Overview

URL retwer.draydns.de/recover
IP45.58.52.43
ASNHostUS
Location United States
Report completed2022-07-06 21:33:50 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Added / Verified Severity Host Comment
2022-07-06 2 retwer.draydns.de/recover Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/authen Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
2022-07-06 2 retwer.draydns.de/ Crypto/Wallet
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-07-06 2 retwer.draydns.de/recover Phishing
2022-07-06 2 retwer.draydns.de/ Phishing
2022-07-06 2 retwer.draydns.de/authen Phishing
2022-07-06 2 retwer.draydns.de/meta/enterprise.js.download Phishing
2022-07-06 2 retwer.draydns.de/meta/js Phishing
2022-07-06 2 retwer.draydns.de/meta/jquery-3.5.1.min.dc5e7f18c8.js.download Phishing
2022-07-06 2 retwer.draydns.de/meta/storage.secure.min.js.download Phishing
2022-07-06 2 retwer.draydns.de/meta/plx.chock.js Phishing
2022-07-06 2 retwer.draydns.de/meta/css.html Phishing
2022-07-06 2 retwer.draydns.de/meta/jsonp Phishing
2022-07-06 2 retwer.draydns.de/meta/webfont.js.download Phishing
2022-07-06 2 retwer.draydns.de/meta/mm-logo.svg Phishing
2022-07-06 2 retwer.draydns.de/meta/EuclidCircularB-Bold-WebXL.woff2 Phishing
2022-07-06 2 retwer.draydns.de/meta/webflow.js.download Phishing
2022-07-06 2 retwer.draydns.de/meta/EuclidCircularB-Regular-WebXL.woff2 Phishing
2022-07-06 2 retwer.draydns.de/meta/bframe.html Phishing
2022-07-06 2 retwer.draydns.de/meta/recaptcha__nl.js.download Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.65
[Mnemonic Passive DNS] www.gstatic.com (1) 0 2015-06-20 09:50:55 UTC 2015-11-29 15:55:55 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] retwer.draydns.de (25) 0 No data No data 45.58.52.43 Unknown ranking
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-07-06 19:05:02 UTC 93.184.220.29
[Mnemonic Passive DNS] ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-07-06 04:42:12 UTC 142.250.74.3
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-07-06 04:47:23 UTC 35.166.180.72
[Mnemonic Passive DNS] fonts.googleapis.com (1) 8877 2017-01-30 04:59:43 UTC 2019-10-16 05:12:41 UTC 142.250.74.10
[Mnemonic Passive DNS] r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-07-06 04:41:34 UTC 23.36.76.226
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-07-06 04:55:23 UTC 54.230.111.7
[Mnemonic Passive DNS] fonts.gstatic.com (4) 0 2017-01-30 04:59:51 UTC 2022-07-06 04:41:59 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-07-06 17:02:11 UTC 34.120.237.76


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 45.58.52.43

Date UQ / IDS / BL URL IP
2022-07-07 15:23:55 +0000
0 - 0 - 42 retwer.draydns.de/authen 45.58.52.43
2022-07-07 01:44:20 +0000
0 - 0 - 40 retwer.draydns.de/ 45.58.52.43
2022-07-07 01:43:51 +0000
0 - 0 - 42 retwer.draydns.de/recover 45.58.52.43
2022-07-06 21:34:24 +0000
0 - 0 - 40 retwer.draydns.de/ 45.58.52.43
2022-07-06 18:38:03 +0000
0 - 0 - 39 retwer.draydns.de/ 45.58.52.43
2022-07-06 18:37:32 +0000
0 - 0 - 42 retwer.draydns.de/recover 45.58.52.43
2022-07-06 15:44:05 +0000
0 - 0 - 40 retwer.draydns.de/ 45.58.52.43
2022-07-06 15:43:33 +0000
0 - 0 - 42 retwer.draydns.de/recover 45.58.52.43
2022-07-06 11:27:35 +0000
0 - 0 - 8 https://updaterbfcu.draydns.de/?_branch_match (...) 45.58.52.43
2022-07-06 11:27:05 +0000
0 - 0 - 7 https://updaterbfcu.draydns.de/?_branch_match (...) 45.58.52.43

