 603315
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 522409
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.35

2.2 kB

URL
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 05:14:09 GMT
expires: Tue, 07 Nov 2023 05:14:09 GMT
cache-control: public, max-age=604800
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
age: 238361
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101039
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

25 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 20:17:34 GMT
expires: Thu, 31 Oct 2024 20:17:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 97756
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download

122.201.127.227

228 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
ASCII text, with very long lines (65451)
Size
228 kB (227930 bytes)
Hash
813cdfde999f7bca50124d9bf24bf45e
4c9ce23d75068e38af190ab43e6f889cecb56fbd
14f22b4d97a0d5efc049d098d8ebd4b3ea9800b6ee9d7a9bc332853580a5fa0f

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:47 GMT
content-type: application/javascript
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
cache-control: max-age=86400
expires: Fri, 03 Nov 2023 23:26:37 GMT
vary: Accept-Encoding
content-encoding: gzip
x-newfold-cache-level: 2
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/api2/audio_2x.png

142.250.74.35

530 B

URL
www.gstatic.com/recaptcha/api2/audio_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
530 B (530 bytes)
Hash
88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

HTTP Headers

GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 05:32:22 GMT
expires: Tue, 07 Nov 2023 05:32:22 GMT
cache-control: public, max-age=604800
age: 237269
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Oct 2023 23:51:35 GMT
expires: Fri, 25 Oct 2024 23:51:35 GMT
cache-control: public, max-age=31536000
age: 603316
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

15 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Size
15 kB (15340 bytes)
Hash
19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:15:32 GMT
expires: Fri, 01 Nov 2024 15:15:32 GMT
cache-control: public, max-age=31536000
age: 29479
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 522410
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/payload?p=06AFcWeA6wv29Wo5bR_KMSFEhdPBRj0DHICZ9FS-b7bDUXcJcAgnXtbaV4btLlPYqwlMtUKnYNNYm-zogImXB568zdceKfdTRwWcKecz00f5nW9uEgE7RkOAlUGLlomj-sq_3U5efX0f0FyFt6nvJDC_TqB5v-ha2fgr4MI521gS91JHrRqJ8LIOJtTN679PoF5K_L1JdA5-1Z&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.164

54 kB

URL
www.google.com/recaptcha/enterprise/payload?p=06AFcWeA6wv29Wo5bR_KMSFEhdPBRj0DHICZ9FS-b7bDUXcJcAgnXtbaV4btLlPYqwlMtUKnYNNYm-zogImXB568zdceKfdTRwWcKecz00f5nW9uEgE7RkOAlUGLlomj-sq_3U5efX0f0FyFt6nvJDC_TqB5v-ha2fgr4MI521gS91JHrRqJ8LIOJtTN679PoF5K_L1JdA5-1Z&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3\012- data
Size
54 kB (53489 bytes)
Hash
6e969e3875d5c6a8590528213a1bca1f
03af84e574582336494881848a7beb17174a8c7e
7ac8ef4f1276d1ff91541b39ea41ce810b0aeac92a5042883abc41de49e588a4

HTTP Headers

GET /recaptcha/enterprise/payload?p=06AFcWeA6wv29Wo5bR_KMSFEhdPBRj0DHICZ9FS-b7bDUXcJcAgnXtbaV4btLlPYqwlMtUKnYNNYm-zogImXB568zdceKfdTRwWcKecz00f5nW9uEgE7RkOAlUGLlomj-sq_3U5efX0f0FyFt6nvJDC_TqB5v-ha2fgr4MI521gS91JHrRqJ8LIOJtTN679PoF5K_L1JdA5-1Z&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ABQWEJp4_rLivQA6BDyKMgFXjKFy1Eq44wqJapPYynPQ4r7MywpEbAcZoajRGDtiSS8icmARn_CM4XbB9NB_VmM
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/jpeg
expires: Thu, 02 Nov 2023 23:26:51 GMT
date: Thu, 02 Nov 2023 23:26:51 GMT
cache-control: private, max-age=30
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 11:00:47 GMT
expires: Sat, 04 Nov 2023 11:00:47 GMT
cache-control: public, max-age=604800
age: 476764
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

