edithriewer.de/wp-admin/santa/clients/login.php
301 Moved Permanently 263 B URL HTTP/1.1 edithriewer.de/wp-admin/santa/clients/login.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 812dce96f7399cec666f6587f5645b0a
846fda9a6ebf3fd5453ca8b4a49105938de0af3b
f6339e3191968cc89f96c756c2e71394f2d1d6f406a2030b63829e3b3910f756
Analyzer Verdict Alert openphish Grupo Santander
fortinet Phishing
GET /wp-admin/santa/clients/login.php HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 10 Mar 2023 22:55:43 GMT
Server: Apache/2.4.55 (Unix)
Location: https://edithriewer.de/wp-admin/santa/clients/login.php
Content-Length: 263
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 88c2e33504e05b0bc2b7a3502d6a79bb
23881a1edb8d8ff3dc2192d25792a59fa2c96088
dfbfefeab7d314e54f5e5f2e48ba645817da6dee3ee2bc5abdbaac81b8dc66e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFBFEFEAB7D314E54F5E5F2E48BA645817DA6DEE3EE2BC5ABDBAAC81B8DC66E7"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4640
Expires: Sat, 11 Mar 2023 00:13:04 GMT
Date: Fri, 10 Mar 2023 22:55:44 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9ce33c47154f4826255fe9bbe54d72be
e10a363c007a6d15ed43eb35b4e5c246d85c5eed
cf423db1a8ad1dce1b5c25f6025d14411b4a46e95a6001288949f046e244bc24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF423DB1A8AD1DCE1B5C25F6025D14411B4A46E95A6001288949F046E244BC24"
Last-Modified: Fri, 10 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12286
Expires: Sat, 11 Mar 2023 02:20:30 GMT
Date: Fri, 10 Mar 2023 22:55:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Backoff, Alert, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 10 Mar 2023 22:41:15 GMT
content-type: application/json
age: 869
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 33723bd3cb2d70f8f86442863df61ec1
ee9f60025e885c09ff570c4e8f641bcc25ff83f0
dc794aeea289e16c4f217e2e3379cc434b6071badbf9ab6d64884707eafee538
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DC794AEEA289E16C4F217E2E3379CC434B6071BADBF9AB6D64884707EAFEE538"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11942
Expires: Sat, 11 Mar 2023 02:14:46 GMT
Date: Fri, 10 Mar 2023 22:55:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xteydrYoo4Kezxa3HQxH30EpbbfrwRtfSbh9OGdjRt48+1xYA8rKmbHUeWOtQPyNBVeZk9Wnc5A=
x-amz-request-id: VKTX60A3GH56B7RM
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 10 Mar 2023 22:45:19 GMT
age: 625
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 Mar 2023 22:55:44 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 727 B IP
Hash d1ada6b8a7bea8afc37ba57500c77a4d
0948e22c24e67daaa5ac91bfec96e8e898144de7
2169c678ce20d1eae7c5b30783a77610102740dfcdc92784213a05208af6095a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 10 Mar 2023 22:55:44 GMT
Server: ECAcc (amb/6B35)
Content-Length: 727
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 10 Mar 2023 22:12:31 GMT
age: 2593
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d960a8d21b339ab0d7987e3b1eb16fdc
08d4430c549151295ee4e1dc8f24dbd3d9456b0b
522b75aa714f87a716a9a693a7c3ed1cab6e5b1725f20a67df46dec2967b5960
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "522B75AA714F87A716A9A693A7C3ED1CAB6E5B1725F20A67DF46DEC2967B5960"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5550
Expires: Sat, 11 Mar 2023 00:28:14 GMT
Date: Fri, 10 Mar 2023 22:55:44 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SR2bpXgYHO0UP1kWm4WatQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9mj49j6xNwudPMc1m8ePy3J4W8U=
edithriewer.de/wp-admin/santa/clients/login.php
200 OK 9.2 kB URL HTTP/2 edithriewer.de/wp-admin/santa/clients/login.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 90b51f92b3899feffd564bbb984f7f21
13370321f6b97ef2aa9dea93d60df2260a24d264
53ddae84001448e24a66db8ea682146d53bf887efd9d206904906dbdaca14de0
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
openphish Grupo Santander
fortinet Phishing
GET /wp-admin/santa/clients/login.php HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 10 Mar 2023 22:55:44 GMT
server: Apache/2.4.54 (Unix)
x-powered-by: PHP/7.3.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html
set-cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la; path=/
content-length: 9248
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
200 OK 2.4 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (8392)
Hash 5fa1a60087fef53b1c0c4f4d6014f684
361a5d6829ec17ebf82571f3b20bd472ab4b0141
43c8409c5dc3b3b21b12068ca0089744c14770ba7f316dfb704b4104cb951bef
GET /ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 10 Mar 2023 22:55:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 2420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-210b"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4381246