Last 10 reports on ASN: HostUS

Date UQ / IDS / BL URL IP
2022-08-18 02:19:49 +0000
0 - 0 - 1 unaux.com/ 103.11.64.176
2022-08-17 19:44:02 +0000
2 - 0 - 1 themontijoteammortgage.com/scc/ 210.16.121.15
2022-08-16 21:34:51 +0000
3 - 0 - 1 thirdhalfbrewing.com/anonymxx/adobe-3D6/ 210.16.121.15
2022-08-16 09:22:00 +0000
0 - 0 - 3 greaterneveda2147.diskstation.org/ 210.16.120.57
2022-08-16 08:42:41 +0000
0 - 0 - 2 https://pendingverify.dyn-vpn.de/mountain-ame (...) 104.128.239.149
2022-08-15 06:48:42 +0000
3 - 0 - 1 https://thirdhalfbrewing.com/anonymxx/adobe-3D6/ 210.16.121.15
2022-08-14 23:26:28 +0000
0 - 0 - 1 unaux.com/ 103.11.64.176
2022-08-14 07:50:39 +0000
2 - 0 - 1 afrislayblm.com/scc 45.58.56.191
2022-08-13 08:00:00 +0000
0 - 0 - 2 wendyxxszz.dynvpn.de/keyxbnk/verify.php 104.128.239.149
2022-08-13 07:59:40 +0000
0 - 0 - 2 wendyxxszz.dynvpn.de/keyxbnk/ 104.128.239.149

Last 8 reports on domain: retwer.draydns.de

Date UQ / IDS / BL URL IP
2022-07-07 15:23:55 +0000
0 - 0 - 42 retwer.draydns.de/authen 45.58.52.43
2022-07-07 01:44:20 +0000
0 - 0 - 40 retwer.draydns.de/ 45.58.52.43
2022-07-07 01:43:51 +0000
0 - 0 - 42 retwer.draydns.de/recover 45.58.52.43
2022-07-06 21:34:24 +0000
0 - 0 - 40 retwer.draydns.de/ 45.58.52.43
2022-07-06 18:38:03 +0000
0 - 0 - 39 retwer.draydns.de/ 45.58.52.43
2022-07-06 18:37:32 +0000
0 - 0 - 42 retwer.draydns.de/recover 45.58.52.43
2022-07-06 15:44:05 +0000
0 - 0 - 40 retwer.draydns.de/ 45.58.52.43
2022-07-06 15:43:33 +0000
0 - 0 - 42 retwer.draydns.de/recover 45.58.52.43


JavaScript

Executed Scripts (14)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (52)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.65
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 06 Jul 2022 20:56:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Gj7U-vtRM3A8o_46m6e5cQgQgevlQ-B3vAiOumgOiQjtcP_6L9CxFg==
Age: 2242


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5CA12512DFBE8A007255191678A4ECD570026D865AE741C0D3025D8FE1A58659"
Last-Modified: Mon, 04 Jul 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2997
Expires: Wed, 06 Jul 2022 22:23:34 GMT
Date: Wed, 06 Jul 2022 21:33:37 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Tue, 21 Jun 2022 12:10:22 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 06 Jul 2022 03:26:46 GMT
etag: "581454acdd98f34fd3fbabd0977ade29"
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VdkHu31bBsOEztfZWbKI3cE9YfoH7JfBd8Pa3Wue6vMDFVCnX2ZubA==
age: 65212
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    581454acdd98f34fd3fbabd0977ade29
Sha1:   d8d86c0b513137aeb85de01cea7b272c35eb6ab4
Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 21:33:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /recover HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.58.52.43
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:38 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47; expires=Wed, 06-Jul-2022 23:33:38 GMT; Max-Age=7200; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://retwer.draydns.de/


