Overview

URL servicemeto91.zzux.com/authen
IP210.16.120.193
ASNHostUS
Location Singapore
Report completed2022-09-28 10:40:52 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-27 2 servicemeto91.zzux.com/authen Crypto/Wallet
2022-09-27 2 servicemeto91.zzux.com/authen Crypto/Wallet
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 servicemeto91.zzux.com/authen Phishing
2022-09-28 2 servicemeto91.zzux.com/ Phishing
2022-09-28 2 servicemeto91.zzux.com/authen Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/plx.chock.js Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/webfont.js.download Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/enterprise.js.download Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/css.html Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/storage.secure.min.js.download Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/jquery-3.5.1.min.dc5e7f18c8.js.download Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/jsonp Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/js Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/mm-logo.svg Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/EuclidCircularB-Regular-WebXL.woff2 Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/webflow.js.download Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/EuclidCircularB-Bold-WebXL.woff2 Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/bframe.html Phishing
2022-09-28 2 servicemeto91.zzux.com/meta/recaptcha__nl.js.download Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS fonts.googleapis.com (2) 8877 2013-06-10 20:14:26 UTC 2022-09-28 06:28:23 UTC 142.250.74.10
mnemonic passive DNS www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-09-28 07:43:30 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.35
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-28 08:57:43 UTC 93.184.220.29
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.77.32
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-28 05:04:09 UTC 143.204.55.36
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 52.89.255.30
mnemonic passive DNS servicemeto91.zzux.com (24) 0 2022-09-26 12:43:36 UTC 2022-09-28 10:33:43 UTC 210.16.120.193 Domain (zzux.com) ranked at: 261465
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-08-29 13:43:22 UTC 2022-09-28 04:36:33 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 210.16.120.193

Date UQ / IDS / BL URL IP
2022-10-05 13:02:52 +0000
26 - 0 - 42 joybamq1.zzux.com/recover 210.16.120.193
2022-10-05 13:02:46 +0000
26 - 0 - 41 joybamq1.zzux.com/authen?utm_medium=marketing (...) 210.16.120.193
2022-10-05 13:02:41 +0000
24 - 0 - 39 joybamq1.zzux.com/ 210.16.120.193
2022-10-04 10:43:10 +0000
3 - 0 - 1 ororfitnaz.zzux.com/ 210.16.120.193
2022-10-04 10:20:38 +0000
24 - 0 - 39 doitnow1xz.zzux.com/ 210.16.120.193

Last 5 reports on ASN: HostUS

Date UQ / IDS / BL URL IP
2022-12-03 08:25:58 +0000
0 - 0 - 1 dopeboots.com/ 45.58.52.147
2022-12-02 22:34:32 +0000
0 - 0 - 1 bootsandcompany.com/Cancel/debit/No 45.58.52.147
2022-12-02 08:38:58 +0000
0 - 0 - 1 pazrealtymiami.com/ 45.58.52.147
2022-11-30 08:38:25 +0000
0 - 0 - 1 pazrealtymiami.com/ 45.58.52.147
2022-11-30 05:21:56 +0000
0 - 0 - 5 thedentalcoach.com/ 104.128.228.245

Last 5 reports on domain: zzux.com

Date UQ / IDS / BL URL IP
2022-11-28 11:22:01 +0000
3 - 0 - 0 dl.zzux.com/hkjsq_cli-1.1.20.exe 150.129.218.133
2022-11-28 11:22:02 +0000
3 - 0 - 0 dl.zzux.com/hkjsq-0.1.8.exe 150.129.218.133
2022-11-27 00:50:35 +0000
9 - 0 - 8 www.verifycitizen.zzux.com/ 4.240.80.134
2022-11-26 13:03:07 +0000
76 - 0 - 0 secureaccts.zzux.com/ 159.223.202.30
2022-11-25 01:21:29 +0000
3 - 0 - 1 joinwhatsapp-group.zzux.com/ 62.171.136.40

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-23 20:10:05 +0000
0 - 0 - 16 cleanupmetamask.run.place/ 212.8.251.13
2022-11-23 20:10:04 +0000
0 - 0 - 17 cleanupmetamask.run.place/authen 212.8.251.13
2022-11-23 18:40:50 +0000
0 - 0 - 17 cleanupmetamask.run.place/authen 212.8.251.13
2022-10-25 17:34:13 +0000
0 - 0 - 19 whenalive123.run.place/authen 193.31.30.210
2022-10-25 14:47:32 +0000
0 - 0 - 19 whenalive123.run.place/authen 193.31.30.210


