Overview

URL vcxmetaversexx.zzux.com/authen
IP210.16.120.193
ASNHostUS
Location Singapore
Report completed2022-09-28 22:30:26 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-28 2 vcxmetaversexx.zzux.com/authen Crypto/Wallet
2022-09-28 2 vcxmetaversexx.zzux.com/authen Crypto/Wallet
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 vcxmetaversexx.zzux.com/authen Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/ Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/authen Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/css.html Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/webfont.js.download Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/enterprise.js.download Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/storage.secure.min.js.download Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/plx.chock.js Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/jquery-3.5.1.min.dc5e7f18c8.js.download Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/jsonp Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/js Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/webflow.js.download Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/bframe.html Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/EuclidCircularB-Regular-WebXL.woff2 Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/EuclidCircularB-Bold-WebXL.woff2 Phishing
2022-09-28 2 vcxmetaversexx.zzux.com/meta/recaptcha__nl.js.download Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (12)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS fonts.gstatic.com (4) 0 2014-08-29 13:43:22 UTC 2022-09-28 04:36:33 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS www.gstatic.com (1) 0 2016-07-26 09:37:06 UTC 2022-09-28 10:28:05 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS fonts.googleapis.com (2) 8877 2013-06-10 20:14:26 UTC 2022-09-28 16:03:51 UTC 142.250.74.10
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.110
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-28 18:52:26 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 52.27.12.161
mnemonic passive DNS vcxmetaversexx.zzux.com (24) 0 2022-09-26 23:34:22 UTC 2022-09-28 22:10:48 UTC 210.16.120.193 Domain (zzux.com) ranked at: 261465
mnemonic passive DNS ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-28 12:06:36 UTC 143.204.55.27
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.76.226


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 210.16.120.193

Date UQ / IDS / BL URL IP
2022-10-05 13:02:52 +0000
26 - 0 - 42 joybamq1.zzux.com/recover 210.16.120.193
2022-10-05 13:02:46 +0000
26 - 0 - 41 joybamq1.zzux.com/authen?utm_medium=marketing (...) 210.16.120.193
2022-10-05 13:02:41 +0000
24 - 0 - 39 joybamq1.zzux.com/ 210.16.120.193
2022-10-04 10:43:10 +0000
3 - 0 - 1 ororfitnaz.zzux.com/ 210.16.120.193
2022-10-04 10:20:38 +0000
24 - 0 - 39 doitnow1xz.zzux.com/ 210.16.120.193

Last 5 reports on ASN: HostUS

Date UQ / IDS / BL URL IP
2022-12-03 08:25:58 +0000
0 - 0 - 1 dopeboots.com/ 45.58.52.147
2022-12-02 22:34:32 +0000
0 - 0 - 1 bootsandcompany.com/Cancel/debit/No 45.58.52.147
2022-12-02 08:38:58 +0000
0 - 0 - 1 pazrealtymiami.com/ 45.58.52.147
2022-11-30 08:38:25 +0000
0 - 0 - 1 pazrealtymiami.com/ 45.58.52.147
2022-11-30 05:21:56 +0000
0 - 0 - 5 thedentalcoach.com/ 104.128.228.245

Last 5 reports on domain: zzux.com

Date UQ / IDS / BL URL IP
2022-11-28 11:22:01 +0000
3 - 0 - 0 dl.zzux.com/hkjsq_cli-1.1.20.exe 150.129.218.133
2022-11-28 11:22:02 +0000
3 - 0 - 0 dl.zzux.com/hkjsq-0.1.8.exe 150.129.218.133
2022-11-27 00:50:35 +0000
9 - 0 - 8 www.verifycitizen.zzux.com/ 4.240.80.134
2022-11-26 13:03:07 +0000
76 - 0 - 0 secureaccts.zzux.com/ 159.223.202.30
2022-11-25 01:21:29 +0000
3 - 0 - 1 joinwhatsapp-group.zzux.com/ 62.171.136.40

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-23 20:10:05 +0000
0 - 0 - 16 cleanupmetamask.run.place/ 212.8.251.13
2022-11-23 20:10:04 +0000
0 - 0 - 17 cleanupmetamask.run.place/authen 212.8.251.13
2022-11-23 18:40:50 +0000
0 - 0 - 17 cleanupmetamask.run.place/authen 212.8.251.13
2022-10-25 17:34:13 +0000
0 - 0 - 19 whenalive123.run.place/authen 193.31.30.210
2022-10-25 14:47:32 +0000
0 - 0 - 19 whenalive123.run.place/authen 193.31.30.210


JavaScript

Executed Scripts (14)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (51)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 22:15:44 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0oPLAKVWIFEGYMoI-_EhRvkXrhZc6rZib0fqg4s3y4jrNTAPQ49ofg==
Age: 871