expires: Wed, 28 Feb 2024 22:55:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tLRMlWEhj3sjAa92bbiyY0P6ZcZvd%2BWliafQCABFGg%2FZVx3iBgjz9JMauj2r88AuakyDqlaoG2ns%2B5L79luvCj6Dodmz9dQa9QPQDwIB0bvmiHdXrjAGHjAoxRHiuBPks%2FAirQ6Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7a5f25a4edc2b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js
200 OK 362 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js
IP
File type ASCII text, with very long lines (65350)
Size 362 kB (362308 bytes)
Hash 62bb7903fab88f2eb3e614bd662f4c72
7e404419744e5b1a842e50a344c6ac6f24753118
2fcdd5f98d838b1440e4101dc63a2a77881e9474fa52577f54f9407b61e418b6
GET /ajax/libs/font-awesome/5.15.1/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 10 Mar 2023 22:55:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 362308
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7b5b5f-123bd0"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7355834
expires: Wed, 28 Feb 2024 22:55:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7p6SahfP1aMtAWGql79WBQ9mfHpAj9jDWSG2ixJDqYMx1VbUYq69TkLeEDbVjAcf9ndJg5RXE7CtbzJ7v1GRLgl%2BKmKOSMRNnZav7rEcgQXMXe79%2Fyfw7R7%2FK%2F5Hf1EjSUMMfX9W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7a5f25a4edd6b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/css/helpers.css
200 OK 42 kB URL HTTP/2 edithriewer.de/wp-admin/santa/assets/css/helpers.css
IP
File type ASCII text, with very long lines (41750), with CRLF line terminators
Hash fd877f138d23d5a790645eb95167aec3
ee2f01ca01c5f7e6f674ad79a9fea30f78a66f2c
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/css/helpers.css HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Dec 2020 11:23:20 GMT
etag: "a318-5b58d9649fa00"
accept-ranges: bytes
content-length: 41752
content-type: text/css
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/css/fonts.css
200 OK 463 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/css/fonts.css
IP
File type ASCII text, with CRLF line terminators
Hash 09d81043131b83c25e8e531c377dd8e2
bdd9be6a615a545255dc535e06c23cc0e5ddd150
859685aa680f1e512e0a77ab793c63853330c3affa8931a033286d459a9f3d50
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/css/fonts.css HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:30:06 GMT
etag: "1cf-5d74b3b99af80"
accept-ranges: bytes
content-length: 463
content-type: text/css
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/css/style.css
200 OK 9.4 kB URL HTTP/2 edithriewer.de/wp-admin/santa/assets/css/style.css
IP
File type ASCII text, with very long lines (9393), with CRLF line terminators
Hash 7e6d6955673569318331b6dc7d23ff08
ada34fcd4d9f214b03aac439c7bc3055d6038717
acc099ac016ebc3148d3acf9534975a77814dd4eb49c1b9feb0c91e41a8eda88
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/css/style.css HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Feb 2022 02:09:48 GMT
etag: "24b3-5d77836251300"
accept-ranges: bytes
content-length: 9395
content-type: text/css
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/arrow-left.png
200 OK 273 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/arrow-left.png
IP
File type PNG image data, 10 x 8, 8-bit/color RGB, non-interlaced\012- data
Hash eafe85d25d30f1323383d12ee5aa6efb
6dc5a583ada5cd19dd69d72706400afb510b3881
f9055641eaaf830e82a6296fc5a97e1d6e7d7397c16676c802e2b1cdde5a1527
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/arrow-left.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:44:20 GMT
etag: "111-5d74b6e80b100"
accept-ranges: bytes
content-length: 273
content-type: image/png
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/keyboard.png
200 OK 549 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/keyboard.png
IP
File type PNG image data, 22 x 17, 8-bit/color RGB, non-interlaced\012- data
Hash a2db6dd689795f7eb25da1f7df906d39
2236887d03c7876081ebac4fc5191f742d0c4bf8
3d2975291bc63742fd5f2ffb9cc1dd163c8f48b914d6bcb91e3d85c50e2cca8e
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/keyboard.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:47:10 GMT
etag: "225-5d74b78a2af80"
accept-ranges: bytes
content-length: 549
content-type: image/png
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/headphone.png
200 OK 611 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/headphone.png
IP
File type PNG image data, 18 x 17, 8-bit/color RGB, non-interlaced\012- data
Hash fd50207b98758750ecbec498214533b2
f0029b4cfe76215cddef2d3df8119b2d7e006fb6
15a4a3c4fdaa2aaac1afd46e2f2948c4e4d278794f2d64c7153ff4c3d7a5a619
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/headphone.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:47:38 GMT
etag: "263-5d74b7a4dee80"
accept-ranges: bytes
content-length: 611
content-type: image/png