142.250.74.35

25 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 20:17:34 GMT
expires: Thu, 31 Oct 2024 20:17:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/css
vary: Accept-Encoding
age: 97757
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

142.250.74.35

189 kB

URL
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (689)
Size
189 kB (188860 bytes)
Hash
4efc45f285352a5b252b651160e1ced9
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

HTTP Headers

GET /recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 188860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Nov 2023 19:22:51 GMT
expires: Thu, 31 Oct 2024 19:22:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 101040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.164

16 kB

URL
www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
16 kB (16509 bytes)
Hash
7169076d49e2aa2052e441e3bdc14bf7
943e9aa53c512e678d4028e0cae1a7fdab895083
610537a2a086b2964d28f17907258e27f8f66c8a6792f0388776a05a9283263e

HTTP Headers

GET /recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://js.hsforms.net/
Cookie: _GRECAPTCHA=09ALsHHK1YRSpAUHypC3yunMlg6tw5nIWT2cuJi8sNJiz6_NhEscuhu-CPlQ9B-u1kjhwMj80rVLF0rN9BO_3beFk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Nov 2023 23:26:51 GMT
content-security-policy: script-src 'nonce-j5fbIH2cf5L-dAgP110pDQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 22:20:01 GMT
expires: Sat, 26 Oct 2024 22:20:01 GMT
cache-control: public, max-age=31536000
age: 522410
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.164

230 kB

URL
www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
230 kB (230057 bytes)
Hash
245abf67684d9f0e61bef39810564a9b
4f99c72e3c4f73dd3e2279eb87269e4901d7f5b2
11b8b1c3c663e661ab21e4d855e5edf8c1f2919cd1898c1e46ac017bc3a4bff0

HTTP Headers

POST /recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 6226
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Thu, 02 Nov 2023 23:26:40 GMT
expires: Thu, 02 Nov 2023 23:26:40 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09ALsHHK2bqQ_TfwFKB2nyyt3OjEfnqFJLpvm84gHYR4stcB2zmi15GHIH1FwFwFTYKOmpMBw-ntiQ1yph0C0ifKM;Path=/recaptcha;Expires=Tue, 30-Apr-2024 23:26:40 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/refresh_2x.png

142.250.74.35

600 B

URL
www.gstatic.com/recaptcha/api2/refresh_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
600 B (600 bytes)
Hash
0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

HTTP Headers

GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:12:23 GMT
expires: Thu, 09 Nov 2023 15:12:23 GMT
cache-control: public, max-age=604800
age: 29668
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/enterprise/payload?p=06AFcWeA7xtBw2__XNoOXJ_39g6DHjK3dncO43iQGXZLhf_wBfd8vL7X0BLvTQpB9O3GBLo8Bwsdp_VVH2s_ZFWqFaJsXfVeN9wsRwIBON_XvqfdOaEpKNoK0qW9KHMRGz0ZatL8tXZGLGa_0WIKCPcuXn7tYLWcgFxZE2jMUApqfaAEjeRuIFQ_qNukhiV1BuyDu4Z8yJHMAU&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.164

29 kB

URL
www.google.com/recaptcha/enterprise/payload?p=06AFcWeA7xtBw2__XNoOXJ_39g6DHjK3dncO43iQGXZLhf_wBfd8vL7X0BLvTQpB9O3GBLo8Bwsdp_VVH2s_ZFWqFaJsXfVeN9wsRwIBON_XvqfdOaEpKNoK0qW9KHMRGz0ZatL8tXZGLGa_0WIKCPcuXn7tYLWcgFxZE2jMUApqfaAEjeRuIFQ_qNukhiV1BuyDu4Z8yJHMAU&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3\012- data
Size
29 kB (29340 bytes)
Hash
f1426ae613ef6561b32cf8ac51e5f732
f200f19fe44e77160b8b584f9c6a52888a89e882
a84ecdfd303137f32ee9216fe969ab19afbc990bd2847a0acfc48240aa52e7eb