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.65
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Content-Type, Last-Modified, Alert, Backoff, Pragma, Expires, Content-Length, Cache-Control
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2022 20:34:56 GMT
Cache-Control: max-age=3600
Expires: Wed, 06 Jul 2022 21:04:06 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: fA4g5l1YqU0kqCH8_UxLybxM_Jipas3DiNLnm4xPsiXT2jNK7Z1hfw==
Age: 3522


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET / HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47
Upgrade-Insecure-Requests: 1

                                         
                                         45.58.52.43
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:38 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://retwer.draydns.de/authen


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /authen HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47
Upgrade-Insecure-Requests: 1

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:38 GMT
Content-Length: 5807
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (523)
Size:   5807
Md5:    3ff1791c27c981cef8e036cfb9c9a01e
Sha1:   f7dc789b29e54fd8c2ef760ac56ae21c052dbdc9
Sha256: 10f43c3c8d92216773eea3b0b3d8ccf2f696277a6efffef1b31dd7cc121e42f9

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4186
Cache-Control: 'max-age=158059'
Date: Wed, 06 Jul 2022 21:33:39 GMT
Last-Modified: Wed, 06 Jul 2022 20:23:53 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 21:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /meta/webflow.css HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Last-Modified: Mon, 04 Jul 2022 15:12:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62c30355-98c5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (2587)
Size:   9290
Md5:    df537de16df2e7abb3a9474300085194
Sha1:   19823a9c07322292173a31cbb15faed3cb97855a
Sha256: c808edb13043989f1d4f886fa1f0e1a3aaa472f0d8a229f74429b04c13c08813

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            GET /meta/normalize.css HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Last-Modified: Mon, 04 Jul 2022 15:12:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62c30341-1e5c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   2659
Md5:    b165f8d0baec3b8976de14634861b941
Sha1:   f7eabfa6844712979ef5e274f275c5be39fdc86f
Sha256: 91404eaa9c2b59e842d6694c3bb2128e21253a1780a4a75e33571ed659bd4d8e

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 21:33:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WyG7oLA1zKWGj9+ArzdeNg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.166.180.72
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 13Ln6gOKKmFWIuVfhDT0zRtnLdo=

                                        
                                            GET /meta/enterprise.js.download HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 614
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:11:38 GMT
ETag: "3f0-5e2fc2715ea3c-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1008), with no line terminators
Size:   614
Md5:    533554dfe842696d43cbbe1be26c9d4b
Sha1:   4bc96c1c9afdca5fddb20c7b172a13afa5cb46e4
Sha256: f480ee9ffad021062c3251c62acf39842c0fa7e71c7dccdd91ee30524fccb84d

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/metamask-staging-2.webflow.css HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Last-Modified: Mon, 04 Jul 2022 15:11:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62c3033f-22adb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   17621
Md5:    86ed5c43bcc35cee708393d812a5c842
Sha1:   ac66037f44aa618e88099322852936d3e1318afe
Sha256: df01bd9c7ea82c575f395792b2e5e2b898afc72609cbd067a47144576964ea2a

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            GET /meta/js HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 35327
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:11:55 GMT
ETag: "168a5-5e2fc28185730-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1815)
Size:   35327
Md5:    538830958289d9161b34e9b6f0f72488
Sha1:   c516269bf9a738cef82ace7c0525f41a93b2fb75
Sha256: c0662c29101a79a0c5d62b273cb34b4fa830081d61722e32ec32205f2defd190