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/eye1.png
200 OK 683 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/eye1.png
IP
File type PNG image data, 21 x 14, 8-bit/color RGB, non-interlaced\012- data
Hash 96996dedc3f2455c9d470bab9f6ae660
3623fe7304b0117a9a21423c5870ba8bc94faca1
ee0a4e2e380448fcd276badb89b7629d62781da0efbee84bfdb26503f8e18976
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/eye1.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:45:30 GMT
etag: "2ab-5d74b72acce80"
accept-ranges: bytes
content-length: 683
content-type: image/png
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js
200 OK 22 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js
IP
File type ASCII text, with very long lines (65299)
Hash 151629f36761d6fb6d0e0330239884a6
ebb9c30e5565793e2767735f0647bdf26fed4ab5
53c395dd774b12c572c9f1b453f7903c08de32f6958d974bc5db38634a6509d6
GET /npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 10 Mar 2023 22:55:45 GMT
age: 1434905
x-served-by: cache-fra-eddf8230067-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21785
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/marker.png
200 OK 658 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/marker.png
IP
File type PNG image data, 15 x 17, 8-bit/color RGB, non-interlaced\012- data
Hash fc0cea4255452124ff3e7ee89a4253eb
86f31af61b6e6b6cce91a8cd91deadc215f22804
3cc24236a5de6964a42497d58059f13aa5b64835de52d1363865d6227f9a651a
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/marker.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:48:04 GMT
etag: "292-5d74b7bdaa900"
accept-ranges: bytes
content-length: 658
content-type: image/png
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/arrow-down.png
200 OK 217 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/arrow-down.png
IP
File type PNG image data, 16 x 9, 8-bit/color RGB, non-interlaced\012- data
Hash 1202a926043e7299bf9ef3b59560baa4
7a20a1d55b1af9e93fd31012e5f56ab7c93b1d8e
b1c796d4c1092c41d6f20861391a549a64527bec4368928e706abec5ef37329f
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/arrow-down.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:45:00 GMT
etag: "d9-5d74b70e30b00"
accept-ranges: bytes
content-length: 217
content-type: image/png
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
200 OK 24 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
File type ASCII text, with very long lines (65326)
Hash 77348602be5574ea01c6e042f63a9b12
1a0d5e8fdf352f8e58351f85152be5d141547e11
57e4cabfd2685370ba747eb1216a753a389200451202efd886758debf0d33a2a
GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 10 Mar 2023 22:55:45 GMT
age: 1434906
x-served-by: cache-fra-eddf8230071-FRA, cache-bma1682-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23906
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/js/script.js
200 OK 154 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/js/script.js
IP
File type ASCII text, with CRLF line terminators
Hash 6a88d53561e8acbb4afe27307d3d4fb9
f1922e8889b32f2c5af762bed4c596687ef28cbb
01066344ed84a8cfc6518af2398dead9ce515b86e710c4ad301049541722ddd9
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
fortinet Phishing
GET /wp-admin/santa/assets/js/script.js HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 19 Dec 2020 20:10:22 GMT
etag: "9a-5b6d6d0916780"
accept-ranges: bytes
content-length: 154
content-type: application/javascript
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
Hash 83db8901dfd894a369b4fe7dbc13644e
36848c74c2e802c211d1f08ec3442caf0507150e
049127d65bf3fd719cc40100f7cb0ea94c060762ed7ca1f31deabb759ae1bed0
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 Mar 2023 22:55:45 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "9EABFD8C56BD3E9A9335897B69969E79929E1A57"
Expires: Sat, 11 Mar 2023 10:00:00 GMT
Last-Modified: Fri, 10 Mar 2023 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1710
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a5f25a63854b4f9-OSL
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 289c60b957a8a6a09989af100a31de56
52b989681cdbccaa618d4bb7feb2e60aca1878d7
585ec9af69793a53b60877a618cc42a26ea2eb96df03883a17d03f21611f82b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 Mar 2023 22:55:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 289c60b957a8a6a09989af100a31de56
52b989681cdbccaa618d4bb7feb2e60aca1878d7
585ec9af69793a53b60877a618cc42a26ea2eb96df03883a17d03f21611f82b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 Mar 2023 22:55:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
edithriewer.de/wp-admin/santa/assets/imgs/bg.jpg
200 OK 280 kB URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/bg.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Macintosh), datetime=2019:10:23 22:17:42], progressive, precision 8, 1200x800, components 3\012- data