HTTP Headers

GET /recaptcha/enterprise/payload?p=06AFcWeA7xtBw2__XNoOXJ_39g6DHjK3dncO43iQGXZLhf_wBfd8vL7X0BLvTQpB9O3GBLo8Bwsdp_VVH2s_ZFWqFaJsXfVeN9wsRwIBON_XvqfdOaEpKNoK0qW9KHMRGz0ZatL8tXZGLGa_0WIKCPcuXn7tYLWcgFxZE2jMUApqfaAEjeRuIFQ_qNukhiV1BuyDu4Z8yJHMAU&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ALsHHK2BFlcZ3J4FFsip-ZZFH4j2fgobm2eh4cAeuiwME1RQxN3UbwIJ84xlA-2M2ZprufCwirzKwXFb4tuOTiQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: image/jpeg
expires: Thu, 02 Nov 2023 23:26:51 GMT
date: Thu, 02 Nov 2023 23:26:51 GMT
cache-control: private, max-age=30
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/info_2x.png

142.250.74.35

665 B

URL
www.gstatic.com/recaptcha/api2/info_2x.png
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Size
665 B (665 bytes)
Hash
07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

HTTP Headers

GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Oct 2023 11:00:47 GMT
expires: Sat, 04 Nov 2023 11:00:47 GMT
cache-control: public, max-age=604800
age: 476764
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/bframe.html

122.201.127.227

4.5 kB

URL
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/bframe.html
IP
122.201.127.227:0
ASN
#38719 Dreamscape Networks Limited

File type
gzip compressed data, from Unix\012- data
Size
4.5 kB (4540 bytes)
Hash
26b10a8ab6aefa70edf88c654e17c65f
589cf488f541717eda5c6cf18c314bf9c7803d75
70e39c2384f02fb26b402b75a0613cb32e7be44ee2c627c0d143ab65135acdef

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/bframe.html HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:53 GMT
content-type: text/html
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
vary: Accept-Encoding
etag: W/"65436c91-2e07"
expires: Sat, 02 Dec 2023 23:26:53 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#15169 GOOGLE

File type
XML 1.0 document text\012- XML document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: 17856
rule-data-version: 3
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2023-12-08-22-56-18.chain; p384ecdsa=mdAXNxM05FK0DK6UxG13tTpm5l-XggRwMgxLCwy0SF026XdSkWO1mOu9nUCRtH198p_NIpgoH3QBqXT6vszfLiZdrD1WWSKr13cQZ8c_XUJrqqfLcUhuctJwAq8l9cPv
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Thu, 02 Nov 2023 23:26:19 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 34
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

142.250.74.164

71 kB

URL
www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
gzip compressed data\012- data
Size
71 kB (70582 bytes)
Hash
246cdd99963bd498c2ecb98c20e7e4fc
a62bd2ffc1d6b7cc145c3e84b547eff0cb5f4d2d
2268f3822e0f831447a1518d29efa2443e90f505b19314cd2eeba2972b2ca641

HTTP Headers

POST /recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-protobuffer
Content-Length: 8082
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Cookie: _GRECAPTCHA=09ABQWEJp4_rLivQA6BDyKMgFXjKFy1Eq44wqJapPYynPQ4r7MywpEbAcZoajRGDtiSS8icmARn_CM4XbB9NB_VmM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
date: Thu, 02 Nov 2023 23:26:51 GMT
expires: Thu, 02 Nov 2023 23:26:51 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09ALsHHK2BFlcZ3J4FFsip-ZZFH4j2fgobm2eh4cAeuiwME1RQxN3UbwIJ84xlA-2M2ZprufCwirzKwXFb4tuOTiQ;Path=/recaptcha;Expires=Tue, 30-Apr-2024 23:26:51 GMT;Secure;HttpOnly;Priority=HIGH;SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

2.18.121.79

512 kB

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
2.18.121.79:0
ASN
#16625 AKAMAI-AS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

HTTP Headers

GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Last-Modified: Wed, 07 Jun 2023 18:17:03 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1686161822.36709
Content-Type: application/zip
X-Trans-Id: tx850f8ba461544848b47ef-006519bffadfw1
Cache-Control: public, max-age=90411
Expires: Sat, 04 Nov 2023 00:33:44 GMT
Date: Thu, 02 Nov 2023 23:26:53 GMT
Connection: keep-alive