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 30910
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:11:52 GMT
ETag: "15d84-5e2fc27e204cb-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30910
Md5:    888c5fa4504182a0224b264a1fda0e73
Sha1:   65f058a7dead59a8063362241865526eb0148f16
Sha256: 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/storage.secure.min.js.download HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 13194
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:12:12 GMT
ETag: "96a2-5e2fc2912c53a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (38562), with no line terminators
Size:   13194
Md5:    79e7d68549291cc082c85f94b73ee13c
Sha1:   e065402b005d2fd7105c9a12adf961a58a4deb96
Sha256: 0adedf6a93b53bc365a213c28a4b10d8af539d8fe55c283cbd3c532a0bc0875a

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/plx.chock.js HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Last-Modified: Mon, 04 Jul 2022 15:12:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62c30344-d41"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   311
Md5:    bc6a4fa1a731b1746c1d21f104bd6064
Sha1:   865b9fd0868954c03f838366eb2449bab5d388d6
Sha256: d88bca135a10c80b24a4185a4a08f209c151d82c946a9327ef58590fa12e211b

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/css.html HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 684
Last-Modified: Mon, 04 Jul 2022 15:11:36 GMT
Connection: keep-alive
ETag: "62c30328-2ac"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   684
Md5:    147429fb2ddc3861e2ae0f473f17d78e
Sha1:   f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
Sha256: 25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/jsonp HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:11:56 GMT
ETag: "43f6e-5e2fc2828a31b-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   87424
Md5:    b8763d07178c652db17cb681eb21cbf8
Sha1:   e2c34d4bfbd1fb7515ac879781deffb638ad9cad
Sha256: 415f8c95aabc4f7af332ae9060179be3606991c2832a4f442d4c746ff1c80740

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/webfont.js.download HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 5415
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:12:25 GMT
ETag: "3384-5e2fc29dc8dff-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2134)
Size:   5415
Md5:    3fce8a085ab686f338e296d255f36db1
Sha1:   2da74358f4d36675c1bfa6ee5ee489e6e54bf401
Sha256: 9f9bbf22ba311465b6bb4c6944f94e2b97caea58227fafef64cf18b9181099c6

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /css?family=Changa+One:400,400italic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/

                                         
                                         142.250.74.10
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 06 Jul 2022 21:33:39 GMT
Date: Wed, 06 Jul 2022 21:33:39 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text
Size:   301
Md5:    7fb212f619185f162769684274cb1dfe
Sha1:   414b678cfcbcd25c44569e72369a8218bea8756d
Sha256: d53161ae9523414449dd0f7083f66fda679084bac2cb18a92b884a43616c1fd5
                                        
                                            GET /meta/mm-logo.svg HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Last-Modified: Mon, 04 Jul 2022 15:12:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62c30341-2ef3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size:   3369
Md5:    fe5cd5ed43a0fad22921e5ccf7f227e1
Sha1:   700b6b72c9bf320bb0412e17de6d7bc0b8d55888
Sha256: 2043092e404254e6b01d4ba210ae0b703c5364d0c7404c5f0dd4853b58bc2872

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/wpp.gif HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 3877
Last-Modified: Mon, 04 Jul 2022 15:12:28 GMT
Connection: keep-alive
ETag: "62c3035c-f25"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 87a, 470 x 40\012- data
Size:   3877
Md5:    941648b845842a709da73e24652cf8a4
Sha1:   099e5f97e602d026c51537c9b45328dc99261d7c
Sha256: 2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://retwer.draydns.de
Connection: keep-alive
Referer: http://fonts.googleapis.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 7900
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 01 Jul 2022 16:59:43 GMT
Expires: Sat, 01 Jul 2023 16:59:43 GMT
Cache-Control: public, max-age=31536000
Age: 448436
Last-Modified: Thu, 21 Apr 2022 17:15:19 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size:   7900
Md5:    61e86e7a20ecf3ba181ca4b9a9a1cdbd
Sha1:   482a65cffc69109af26669d64accbef71db3b836
Sha256: fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18
                                        