Size 280 kB (279946 bytes)
Hash 2723663f4d0e3df7016ef639e098ef96
2306a69fcaff103ad3d6eda1792f521c063b63f4
c3e14aabc7cfcf98c4f5743bc303e5edea12ba3c5681ec51932f6d7b56e1198f
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/bg.jpg HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/assets/css/style.css
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 21:08:26 GMT
etag: "4458a-5d74bc4b0e680"
accept-ranges: bytes
content-length: 279946
content-type: image/jpeg
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/favicon.png
200 OK 2.0 kB URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/favicon.png
IP
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 15d178e6578463fffa6002ec7f13c3fd
c20bc4b5b94db991be62432b19743d541638886b
7765a8af829d91265140999f86b0637dea8544566ae9a865bdd5b8db75c0b62f
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/favicon.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=mafbppgetc53dk42n27g0hs4la
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 07 Feb 2022 16:41:38 GMT
etag: "7c0-5d7704638f480"
accept-ranges: bytes
content-length: 1984
content-type: image/png
date: Fri, 10 Mar 2023 22:55:45 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11838
Expires: Sat, 11 Mar 2023 02:13:04 GMT
Date: Fri, 10 Mar 2023 22:55:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11838
Expires: Sat, 11 Mar 2023 02:13:04 GMT
Date: Fri, 10 Mar 2023 22:55:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11838
Expires: Sat, 11 Mar 2023 02:13:04 GMT
Date: Fri, 10 Mar 2023 22:55:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11838
Expires: Sat, 11 Mar 2023 02:13:04 GMT
Date: Fri, 10 Mar 2023 22:55:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbf8ce32-b6a5-45ba-9e92-c2a3608f32cd.jpeg
200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbf8ce32-b6a5-45ba-9e92-c2a3608f32cd.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b09543ecc9e2062e4317e7cf54d4a093
399f9968409dff806768a27289c8ad5d02dcb1db
386980163cbc27897e85396983f16fecad56e9797d08413c3735bcb498a1738a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbf8ce32-b6a5-45ba-9e92-c2a3608f32cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8109
x-amzn-requestid: 14b267bd-ca90-4593-813d-dd3448239202
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BZiBdHEfIAMFo1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6406e3a2-42e90f2f72b03b0b6d033988;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 07:11:30 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Sg4jWYQrmnqgK55SDXIXj7R2jOJ_EWF8meThYYi4tukvmoE6yQ_tiA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Mar 2023 12:48:02 GMT
age: 36464
etag: "399f9968409dff806768a27289c8ad5d02dcb1db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76ea6f1d-d65b-4550-b727-09d6d7e7fab3.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76ea6f1d-d65b-4550-b727-09d6d7e7fab3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4d9295781f434de5c7731590c186d0c
c19364899056b4283f99b30df0074ad57e367be5
d35e5d7597d510f3de4b5d84ed5e3cbe22f54e5760a4f88e6e806b7a0386d973
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76ea6f1d-d65b-4550-b727-09d6d7e7fab3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7383
x-amzn-requestid: 8ea3fffc-3018-4b8f-8286-e4bd6f8757e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BjbaIGzOoAMF1Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640ad90d-7c56ff1d305ea8cb3c2d8cdd;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 07:15:25 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: N_3qH36AsdQCYUle5th8sIU4rdDtsk9tEuxR8C2fRLBGcAZuXaBgVw==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Mar 2023 15:43:19 GMT
age: 25947
etag: "c19364899056b4283f99b30df0074ad57e367be5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ea05966-b02a-4569-ba27-0c26c0e950eb.jpeg
200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ea05966-b02a-4569-ba27-0c26c0e950eb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 15d431310c740999f15556d27a4e5750
87a321f063fd092ba018d187291e8c0442254a1c
8a6ce4b2bb2420b5c8a1a7d68e0269e0a5930f8f29f88aec2a224dceca1fe3c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ea05966-b02a-4569-ba27-0c26c0e950eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7188
x-amzn-requestid: e0a3eb8a-5035-4f0d-aebb-4e444e0af217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BlZLcEsmoAMFVaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640ba248-4a93bf4c6a4d7a906be52c08;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 21:34:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: oqrkZ1zfy-jY6kaKoQyKnNOG5ObSOTk1G0aSJ6uVEdZejoJo6NSZAA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 9adef5b1c5fc9ca80d6f4f8d19e103a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Mar 2023 21:51:59 GMT