JavaScript

Executed Scripts (14)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (51)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6527
Expires: Wed, 28 Sep 2022 12:29:29 GMT
Date: Wed, 28 Sep 2022 10:40:42 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 10:17:40 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vLkCQzhGClSpeC9DW97Omy09BLj1eH06rmk6F2StzrK7ATMnBfQb6A==
Age: 1382


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: y5acxll0oz-P00HqzhVN60ZSewRUX7zzldnPwgWSjOG1zOI18Rng_g==
age: 18736
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 10:40:42 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 10:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 11:23:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Y4q4kWcIltT15pXJIWwuL2kFsKty3WTyuPr3pWyo64cEBBzGQDeukg==
Age: 669


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6290
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 10:40:42 GMT
Last-Modified: Wed, 28 Sep 2022 08:55:52 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ipvmAMya+xrmZKQICm81oA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.89.255.30
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xIPE+ba/qwqYjHj1LT740VOzMic=

                                        
                                            GET /authen HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:43 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f; expires=Wed, 28-Sep-2022 12:40:43 GMT; Max-Age=7200; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://servicemeto91.zzux.com/


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://servicemeto91.zzux.com/authen


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /authen HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Content-Length: 5807
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (523)
Size:   5807
Md5:    cb60e249cc0b8c2ea70d3efe3b12e4ac
Sha1:   3fffe5fc3ccd8c6f5bcfb94739955d3b904ec6a2
Sha256: 221efbe27e968f47ee871314bd77912bd8ff85618c2bc7d83dc2d6897c00ee95

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3806
Expires: Wed, 28 Sep 2022 11:44:10 GMT
Date: Wed, 28 Sep 2022 10:40:44 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7723c423-9c9b-4e58-93cc-7198e8ff6f62.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7359
x-amzn-requestid: 6e3123b2-ea7e-4e3e-8399-19a66d27923f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI34CEYtIAMF01w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336d00-5995316c70da7a0c460ac432;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:37:04 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: C8VwjZMvXqbQlvSRB8ugvw6o-wRUI0Xtbn91g79lSpBxrXiCzC_FXg==
via: 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 22:26:18 GMT
age: 44066
etag: "0cd28a243f9704140ccb9eb1415a77fcccc7cf87"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7359
Md5:    46dc8f1499f4de5f03bd87a68c3c6c7b
Sha1:   0cd28a243f9704140ccb9eb1415a77fcccc7cf87
Sha256: 3d7a5cdc0812857efabd7ab941aea6d6582790b86a9587809d222c0a8546262b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KmVkKXoPqZmnwFtpKhuox1kJNDoSxMEmYE39_zVPyaeoU4sPqq-_wA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:23 GMT
age: 46581
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02722822-e024-44b9-8ec1-48ec9500ca58.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9733
x-amzn-requestid: fff8214b-48f7-4b45-bd91-69ea4db871d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCAWhG9HIAMFloQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330adc3-1cffa63711378c525e49e11d;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 19:36:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DLbHFjJGMksD2heHzypEVyGDzN-yzsAnjrKWRyTZIWCH9J6XqljyDA==
via: 1.1 0dc4feb22bb4657ce2bb95fd05ec7122.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 06:36:08 GMT
age: 14676
etag: "2142075b27d0d355c51231ab06fea46e25eb9c59"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9733
Md5:    f3e1fd3401c5e635a8dbeec5f78b721d
Sha1:   2142075b27d0d355c51231ab06fea46e25eb9c59
Sha256: 2e17a43985b624e6b6592d402c36dd45b915cd6e1ac84e187c18c46420eb9a1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5319
x-amzn-requestid: d4c13fa8-eb03-4abf-9516-b74eac712b87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreHL5IAMFcOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-487923453bd27d6a744b5a31;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gGfaq_dx7NIHH43-iNn0Ah61HRLT8H3NxPGVoDvkKgBgy8zJWYwRuw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:49:20 GMT
age: 46284
etag: "75df3341e30281fcbf78c7074980356fdf0be8e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5319
Md5:    46e31aa06b8e86a9a5f9ba1cc3feca08
Sha1:   75df3341e30281fcbf78c7074980356fdf0be8e2
Sha256: d1fd4f81b7e0f43de960f0ee024d9e87bcb395f032a4ab0360e3829d1ec8a42b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8500
x-amzn-requestid: af82c8d6-950c-4933-87e3-7bbb15cb1ac8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3HOaoAMFoPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-77e0ecc522de575e40f429b3;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: rD5LsVDLQkaomG1nCGZGihbdlWKMCjUYNC2kRyAjJesJEOEBSj8Q3A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:47:03 GMT
age: 46421
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8500
Md5:    6139c878a7d2bd32c61fc8287996eb5b
Sha1:   9c4692ea64832895fbd107d91f879728b6a440c7
Sha256: 3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3806
Expires: Wed, 28 Sep 2022 11:44:10 GMT
Date: Wed, 28 Sep 2022 10:40:44 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 10:40:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3806
Expires: Wed, 28 Sep 2022 11:44:10 GMT
Date: Wed, 28 Sep 2022 10:40:44 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3806
Expires: Wed, 28 Sep 2022 11:44:10 GMT
Date: Wed, 28 Sep 2022 10:40:44 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: y3DefdcXJyoDHpJXwz460gfWcv2JUboOFExNQmTFgy30B4mn54Xvuw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:30 GMT
age: 46574
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12016
Md5:    4b794c6812cb546de0295e087ebe66a7
Sha1:   a54803cca7d3c509c195f65961e1110c8ec56f55
Sha256: 6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 10:40:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /meta/webflow.css HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Last-Modified: Mon, 26 Sep 2022 12:48:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63319fa1-98c5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (2587)
Size:   9290
Md5:    df537de16df2e7abb3a9474300085194
Sha1:   19823a9c07322292173a31cbb15faed3cb97855a
Sha256: c808edb13043989f1d4f886fa1f0e1a3aaa472f0d8a229f74429b04c13c08813