                                            GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://retwer.draydns.de
Connection: keep-alive
Referer: http://fonts.googleapis.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 8404
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 06 Jul 2022 09:17:29 GMT
Expires: Thu, 06 Jul 2023 09:17:29 GMT
Cache-Control: public, max-age=31536000
Age: 44170
Last-Modified: Thu, 21 Apr 2022 17:15:41 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size:   8404
Md5:    141119ae119bf7ca75e10ef82f66e442
Sha1:   adebf435aa078db3c116cb9faae15f2ad81d3ac5
Sha256: c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff
                                        
                                            GET /meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://retwer.draydns.de/meta/metamask-staging-2.webflow.css
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 44544
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:11:42 GMT
ETag: "ae00-5e2fc274dc343"
Accept-Ranges: bytes
Vary: Accept-Encoding


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size:   44544
Md5:    9024d0bf73943172297c4628d0054e20
Sha1:   36c3795e7b297d06589e15ef59592683d9ed0974
Sha256: 88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/webflow.js.download HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:12:27 GMT
ETag: "92c10-5e2fc2a027538-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (50020)
Size:   147184
Md5:    c4b0095b01ed8f86df80e43a2b91d041
Sha1:   c79105b1702e8db781c136b44bff3e26ba72cc36
Sha256: 581bfb791a74114e95306054d9668a80143a21e9a41328360503f5b6b09c2a9b

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://retwer.draydns.de/meta/metamask-staging-2.webflow.css
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 45196
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:11:46 GMT
ETag: "b08c-5e2fc278a8dee"
Accept-Ranges: bytes
Vary: Accept-Encoding


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size:   45196
Md5:    2d75957df3bb3aa6ed84f6591b0d5a1a
Sha1:   906424e75625f63b0188471067065794d0348536
Sha256: 8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /meta/bframe.html HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47
Upgrade-Insecure-Requests: 1

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:40 GMT
Last-Modified: Mon, 04 Jul 2022 15:11:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62c30326-2e07"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3186)
Size:   4069
Md5:    2f10cabca6c2651a48e260c0d202396c
Sha1:   ab25f083f7bb312f750fd2a372d0e2990bdf9525
Sha256: 7a7ff60899394d6467d0904d3c0cb7be8979f1ee27fe46e1749653b19648b74a

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 21:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /metamask.io/images/favicon.png HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:40 GMT
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   557
Md5:    d7b7d0cdc7f50d4028b970a4adc1a42d
Sha1:   2b3f25b5de65feee879d8da596250f55d050163b
Sha256: 4d78f11501b99f3ea1d0a1079bba04b9da57ef67ebd82d1da726723eaf875614

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            GET /metamask.io/images/webclip.png HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/authen
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:40 GMT
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   557
Md5:    d7b7d0cdc7f50d4028b970a4adc1a42d
Sha1:   2b3f25b5de65feee879d8da596250f55d050163b
Sha256: 4d78f11501b99f3ea1d0a1079bba04b9da57ef67ebd82d1da726723eaf875614

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            GET /meta/styles__ltr.css HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/meta/bframe.html
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:40 GMT
Last-Modified: Mon, 04 Jul 2022 15:12:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62c3034f-cc90"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (52368), with no line terminators
Size:   24092
Md5:    ebdf18f77541c94124d305c6995475cb
Sha1:   7d3de2b58de6e2aeb9ab5a73254829544e7fe24d
Sha256: db4b6017d7f9a8c675bfa68021f3eeb0246016de004efc8e28a23b97df0da71e

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7702
Expires: Wed, 06 Jul 2022 23:42:02 GMT
Date: Wed, 06 Jul 2022 21:33:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7702
Expires: Wed, 06 Jul 2022 23:42:02 GMT
Date: Wed, 06 Jul 2022 21:33:40 GMT
Connection: keep-alive

                                        
                                            GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://retwer.draydns.de
Connection: keep-alive
Referer: http://retwer.draydns.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 404 Not Found
                                        