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2807
Expires: Wed, 28 Sep 2022 23:17:02 GMT
Date: Wed, 28 Sep 2022 22:30:15 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VxM2E48LjM8FQcZqL7k2DvDPaygrRVNnRR2EIlZUfjhFuU1ZCSMAaA==
age: 61309
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 22:30:15 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 28 Sep 2022 22:29:33 GMT
Expires: Wed, 28 Sep 2022 22:32:54 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: JNZjptwV_LnI1d6dFL9eu2eTAKSF7BN7s8UXUC41VKPdnKc8MXuyQQ==
Age: 43


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6593
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 22:30:16 GMT
Last-Modified: Wed, 28 Sep 2022 20:40:23 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: whnONC02qcy8D767m1Hb0Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.27.12.161
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: We57tUgr/TASlS1PKrZ571YRaq8=

                                        
                                            GET /authen HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:16 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff; expires=Thu, 29-Sep-2022 00:30:16 GMT; Max-Age=7200; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://vcxmetaversexx.zzux.com/


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: http://vcxmetaversexx.zzux.com/authen


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /authen HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Content-Length: 5805
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (523)
Size:   5805
Md5:    2a6fe65076a31da6385440cd79d612cd
Sha1:   47d3ff9a9b574bba9d32f5b7aebbdf18f80c09b5
Sha256: af3a31159510b57c14fd3b2340a6e1875ff10dc546e6b10f39941cbe043fc85f

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - openphish: Crypto/Wallet
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 22:30:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 22:30:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /meta/webflow.css HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Last-Modified: Tue, 27 Sep 2022 09:25:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332c19f-98c5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (2587)
Size:   9290
Md5:    df537de16df2e7abb3a9474300085194
Sha1:   19823a9c07322292173a31cbb15faed3cb97855a
Sha256: c808edb13043989f1d4f886fa1f0e1a3aaa472f0d8a229f74429b04c13c08813

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/normalize.css HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Last-Modified: Tue, 27 Sep 2022 09:25:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332c196-1e5c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   2659
Md5:    b165f8d0baec3b8976de14634861b941
Sha1:   f7eabfa6844712979ef5e274f275c5be39fdc86f
Sha256: 91404eaa9c2b59e842d6694c3bb2128e21253a1780a4a75e33571ed659bd4d8e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6341
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 22:30:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6341
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 22:30:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6341
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 22:30:17 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d393f81-26d4-4afa-b6ba-940a54002d7f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6795
x-amzn-requestid: 20067932-e2e5-410a-8c7a-a5f623f33454
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCs6FbooAMFyHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633117ec-65749cd04e48e49a46b4c215;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:09:32 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: o1q8r6PSQDQyLs4xfhCSXu4q8fFi3zIoAIMlwNznvOsEtORfuVumCA==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 06:18:03 GMT
age: 58334
etag: "7057c6707c7299ac386c6b2164240eff241db294"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6795
Md5:    9f94853ffae41ec3c0e002bc152da1c4
Sha1:   7057c6707c7299ac386c6b2164240eff241db294
Sha256: 818f3ff90d7b7923b4af4e423dbb01388795490ac2097e1d58d70608b95618f4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9034
x-amzn-requestid: 20199dff-cd75-4f47-9395-9fdab045638c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYtHROoAMFQ6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-6a77e2d438ae887e4cd54ec6;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: z92zeMKTSVmpz2TYok8XpBUxuY4ZzN3Z_w32gQgjX1QGb26YDxnfdQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 04:18:58 GMT
age: 65479
etag: "927d5a375d9607b23caadae148566fdff10147b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9034
Md5:    2054ae778a3079d8233ee33045127df6
Sha1:   927d5a375d9607b23caadae148566fdff10147b1
Sha256: 6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:58 GMT
age: 1519
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10023
Md5:    f4505f57697072468da82e0b536d0d5b
Sha1:   e1067a2dfbc22e7eb196046d57bd1e17604dba75
Sha256: b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9654
x-amzn-requestid: 7961f184-9476-43de-bf35-8ccb50ee1760
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYsHA6oAMFvRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-05f567f7606462ac44f89987;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XaB4TwXv4xy0Sy3dncNYZWEPEnHY5BkEHR7fZDK59APYkzH9DPdT7A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 03:53:01 GMT
age: 67036
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9654
Md5:    36ae9444071dd70dcf86802c370ffda9
Sha1:   44cc19b21912d07f82a88af5b2fa6d3e370459bf
Sha256: 99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48e2707b-f3b2-4e52-99ae-03c359b698de.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8754
x-amzn-requestid: 175fc592-ed89-44fb-8cf7-8a4404f59d4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZC5OcHKkIAMFafA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633108c2-2c0c36007bc8bcb56a54e8a1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 02:04:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -AhTOJwgY3-DnA_pYXdBL18wPP_fNeyDmZjkdkQ2J-xrBZSyRcdK3Q==
via: 1.1 71e7943ea0729c284a06faa05a567236.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 19:10:22 GMT
age: 11995
etag: "ba797da9b2d6942161fa02a0e431de4868b84327"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8754
Md5:    556ea631652cbb77ff38dbe3bbc8c4d1
Sha1:   ba797da9b2d6942161fa02a0e431de4868b84327
Sha256: 130dab67cb6d80c741a7f2dadfd536bd6900204880dc3b68b2afbfa53dd3d781
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd156c6a4-51d8-498f-ac66-df71d14dc199.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7229
x-amzn-requestid: 5746281b-76dd-4f5d-aae0-6e81d115afba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y5eyoGymIAMFqWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632d44dd-113b11d4740415f2712d85aa;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 05:32:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Xet9obEGz9ToJADlhIi7dokSdNVfqCU04_6_pKBQv0ggB-zlPxC8Sg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 04:35:22 GMT
age: 64495
etag: "8c73e318a79c74a980108bb3d79c89d00c35af57"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7229
Md5:    f5d602deb76fb578e19f56ab7ded2070
Sha1:   8c73e318a79c74a980108bb3d79c89d00c35af57
Sha256: d212b5cfea23e349471702c7a79f464ef012bc644ab7ab60caed6a7f7395a049
                                        