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/normalize.css HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Last-Modified: Mon, 26 Sep 2022 12:48:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63319f98-1e5c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   2659
Md5:    b165f8d0baec3b8976de14634861b941
Sha1:   f7eabfa6844712979ef5e274f275c5be39fdc86f
Sha256: 91404eaa9c2b59e842d6694c3bb2128e21253a1780a4a75e33571ed659bd4d8e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/plx.chock.js HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Last-Modified: Mon, 26 Sep 2022 12:48:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63319f99-d41"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   311
Md5:    bc6a4fa1a731b1746c1d21f104bd6064
Sha1:   865b9fd0868954c03f838366eb2449bab5d388d6
Sha256: d88bca135a10c80b24a4185a4a08f209c151d82c946a9327ef58590fa12e211b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/webfont.js.download HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Content-Length: 5415
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:34 GMT
ETag: "3384-5e993f21c1580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2134)
Size:   5415
Md5:    3fce8a085ab686f338e296d255f36db1
Sha1:   2da74358f4d36675c1bfa6ee5ee489e6e54bf401
Sha256: 9f9bbf22ba311465b6bb4c6944f94e2b97caea58227fafef64cf18b9181099c6

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/enterprise.js.download HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Content-Length: 614
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:15 GMT
ETag: "3f0-5e993f0f027ef-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1008), with no line terminators
Size:   614
Md5:    533554dfe842696d43cbbe1be26c9d4b
Sha1:   4bc96c1c9afdca5fddb20c7b172a13afa5cb46e4
Sha256: f480ee9ffad021062c3251c62acf39842c0fa7e71c7dccdd91ee30524fccb84d

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/metamask-staging-2.webflow.css HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Last-Modified: Mon, 26 Sep 2022 12:48:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63319f97-22adb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   17621
Md5:    86ed5c43bcc35cee708393d812a5c842
Sha1:   ac66037f44aa618e88099322852936d3e1318afe
Sha256: df01bd9c7ea82c575f395792b2e5e2b898afc72609cbd067a47144576964ea2a

