edithriewer.de/wp-admin/santa/clients/login.php
301 Moved Permanently 263 B URL HTTP/1.1 edithriewer.de/wp-admin/santa/clients/login.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 812dce96f7399cec666f6587f5645b0a
846fda9a6ebf3fd5453ca8b4a49105938de0af3b
f6339e3191968cc89f96c756c2e71394f2d1d6f406a2030b63829e3b3910f756
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/santa/clients/login.php HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 10 Mar 2023 16:22:06 GMT
Server: Apache/2.4.55 (Unix)
Location: https://edithriewer.de/wp-admin/santa/clients/login.php
Content-Length: 263
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9ce33c47154f4826255fe9bbe54d72be
e10a363c007a6d15ed43eb35b4e5c246d85c5eed
cf423db1a8ad1dce1b5c25f6025d14411b4a46e95a6001288949f046e244bc24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF423DB1A8AD1DCE1B5C25F6025D14411B4A46E95A6001288949F046E244BC24"
Last-Modified: Fri, 10 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5532
Expires: Fri, 10 Mar 2023 17:54:18 GMT
Date: Fri, 10 Mar 2023 16:22:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 88c2e33504e05b0bc2b7a3502d6a79bb
23881a1edb8d8ff3dc2192d25792a59fa2c96088
dfbfefeab7d314e54f5e5f2e48ba645817da6dee3ee2bc5abdbaac81b8dc66e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFBFEFEAB7D314E54F5E5F2E48BA645817DA6DEE3EE2BC5ABDBAAC81B8DC66E7"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8148
Expires: Fri, 10 Mar 2023 18:37:54 GMT
Date: Fri, 10 Mar 2023 16:22:06 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1a564ae484daef6a82bb08116ad794eb
f75350abf28a42c16324901035889a1f3af700a1
225214187df3f50835a8aafcc4555fe47cf0b78938b71d34fb422942292b153b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "225214187DF3F50835A8AAFCC4555FE47CF0B78938B71D34FB422942292B153B"
Last-Modified: Fri, 10 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16200
Expires: Fri, 10 Mar 2023 20:52:06 GMT
Date: Fri, 10 Mar 2023 16:22:06 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 10 Mar 2023 16:09:03 GMT
content-type: application/json
age: 783
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dYT8fP2990Mi6fNUjmyiBx/XM0yKJe+FA6dbhEp7r9PuxFgqlz2QmWG3W9d6htkuNAwIpn5hhfA=
x-amz-request-id: E8WYV149T9XAH4JV
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 10 Mar 2023 16:18:54 GMT
age: 192
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 727 B IP
Hash d1ada6b8a7bea8afc37ba57500c77a4d
0948e22c24e67daaa5ac91bfec96e8e898144de7
2169c678ce20d1eae7c5b30783a77610102740dfcdc92784213a05208af6095a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 10 Mar 2023 16:22:06 GMT
Server: ECAcc (amb/6B53)
Content-Length: 727
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 Mar 2023 16:22:06 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Content-Length, Retry-After, Content-Type, Expires, Alert, Pragma, ETag, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 10 Mar 2023 16:03:42 GMT
age: 1104
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d960a8d21b339ab0d7987e3b1eb16fdc
08d4430c549151295ee4e1dc8f24dbd3d9456b0b
522b75aa714f87a716a9a693a7c3ed1cab6e5b1725f20a67df46dec2967b5960
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "522B75AA714F87A716A9A693A7C3ED1CAB6E5B1725F20A67DF46DEC2967B5960"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20496
Expires: Fri, 10 Mar 2023 22:03:42 GMT
Date: Fri, 10 Mar 2023 16:22:06 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7NxdF/H38UaV00ZqAAU8Jg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WFWTIfjn3ZXA1+JTyiMIIwB9U64=
edithriewer.de/wp-admin/santa/clients/login.php
200 OK 9.2 kB URL HTTP/2 edithriewer.de/wp-admin/santa/clients/login.php
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 90b51f92b3899feffd564bbb984f7f21
13370321f6b97ef2aa9dea93d60df2260a24d264
53ddae84001448e24a66db8ea682146d53bf887efd9d206904906dbdaca14de0
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
fortinet Phishing
GET /wp-admin/santa/clients/login.php HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 10 Mar 2023 16:22:06 GMT
server: Apache/2.4.54 (Unix)
x-powered-by: PHP/7.3.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html
set-cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v; path=/
content-length: 9248
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/css/fonts.css
200 OK 463 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/css/fonts.css
IP
File type ASCII text, with CRLF line terminators
Hash 09d81043131b83c25e8e531c377dd8e2
bdd9be6a615a545255dc535e06c23cc0e5ddd150
859685aa680f1e512e0a77ab793c63853330c3affa8931a033286d459a9f3d50