age: 3827
etag: "87a321f063fd092ba018d187291e8c0442254a1c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8862e6d9-ae9e-41b3-99b8-5199e0faa311.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8862e6d9-ae9e-41b3-99b8-5199e0faa311.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ca9132c66e1cc7adeeb67771be595b5
d2b218ba28969154d372b56aa4268f1d1eb3766d
a4882d15f8094601afbe13b4748d17820924c078166c6218d092e2e4479f6c0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8862e6d9-ae9e-41b3-99b8-5199e0faa311.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: b34d4b4a-980c-4684-a661-cf1ad41e6371
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BZh0bGUfoAMFU8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6406e34f-59157b020964fd652b52aa26;Sampled=0
x-amzn-remapped-date: Tue, 07 Mar 2023 07:10:07 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: ZzcoLJJMO3MHViQIqaJZkUooI5KCLAtOhlU-z6I810w2hmIvMZxPOQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Mar 2023 06:29:10 GMT
age: 59196
etag: "d2b218ba28969154d372b56aa4268f1d1eb3766d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3c6b1dd-2cad-4043-95b6-4c991c7e47f1.jpeg
200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3c6b1dd-2cad-4043-95b6-4c991c7e47f1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 712efa8e618699c9856b21cbaeaca465
44e97d0159646f4de8219bf8d210ea592a1fab8a
78ae1806dccb912323e1a3de9f1eeb930496c48853d1054c161fae61cda57641
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3c6b1dd-2cad-4043-95b6-4c991c7e47f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4047
x-amzn-requestid: 8db8da69-4953-43e5-bc6e-23ff79c4ed24
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bc1CXEvtoAMF5TQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64083542-1e32c65447b0075a129f42a7;Sampled=0
x-amzn-remapped-date: Wed, 08 Mar 2023 07:12:02 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: N0pllkc9T4mf3eIrwWJWEazIa5xitAv1BkzedOOZ8Zekva6XE0vcXg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Mar 2023 07:37:44 GMT
age: 55082
etag: "44e97d0159646f4de8219bf8d210ea592a1fab8a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a3e2fcb-dbf5-4fe9-a56c-b36d9c8bdd3b.gif
200 OK 510 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a3e2fcb-dbf5-4fe9-a56c-b36d9c8bdd3b.gif
IP
File type GIF image data, version 89a, 296 x 148\012- data
Size 510 kB (509554 bytes)
Hash 8aaaf2f10ef3b4bdba0a3e87363f431a
2395f71c326974fad24daac2eae607dda08a2c26
2612bdecbf6dc5e349d69c92bd557d35b41b3672d361f343d19123d0ce72de9c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a3e2fcb-dbf5-4fe9-a56c-b36d9c8bdd3b.gif HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 509554
x-amzn-requestid: 358fb422-72a7-4e2a-b173-2f57ec2b5f51
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BfjO0HCGoAMFrrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64094bf8-2ac79d011c36a5ee28c36d64;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 03:01:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 1TTI6Q1zLECFIGqf7bmj1n-t5kWDE-fKZm3z_gCvMBm3TaOk2Ow73A==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Mar 2023 04:07:08 GMT
age: 67718
etag: "2395f71c326974fad24daac2eae607dda08a2c26"
content-type: image/gif
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91f33b7a-039c-4ff9-a128-fc51cc562d57.jpeg
200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91f33b7a-039c-4ff9-a128-fc51cc562d57.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8bd73b221ec87cd7d129eac294e074ba
dcdd31fc47f20023060e8144a1e8f7bf353bf13f
487a0b7190cc6a8df442d75fd51fff968916494e7d0a877dc756f0c338f2f520
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91f33b7a-039c-4ff9-a128-fc51cc562d57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 3611
x-amzn-requestid: fd7c9885-505c-452c-87de-fcb7d5973af3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bf1xyH6sIAMF7sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640969a4-0fd956d75509e93a21ce3f5c;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 05:07:48 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: TbEVDqma-IAbKPZq5rN8hf7BIqznErSrnWeQUmgf60y1F33SsZD0rA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 10 Mar 2023 12:50:24 GMT
age: 36329
etag: "dcdd31fc47f20023060e8144a1e8f7bf353bf13f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600;700&display=swap
IP
GET /css2?family=Poppins:wght@300;400;500;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 Mar 2023 22:55:45 GMT
date: Fri, 10 Mar 2023 22:55:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
34.160.144.191
104.17.24.14
81.169.145.149
23.36.77.32