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/css.html HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Content-Length: 684
Last-Modified: Mon, 26 Sep 2022 12:48:14 GMT
Connection: keep-alive
ETag: "63319f8e-2ac"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   684
Md5:    147429fb2ddc3861e2ae0f473f17d78e
Sha1:   f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
Sha256: 25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/storage.secure.min.js.download HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Content-Length: 13194
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:29 GMT
ETag: "96a2-5e993f1cb45ea-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (38562), with no line terminators
Size:   13194
Md5:    79e7d68549291cc082c85f94b73ee13c
Sha1:   e065402b005d2fd7105c9a12adf961a58a4deb96
Sha256: 0adedf6a93b53bc365a213c28a4b10d8af539d8fe55c283cbd3c532a0bc0875a

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /css?family=Changa+One:400,400italic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/

                                         
                                         142.250.74.10
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 28 Sep 2022 10:40:45 GMT
Date: Wed, 28 Sep 2022 10:40:45 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text
Size:   301
Md5:    7fb212f619185f162769684274cb1dfe
Sha1:   414b678cfcbcd25c44569e72369a8218bea8756d
Sha256: d53161ae9523414449dd0f7083f66fda679084bac2cb18a92b884a43616c1fd5
                                        
                                            GET /meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Content-Length: 30910
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:20 GMT
ETag: "15d84-5e993f1452da6-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30910
Md5:    888c5fa4504182a0224b264a1fda0e73
Sha1:   65f058a7dead59a8063362241865526eb0148f16
Sha256: 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/jsonp HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:22 GMT
ETag: "43f6e-5e993f163064e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   87424
Md5:    b8763d07178c652db17cb681eb21cbf8
Sha1:   e2c34d4bfbd1fb7515ac879781deffb638ad9cad
Sha256: 415f8c95aabc4f7af332ae9060179be3606991c2832a4f442d4c746ff1c80740

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://servicemeto91.zzux.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 8404
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Sep 2022 09:48:03 GMT
Expires: Thu, 28 Sep 2023 09:48:03 GMT
Cache-Control: public, max-age=31536000
Age: 3162
Last-Modified: Thu, 21 Apr 2022 17:15:41 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size:   8404
Md5:    141119ae119bf7ca75e10ef82f66e442
Sha1:   adebf435aa078db3c116cb9faae15f2ad81d3ac5
Sha256: c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff
                                        
                                            GET /meta/js HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Content-Length: 35327
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:21 GMT
ETag: "168a5-5e993f1546fea-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1815)
Size:   35327
Md5:    538830958289d9161b34e9b6f0f72488
Sha1:   c516269bf9a738cef82ace7c0525f41a93b2fb75
Sha256: c0662c29101a79a0c5d62b273cb34b4fa830081d61722e32ec32205f2defd190

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/wpp.gif HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Content-Length: 3877
Last-Modified: Mon, 26 Sep 2022 12:48:36 GMT
Connection: keep-alive
ETag: "63319fa4-f25"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 87a, 470 x 40\012- data
Size:   3877
Md5:    941648b845842a709da73e24652cf8a4
Sha1:   099e5f97e602d026c51537c9b45328dc99261d7c
Sha256: 2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/mm-logo.svg HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Last-Modified: Mon, 26 Sep 2022 12:48:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63319f98-2ef3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size:   3369
Md5:    fe5cd5ed43a0fad22921e5ccf7f227e1
Sha1:   700b6b72c9bf320bb0412e17de6d7bc0b8d55888
Sha256: 2043092e404254e6b01d4ba210ae0b703c5364d0c7404c5f0dd4853b58bc2872

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/meta/metamask-staging-2.webflow.css
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Content-Length: 45196
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:18 GMT
ETag: "b08c-5e993f11cb63b"
Accept-Ranges: bytes
Vary: Accept-Encoding


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size:   45196
Md5:    2d75957df3bb3aa6ed84f6591b0d5a1a
Sha1:   906424e75625f63b0188471067065794d0348536
Sha256: 8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/webflow.js.download HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:36 GMT
ETag: "92c10-5e993f2355a47-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (50020)
Size:   147184
Md5:    c4b0095b01ed8f86df80e43a2b91d041
Sha1:   c79105b1702e8db781c136b44bff3e26ba72cc36
Sha256: 581bfb791a74114e95306054d9668a80143a21e9a41328360503f5b6b09c2a9b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/meta/metamask-staging-2.webflow.css
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Content-Length: 44544
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:16 GMT
ETag: "ae00-5e993f1065f75"
Accept-Ranges: bytes
Vary: Accept-Encoding