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/css/fonts.css HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:30:06 GMT
etag: "1cf-5d74b3b99af80"
accept-ranges: bytes
content-length: 463
content-type: text/css
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
200 OK 2.4 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (8392)
Hash 5fa1a60087fef53b1c0c4f4d6014f684
361a5d6829ec17ebf82571f3b20bd472ab4b0141
43c8409c5dc3b3b21b12068ca0089744c14770ba7f316dfb704b4104cb951bef
GET /ajax/libs/jquery.payment/3.0.0/jquery.payment.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 10 Mar 2023 16:22:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 2420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec3-210b"
last-modified: Mon, 04 May 2020 16:11:47 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4357628
expires: Wed, 28 Feb 2024 16:22:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYdHRZCAWtzkNZr5u%2Bq41vm4xqCAOlpb638MwDfQA6bkpzKH2oqJICrcSHZgGtOKugjkmZYY9ykW8kPAlMNiVUeAtBBp1yMdWIxrHsyyo8YCUR5Azv%2B0k3nmfrfUaDOO1ElPwMOX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7a5ce50b1d34067b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js
200 OK 362 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/js/all.min.js
IP
File type ASCII text, with very long lines (65350)
Size 362 kB (362308 bytes)
Hash 62bb7903fab88f2eb3e614bd662f4c72
7e404419744e5b1a842e50a344c6ac6f24753118
2fcdd5f98d838b1440e4101dc63a2a77881e9474fa52577f54f9407b61e418b6
GET /ajax/libs/font-awesome/5.15.1/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 10 Mar 2023 16:22:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 362308
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7b5b5f-123bd0"
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7332216
expires: Wed, 28 Feb 2024 16:22:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IN2hQ%2BlUCXwlSPtnurkAAbksPayhgppLyxdmoWzA%2BhNPr3onREcfru9xW%2BoauNsI30gpfcUyfT2dFBFDKD5Z7XkK9Opi1JPBHmpBQ3XsOWcWjj8GeU1iGKSEx1pFmsGNxiBsce9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7a5ce50b1d3b067b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/arrow-left.png
200 OK 273 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/arrow-left.png
IP
File type PNG image data, 10 x 8, 8-bit/color RGB, non-interlaced\012- data
Hash eafe85d25d30f1323383d12ee5aa6efb
6dc5a583ada5cd19dd69d72706400afb510b3881
f9055641eaaf830e82a6296fc5a97e1d6e7d7397c16676c802e2b1cdde5a1527
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/arrow-left.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:44:20 GMT
etag: "111-5d74b6e80b100"
accept-ranges: bytes
content-length: 273
content-type: image/png
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/arrow-down.png
200 OK 217 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/arrow-down.png
IP
File type PNG image data, 16 x 9, 8-bit/color RGB, non-interlaced\012- data
Hash 1202a926043e7299bf9ef3b59560baa4
7a20a1d55b1af9e93fd31012e5f56ab7c93b1d8e
b1c796d4c1092c41d6f20861391a549a64527bec4368928e706abec5ef37329f
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/arrow-down.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:45:00 GMT
etag: "d9-5d74b70e30b00"
accept-ranges: bytes
content-length: 217
content-type: image/png
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/keyboard.png
200 OK 549 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/keyboard.png
IP
File type PNG image data, 22 x 17, 8-bit/color RGB, non-interlaced\012- data
Hash a2db6dd689795f7eb25da1f7df906d39
2236887d03c7876081ebac4fc5191f742d0c4bf8
3d2975291bc63742fd5f2ffb9cc1dd163c8f48b914d6bcb91e3d85c50e2cca8e
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/keyboard.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:47:10 GMT
etag: "225-5d74b78a2af80"
accept-ranges: bytes
content-length: 549
content-type: image/png
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/headphone.png
200 OK 611 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/headphone.png
IP
File type PNG image data, 18 x 17, 8-bit/color RGB, non-interlaced\012- data
Hash fd50207b98758750ecbec498214533b2
f0029b4cfe76215cddef2d3df8119b2d7e006fb6
15a4a3c4fdaa2aaac1afd46e2f2948c4e4d278794f2d64c7153ff4c3d7a5a619
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/headphone.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:47:38 GMT
etag: "263-5d74b7a4dee80"
accept-ranges: bytes
content-length: 611
content-type: image/png
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/marker.png