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Wed, 06 Jul 2022 21:33:40 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size:   1621
Md5:    c90524d6a02b27addb56c350fe6fbb2d
Sha1:   d713d1b53323c0169ffe0649be8c9d04a189f999
Sha256: 4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7702
Expires: Wed, 06 Jul 2022 23:42:02 GMT
Date: Wed, 06 Jul 2022 21:33:40 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7702
Expires: Wed, 06 Jul 2022 23:42:02 GMT
Date: Wed, 06 Jul 2022 21:33:40 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb6c586-bb86-4a54-bd48-f2b5da763e74.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7117
x-amzn-requestid: 7cfe344b-f098-4260-bb50-6574786e6ee2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BW8HnbIAMFkrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4af5f-14a960ac060d2d120cb0ad7c;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:38:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0F6ZVkqKywgjh9Qa1DJw_-rdOLcc1tzEll0J58NeawksoIu9nY1a-g==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:52:41 GMT
age: 85259
etag: "01efbdf6b2ab79332bf6a22d36472e294732aa17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7117
Md5:    b4ead2bdcbc998a5685d65a26e40ce1a
Sha1:   01efbdf6b2ab79332bf6a22d36472e294732aa17
Sha256: 04399a91345db4f89bdbbb9ddb30db0f2a0c29654491b38bb1a30bd40c4f3e48
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde8f4008-69f3-4766-a957-006ebc39d2e4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 9047
x-amzn-requestid: 8e0eccf9-7f3e-4333-a5d7-a35dd0e068eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BU0HNmoAMFaQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4af51-1d81f8e10200694125ede95f;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:38:25 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: p01XdrlrorzmgxXBsOJnDXZr2H4NK0kTKLw9EwA5gpq_BlyCwaub2A==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:50:18 GMT
age: 85402
etag: "7aa6cd994a565c8b6832d48c1e36b17f33621e90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9047
Md5:    bb2f16af747cd633f71de1966771b532
Sha1:   7aa6cd994a565c8b6832d48c1e36b17f33621e90
Sha256: b61a354007e630a3be3ae0c2c2336d3dd71cec02eab7b4234ebb40f69561acf0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1720044-e013-44e2-84e3-3257a39ccd02.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5911
x-amzn-requestid: fe59dc2c-e538-4a53-89cc-124a1ef18ae4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0B0QFbBoAMFrYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4b01b-52093f724a31401a2104b0ea;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:41:47 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5m4ltu42g95fcokh1RQ05zAj4rSzrTZqqZKzaG6LwUvFVc3DqXsIqw==
via: 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:50:40 GMT
age: 85380
etag: "207e445452ff97110a4c9edd38bc8933f70fd71e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5911
Md5:    3d1458480bd23c2411fa6de7ae666502
Sha1:   207e445452ff97110a4c9edd38bc8933f70fd71e
Sha256: c29b4c3afdf7843b5f26688ed8dee581ec08c767569f3f0a99c3b22f9825a966
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F431f287f-9907-47aa-be38-0ff4e6db75fc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8553
x-amzn-requestid: 2c1e16d1-357b-493e-bcf7-b4de1a34757f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Utd8tEKYIAMFbmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c21051-7382cb3050c6f13d70dd3706;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 21:55:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9b-i6Ono7HZPLnQTZVWjd00ihgjD2qR-Meg1fdOa2d-SXIITlOM4yw==
via: 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 13:49:18 GMT
age: 27862
etag: "303f4efaa9b98e39a935fc6514d3731d40d2977c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8553
Md5:    e6f97e6b64100081e8bed56216564854
Sha1:   303f4efaa9b98e39a935fc6514d3731d40d2977c
Sha256: 92dd803f1633bd65a2b4ac3223d8aa93dd55ed64c74b338aff62323585a3623c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a269baa-7158-4db8-9b1d-e4e22ec22920.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6711
x-amzn-requestid: 5b99a31c-9224-4862-a43f-544d6fa3dbdd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BHsEkmIAMFg_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4aefd-571078525a01c4dc72c6ed22;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:37:01 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8xhNMjh4EBZQrViDk4PaxV5Tk_sBuZ1BGRuVGtAVAGie72R16hmoAA==
via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:37:02 GMT
etag: "b06f33b2742c3c6de4a449f4227d85e6268bafce"
content-type: image/jpeg
age: 86198
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6711
Md5:    d82ae97bb9569fa288a23c3380a4f4ef
Sha1:   b06f33b2742c3c6de4a449f4227d85e6268bafce
Sha256: e99961f561aaa3ded5fd1c19ce10505a7d016d5d67bbbef5caebad09ba233b56
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc072e61d-3b9b-4f2d-acc8-d26a8adf968d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 12165
x-amzn-requestid: 796ca673-2ab5-4bd9-b4f1-d2c250c34e3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BWXH-HoAMFhkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4af5b-51c7abd54a523a1f479a7d5b;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:38:35 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _-zkK-6DIfDVDzXmTOTigF2tM4pfh19MReGO_X26eRhLNFGL3Jc9Aw==
via: 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:50:29 GMT
age: 85391
etag: "604b4cc5d50ca494df1de2ab8baa486da20d1e4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12165
Md5:    29949330f4dc3b69747d5534e745fde3
Sha1:   604b4cc5d50ca494df1de2ab8baa486da20d1e4e
Sha256: b98faa2080573124f84254a2f87df3631f257e9a040cf34ebe267a1784d4b954
                                        