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size:   44544
Md5:    9024d0bf73943172297c4628d0054e20
Sha1:   36c3795e7b297d06589e15ef59592683d9ed0974
Sha256: 88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/bframe.html HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:46 GMT
Last-Modified: Mon, 26 Sep 2022 12:48:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63319f8d-2e07"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3186)
Size:   4069
Md5:    2f10cabca6c2651a48e260c0d202396c
Sha1:   ab25f083f7bb312f750fd2a372d0e2990bdf9525
Sha256: 7a7ff60899394d6467d0904d3c0cb7be8979f1ee27fe46e1749653b19648b74a

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 10:40:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://servicemeto91.zzux.com
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Wed, 28 Sep 2022 10:40:46 GMT
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size:   1621
Md5:    c90524d6a02b27addb56c350fe6fbb2d
Sha1:   d713d1b53323c0169ffe0649be8c9d04a189f999
Sha256: 4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 10:40:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /icon?family=Material+Icons HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 10:40:44 GMT
date: Wed, 28 Sep 2022 10:40:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   898
Md5:    c6ac266f83938a8f3cc70ca4b701046d
Sha1:   b7604898eb5d64766cf2082e5d4e22949f55c725
Sha256: 6cfc69d3d42333f55297749dee9ccff3055af3c8f362bf795974adad2d55b22b
                                        
                                            GET /meta/styles__ltr.css HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/meta/bframe.html
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:46 GMT
Last-Modified: Mon, 26 Sep 2022 12:48:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63319f9f-cc90"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (52368), with no line terminators
Size:   24092
Md5:    ebdf18f77541c94124d305c6995475cb
Sha1:   7d3de2b58de6e2aeb9ab5a73254829544e7fe24d
Sha256: db4b6017d7f9a8c675bfa68021f3eeb0246016de004efc8e28a23b97df0da71e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /metamask.io/images/webclip.png HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/authen
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:46 GMT
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   557
Md5:    d7b7d0cdc7f50d4028b970a4adc1a42d
Sha1:   2b3f25b5de65feee879d8da596250f55d050163b
Sha256: 4d78f11501b99f3ea1d0a1079bba04b9da57ef67ebd82d1da726723eaf875614

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/hero2.4.png HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/meta/metamask-staging-2.webflow.css
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:45 GMT
Content-Length: 589568
Last-Modified: Mon, 26 Sep 2022 12:48:19 GMT
Connection: keep-alive
ETag: "63319f93-8ff00"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 1752 x 1452, 8-bit/color RGBA, non-interlaced\012- data
Size:   589568
Md5:    d0ec70f4c666fbf6ad0d30a52d08c5c9
Sha1:   e48f0688bc4f592824840478d12c05df0dd12002
Sha256: 3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/recaptcha__nl.js.download HTTP/1.1 
Host: servicemeto91.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/meta/bframe.html
Cookie: cazanova=95pq67s1so6madstbhisd156fh9rr25f

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 10:40:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 12:48:27 GMT
ETag: "56577-5e993f1b1b303-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (820)
Size:   137504
Md5:    2128869002ee143c12253efdafd190a4
Sha1:   9781a8b2fa7342367a7ef81a70ad7234ad6505bb
Sha256: bb787fc0dfa0c02a27b4e75825e9c4e0839637f02fda1b60b645719bbfad663b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://servicemeto91.zzux.com
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15344
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 26 Sep 2022 20:06:20 GMT
Expires: Tue, 26 Sep 2023 20:06:20 GMT
Cache-Control: public, max-age=31536000
Age: 138867
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size:   15344
Md5:    5d4aeb4e5f5ef754e307d7ffaef688bd
Sha1:   06db651cdf354c64a7383ea9c77024ef4fb4cef8
Sha256: 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
                                        
                                            GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://servicemeto91.zzux.com
Connection: keep-alive
Referer: http://servicemeto91.zzux.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 23 Sep 2022 16:38:48 GMT
Expires: Sat, 23 Sep 2023 16:38:48 GMT
Cache-Control: public, max-age=31536000
Age: 410519
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size:   15552
Md5:    285467176f7fe6bb6a9c6873b3dad2cc
Sha1:   ea04e4ff5142ddd69307c183def721a160e0a64e
Sha256: 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7