200 OK 658 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/marker.png
IP
File type PNG image data, 15 x 17, 8-bit/color RGB, non-interlaced\012- data
Hash fc0cea4255452124ff3e7ee89a4253eb
86f31af61b6e6b6cce91a8cd91deadc215f22804
3cc24236a5de6964a42497d58059f13aa5b64835de52d1363865d6227f9a651a
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/marker.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 20:48:04 GMT
etag: "292-5d74b7bdaa900"
accept-ranges: bytes
content-length: 658
content-type: image/png
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/js/script.js
200 OK 154 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/js/script.js
IP
File type ASCII text, with CRLF line terminators
Hash 6a88d53561e8acbb4afe27307d3d4fb9
f1922e8889b32f2c5af762bed4c596687ef28cbb
01066344ed84a8cfc6518af2398dead9ce515b86e710c4ad301049541722ddd9
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
fortinet Phishing
GET /wp-admin/santa/assets/js/script.js HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 19 Dec 2020 20:10:22 GMT
etag: "9a-5b6d6d0916780"
accept-ranges: bytes
content-length: 154
content-type: application/javascript
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 6853053a13ba494868069491abfa589a
f64e4e6fa02419be417904c9ea3f9a70f66af83e
09713af05a46a8574256765795def0fea1d47379c831c5545ad39a1a33fb384d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 Mar 2023 16:22:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jquery.com/jquery-3.5.1.min.js
200 OK 997 B URL HTTP/2 code.jquery.com/jquery-3.5.1.min.js
IP
Hash 4553485927ea636920af589937518567
80389e334eafab340033a76171ac1abaf30db47f
9c380382f940b321922c3acefa905f3f813a49cb0c86d88259943adbc37cbb43
GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 10 Mar 2023 16:22:07 GMT
content-encoding: gzip
content-length: 30879
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1678465327.dop226.sk1.t,1678465327.cds249.sk1.hn,1678465327.cds208.sk1.c
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/bg.jpg
200 OK 280 kB URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/bg.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015 (Macintosh), datetime=2019:10:23 22:17:42], progressive, precision 8, 1200x800, components 3\012- data
Size 280 kB (279946 bytes)
Hash 2723663f4d0e3df7016ef639e098ef96
2306a69fcaff103ad3d6eda1792f521c063b63f4
c3e14aabc7cfcf98c4f5743bc303e5edea12ba3c5681ec51932f6d7b56e1198f
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/bg.jpg HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/assets/css/style.css
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 05 Feb 2022 21:08:26 GMT
etag: "4458a-5d74bc4b0e680"
accept-ranges: bytes
content-length: 279946
content-type: image/jpeg
date: Fri, 10 Mar 2023 16:22:08 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/imgs/favicon.png
200 OK 2.0 kB URL HTTP/2 edithriewer.de/wp-admin/santa/assets/imgs/favicon.png
IP
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash 15d178e6578463fffa6002ec7f13c3fd
c20bc4b5b94db991be62432b19743d541638886b
7765a8af829d91265140999f86b0637dea8544566ae9a865bdd5b8db75c0b62f
Analyzer Verdict Alert urlquery phishing Phishing - Santander
urlquery phishing Phishing - Santander
GET /wp-admin/santa/assets/imgs/favicon.png HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 07 Feb 2022 16:41:38 GMT
etag: "7c0-5d7704638f480"
accept-ranges: bytes
content-length: 1984
content-type: image/png
date: Fri, 10 Mar 2023 16:22:08 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5034
Expires: Fri, 10 Mar 2023 17:46:02 GMT
Date: Fri, 10 Mar 2023 16:22:08 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5034
Expires: Fri, 10 Mar 2023 17:46:02 GMT
Date: Fri, 10 Mar 2023 16:22:08 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 54939002388023971ddb6b7e7ad53403
21f73b23a35299dfbae64d57dd2762625a9a09f5
8f8b0574ea2dc28302dee0a9868c1c145f66a6735353d236a8bd024c624f55a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F8B0574EA2DC28302DEE0A9868C1C145F66A6735353D236A8BD024C624F55A1"
Last-Modified: Thu, 09 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5034
Expires: Fri, 10 Mar 2023 17:46:02 GMT
Date: Fri, 10 Mar 2023 16:22:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3334199f-c88a-4e10-8a20-35d778e5ad3e.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3334199f-c88a-4e10-8a20-35d778e5ad3e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f494fb2a46c3a2591e0a1f0359e1bbd8
ed497c432d8db39584b3e92ffe2745ef80976acb