                                            GET /meta/hero2.4.png HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/meta/metamask-staging-2.webflow.css
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:39 GMT
Content-Length: 589568
Last-Modified: Mon, 04 Jul 2022 15:11:48 GMT
Connection: keep-alive
ETag: "62c30334-8ff00"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 1752 x 1452, 8-bit/color RGBA, non-interlaced\012- data
Size:   589568
Md5:    d0ec70f4c666fbf6ad0d30a52d08c5c9
Sha1:   e48f0688bc4f592824840478d12c05df0dd12002
Sha256: 3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 21:33:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /meta/recaptcha__nl.js.download HTTP/1.1 
Host: retwer.draydns.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retwer.draydns.de/meta/bframe.html
Cookie: cazanova=1u37l4dkergb6389ia6ldrabflauho47

                                         
                                         45.58.52.43
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 06 Jul 2022 21:33:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 04 Jul 2022 15:12:09 GMT
ETag: "56577-5e2fc28ea4dbf-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (820)
Size:   137504
Md5:    2128869002ee143c12253efdafd190a4
Sha1:   9781a8b2fa7342367a7ef81a70ad7234ad6505bb
Sha256: bb787fc0dfa0c02a27b4e75825e9c4e0839637f02fda1b60b645719bbfad663b

Alerts:
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://retwer.draydns.de
Connection: keep-alive
Referer: http://retwer.draydns.de/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15344
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 05 Jul 2022 16:38:45 GMT
Expires: Wed, 05 Jul 2023 16:38:45 GMT
Cache-Control: public, max-age=31536000
Age: 104095
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size:   15344
Md5:    5d4aeb4e5f5ef754e307d7ffaef688bd
Sha1:   06db651cdf354c64a7383ea9c77024ef4fb4cef8
Sha256: 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
                                        
                                            GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://retwer.draydns.de
Connection: keep-alive
Referer: http://retwer.draydns.de/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 01 Jul 2022 16:30:23 GMT
Expires: Sat, 01 Jul 2023 16:30:23 GMT
Cache-Control: public, max-age=31536000
Age: 450197
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size:   15552
Md5:    285467176f7fe6bb6a9c6873b3dad2cc
Sha1:   ea04e4ff5142ddd69307c183def721a160e0a64e
Sha256: 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7