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css

122.201.127.227

200 OK

142 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
ASCII text
Size
142 kB (142043 bytes)
Hash
d4ede0f1d47b3b9aac92ea8a29c2ec85
135c44809f03ce1360c7e74da033e4b4f5cfb87c
98489ee303fa850e7c3185248b30d64dfb6c7c55aa8726a98efb037525988e5a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
vary: Accept-Encoding
etag: W/"65436c91-22adb"
expires: Sat, 02 Dec 2023 23:26:46 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/Institutional-Illustration.png

122.201.127.227

200 OK

290 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/Institutional-Illustration.png
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type
PNG image data, 876 x 1040, 8-bit/color RGBA, non-interlaced\012- data
Size
290 kB (289564 bytes)
Hash
85607339bb7e3cc70e1b7568ed4d29b2
7c6301d70e1ab599857be6e9795b94418cef6079
5bdf1ea203497adb942fa639a322195c744910ae8980d625d986ddead1f8ed37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/Institutional-Illustration.png HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/metamask-staging-2.webflow.css
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:48 GMT
content-type: image/png
content-length: 289564
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
etag: "65436c91-46b1c"
expires: Sat, 02 Dec 2023 23:26:48 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

216.58.207.227

200 OK

128 kB

URL GET HTTP/3
fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0\012- data
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xcx3gsz9.dreamwp.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Nov 2023 15:19:24 GMT
expires: Fri, 01 Nov 2024 15:19:24 GMT
cache-control: public, max-age=31536000
age: 29244
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true

34.120.154.120

200 OK

40 kB

URL GET HTTP/3
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true
IP
34.120.154.120:443
ASN
#15169 GOOGLE

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.lpsnmedia.net
Fingerprint50:71:62:B3:88:93:98:3D:CC:EF:A7:C6:82:00:2D:1E:44:64:14:BB
ValidityMon, 09 Jan 2023 00:00:00 GMT - Tue, 09 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32207)
Size
40 kB (39478 bytes)
Hash
e57f19d47b3b07b577d844ae827ea4b3
7fab7227b3a1fb72d016a40685952c4483909eb8
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

HTTP Headers

GET /le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Fxcx3gsz9.dreamwp.com&site=88982875&env=prod&isCrossDomain=true HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
x-guploader-uploadid: ABPtcPru8w3PW0zG3-BQfTMt69HuiHYMiB7-ay0FoJIjJ6JFyijrK8oy0uSx41BFFycxkHXRgbXP_n1Ns8tvJvGERJMhb-K-_VuX
date: Thu, 02 Nov 2023 23:26:48 GMT
last-modified: Sat, 17 Jun 2023 09:58:10 GMT
etag: W/"e57f19d47b3b07b577d844ae827ea4b3"
x-goog-generation: 1686995890733494
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 39478
content-type: text/html
x-goog-hash: crc32c=7aa2PA==, md5=5X8Z1Hs7B7V32ESugn6ksw==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
server: UploadServer
vary: Accept-Encoding
content-encoding: br
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webflow.css

122.201.127.227

200 OK

39 kB

URL GET HTTP/2
xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/meta/webflow.css
IP
122.201.127.227:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Certificate
IssuerSectigo Limited
Subject*.dreamwp.com
Fingerprint30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC
ValidityWed, 04 Jan 2023 00:00:00 GMT - Mon, 15 Jan 2024 23:59:59 GMT

File type

Size
39 kB (39109 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /wp-includes/IXR/meta/log/8950f/meta/webflow.css HTTP/1.1
Host: xcx3gsz9.dreamwp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xcx3gsz9.dreamwp.com/wp-includes/IXR/meta/log/8950f/secure.html
Cookie: _ga=GA1.2.1366337233.1698967598; _gid=GA1.2.621158448.1698967598; _gat_gtag_UA_37075177_6=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 02 Nov 2023 23:26:46 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 09:32:01 GMT
vary: Accept-Encoding
etag: W/"65436c91-98c5"
expires: Sat, 02 Dec 2023 23:26:46 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

JavaScript (48)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by