858539e35c550718d662430b4f27e0562b18cbaee412dca721b2bba31c2e7edd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3334199f-c88a-4e10-8a20-35d778e5ad3e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5436
x-amzn-requestid: 10f91147-1958-42cb-ae25-c02667cd28a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BiGysEHWIAMFtOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640a51aa-23d0346617aa7dce37db3ac4;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 21:37:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: CjVOLXRBa0wykmTpV--6ek_XvXmRmGV3N1jBejhbY-Ka4WpsSEdujA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 b2d3922a177f6cecf9222a78a0a1ad32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 21:50:44 GMT
age: 66684
etag: "ed497c432d8db39584b3e92ffe2745ef80976acb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fece612bb-5803-44a0-b013-69495e68f618.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fece612bb-5803-44a0-b013-69495e68f618.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5fb01de303305f91bcb86bb15d5dfd76
f12c4a253b5871781a144aaab511e17b0de39334
140fa20d955abe7cf7e2a8543e5a72665abe6b030d0a3741d233c459d0aaa9e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fece612bb-5803-44a0-b013-69495e68f618.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7086
x-amzn-requestid: 96331389-5dbb-4342-81ca-4e4fb11885be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BiG3FGstIAMFYtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640a51c6-42d7e2ce0f02506633d445bf;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 21:38:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: N04n37cHTVqsdOfCWVOrgNEOAnXIXH0ro7WyBBcEthHJLqsenP8dcg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 1f41b5f27f3ec2e93db2155dbc56900c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 21:46:49 GMT
age: 66919
etag: "f12c4a253b5871781a144aaab511e17b0de39334"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25fd96ef-f1de-4dc9-8d62-fcfe64e87be6.jpeg
200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25fd96ef-f1de-4dc9-8d62-fcfe64e87be6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bcbb9a229dfdbcdd5f4933d53dccd2f
d466c69e698e6016fd281b42e2943b6160187e15
c34e80cadb28929c81138b15498a7b6ae2ab0c8560ff642e84c1e8bf4760a750
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25fd96ef-f1de-4dc9-8d62-fcfe64e87be6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6318
x-amzn-requestid: a5ba936c-e377-4d33-94f1-65ac4e1da876
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BiG0THS5IAMF1xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640a51b4-205321b8175ab3982b9fd0da;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: D1RAIB15unu7gmI2e_gZVnoMctIHBJjnYTf51_x1UXVsjk1MV0eF6Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 21:53:50 GMT
age: 66498
etag: "d466c69e698e6016fd281b42e2943b6160187e15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c66122-8164-4078-973b-871746d30513.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c66122-8164-4078-973b-871746d30513.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f9b2b04824e01611a6a3567e23f9f385
69a440ad99b094deb43c5f31d41b9f17e2cdb2cd
390c178215854637e21a7628836176fb09f121bc12145876de9bee98bda54e60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c66122-8164-4078-973b-871746d30513.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11515
x-amzn-requestid: 6be8f7ca-8a75-43c5-99d5-09abaf96d415
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BiGytEAIIAMFtwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640a51aa-3e9710d6250b0d7a567d92a0;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 21:37:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: w0YWdMBRfwzd21o45u_wNFpD0jLnF2hdom-bsBwzlclcjWZETaNQ6g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 bb763d35677c62f9f5d9728bba884662.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 21:55:22 GMT
age: 66406
etag: "69a440ad99b094deb43c5f31d41b9f17e2cdb2cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25ce13d4-351d-4678-a98b-89943616b968.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25ce13d4-351d-4678-a98b-89943616b968.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2caf7ed531bd79c257740c6ca076f73f
fb7480d1f20efef4dd386ee307be3a73e4fbc909
1c14c3295338834a139c1de93b9ea463422648069b62dd0901e485bafcbfd6e6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25ce13d4-351d-4678-a98b-89943616b968.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10661
x-amzn-requestid: f57c86a4-5218-41a0-8a5e-472574c9b790
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BiG0HF8aIAMF4Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640a51b3-1c2dd57219a840c7541a2f0a;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 21:37:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: eLA3ay3h_k8JDHfwBUWZgNJoBbRp1XCGJGRR8t1kgrbFKuiJ0reZuw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 446e26a256db1310ae719d818e420898.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 21:57:21 GMT
age: 66287
etag: "fb7480d1f20efef4dd386ee307be3a73e4fbc909"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F510b91a5-58f7-4b31-95f4-7c89f8f69660.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F510b91a5-58f7-4b31-95f4-7c89f8f69660.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f6679f47abf96342653f72c664ecb1d7
0ffd1fe392d77ed7fdc53008c9c666a4a58234c3
41d8e72cc250584fa2fff00bf2bf301afebd1c9549b6aedafaefcc54725184cd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F510b91a5-58f7-4b31-95f4-7c89f8f69660.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6559
x-amzn-requestid: 72b611d3-0e16-42bf-825b-c9195d99ce72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BiG1aGqmoAMF1Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640a51bb-7d8f404662252c435652a024;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 21:38:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: BSZdk0h1L7koTUJYr4Q3r5IxKzxESkHTz3_yE7E-Vp-38EhU4EFHtQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 22:08:42 GMT
age: 65606
etag: "0ffd1fe392d77ed7fdc53008c9c666a4a58234c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9001c602-e697-4470-a250-8926d809997d.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9001c602-e697-4470-a250-8926d809997d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14deeb816fda9831d01d347a50b05669
5bd1cb9cc898e9343df96044be9ca4680f309fa6
098eb4378ca698eb8172ded0c06539f4b7ed1b061bd65f659d0a25245427aaf3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9001c602-e697-4470-a250-8926d809997d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6749
x-amzn-requestid: 57e3eef1-a532-4b80-b653-f1877971130f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BiIBRE2bIAMFS1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640a53a1-4d1b1be2043dd5cb7a7f0e18;Sampled=0
x-amzn-remapped-date: Thu, 09 Mar 2023 21:46:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: H5Ho14NV5Pc69aoaQkB5OkHz-_s9WgCL6nN2G2zkR-uXh4BDuRk1oA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 f3ac324bf05099849ebda59e8136db0e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Mar 2023 22:06:19 GMT
age: 65756
etag: "5bd1cb9cc898e9343df96044be9ca4680f309fa6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
IP
GET /npm/bootstrap@4.5.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 10 Mar 2023 16:22:07 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
x-served-by: cache-fra-eddf8230071-FRA, cache-jnb7022-JNB
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1410404
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7p61pMYCADZonkf%2FK%2B3yMv1tvA6x6VO6sc8moHiNUOfj42%2FZwKqpS7dJdp6cA3TacLNS0SlwPFaARcnDdTbfwakapKHtZv3%2FZbcvkeVepRXJD%2FdGKpFc%2FoAq%2BqbNGoTN2ug%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a5ce50b0b980b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js
200 OK 0 B URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js
IP
GET /npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 10 Mar 2023 16:22:07 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.5.3
x-jsd-version-type: version
etag: W/"148b8-qycDEVlyTiQh9v9ccPSOZXq+nTk"
x-served-by: cache-fra-eddf8230067-FRA, cache-yyz4562-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 1410499
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P76TuYWiMQcwg25OM3eQxDrNebH3vQQFjl9Jt%2BYO4r%2FEzyn9TsKbLout36CU1tKTNxGxycp3kZ2J7Dpr0qJLKyIU7hCugepzvVOeRCNe%2F%2BIlnYNyRMMVuQASR0usDUKEAnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a5ce50b1bad0b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
edithriewer.de/wp-admin/santa/assets/css/helpers.css
200 OK 0 B URL HTTP/2 edithriewer.de/wp-admin/santa/assets/css/helpers.css
IP
GET /wp-admin/santa/assets/css/helpers.css HTTP/1.1
Host: edithriewer.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://edithriewer.de/wp-admin/santa/clients/login.php
Cookie: PHPSESSID=tcu9o9slmr65tkv4st71f6ek3v
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Dec 2020 11:23:20 GMT
etag: "a318-5b58d9649fa00"
accept-ranges: bytes
content-length: 41752
content-type: text/css
date: Fri, 10 Mar 2023 16:22:07 GMT
server: Apache/2.4.55 (Unix)
X-Firefox-Spdy: h2
35.241.9.150
104.16.87.20
81.169.145.149
23.36.77.32