                                            GET /meta/css.html HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Content-Length: 684
Last-Modified: Tue, 27 Sep 2022 09:25:31 GMT
Connection: keep-alive
ETag: "6332c18b-2ac"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   684
Md5:    147429fb2ddc3861e2ae0f473f17d78e
Sha1:   f2bdce63e15b9f3b90c8c3b153deb75b28eb69e3
Sha256: 25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/webfont.js.download HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Content-Length: 5415
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:53 GMT
ETag: "3384-5e9a53b0b5089-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (2134)
Size:   5415
Md5:    3fce8a085ab686f338e296d255f36db1
Sha1:   2da74358f4d36675c1bfa6ee5ee489e6e54bf401
Sha256: 9f9bbf22ba311465b6bb4c6944f94e2b97caea58227fafef64cf18b9181099c6

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/enterprise.js.download HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Content-Length: 614
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:33 GMT
ETag: "3f0-5e9a539dd9dde-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1008), with no line terminators
Size:   614
Md5:    533554dfe842696d43cbbe1be26c9d4b
Sha1:   4bc96c1c9afdca5fddb20c7b172a13afa5cb46e4
Sha256: f480ee9ffad021062c3251c62acf39842c0fa7e71c7dccdd91ee30524fccb84d

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/storage.secure.min.js.download HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Content-Length: 13194
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:47 GMT
ETag: "96a2-5e9a53ab773b4-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (38562), with no line terminators
Size:   13194
Md5:    79e7d68549291cc082c85f94b73ee13c
Sha1:   e065402b005d2fd7105c9a12adf961a58a4deb96
Sha256: 0adedf6a93b53bc365a213c28a4b10d8af539d8fe55c283cbd3c532a0bc0875a

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/plx.chock.js HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Last-Modified: Tue, 27 Sep 2022 09:25:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332c197-d41"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   311
Md5:    bc6a4fa1a731b1746c1d21f104bd6064
Sha1:   865b9fd0868954c03f838366eb2449bab5d388d6
Sha256: d88bca135a10c80b24a4185a4a08f209c151d82c946a9327ef58590fa12e211b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/jquery-3.5.1.min.dc5e7f18c8.js.download HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Content-Length: 30910
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:38 GMT
ETag: "15d84-5e9a53a2bfc71-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30910
Md5:    888c5fa4504182a0224b264a1fda0e73
Sha1:   65f058a7dead59a8063362241865526eb0148f16
Sha256: 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/metamask-staging-2.webflow.css HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Last-Modified: Tue, 27 Sep 2022 09:25:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332c195-22adb"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text
Size:   17621
Md5:    86ed5c43bcc35cee708393d812a5c842
Sha1:   ac66037f44aa618e88099322852936d3e1318afe
Sha256: df01bd9c7ea82c575f395792b2e5e2b898afc72609cbd067a47144576964ea2a

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /css?family=Changa+One:400,400italic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/

                                         
                                         142.250.74.10
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 28 Sep 2022 22:30:18 GMT
Date: Wed, 28 Sep 2022 22:30:18 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text
Size:   301
Md5:    7fb212f619185f162769684274cb1dfe
Sha1:   414b678cfcbcd25c44569e72369a8218bea8756d
Sha256: d53161ae9523414449dd0f7083f66fda679084bac2cb18a92b884a43616c1fd5
                                        
                                            GET /meta/jsonp HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:40 GMT
ETag: "43f6e-5e9a53a494879-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   87424
Md5:    b8763d07178c652db17cb681eb21cbf8
Sha1:   e2c34d4bfbd1fb7515ac879781deffb638ad9cad
Sha256: 415f8c95aabc4f7af332ae9060179be3606991c2832a4f442d4c746ff1c80740

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://vcxmetaversexx.zzux.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 7900
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 24 Sep 2022 22:34:53 GMT
Expires: Sun, 24 Sep 2023 22:34:53 GMT
Cache-Control: public, max-age=31536000
Age: 345325
Last-Modified: Thu, 21 Apr 2022 17:15:19 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 7900, version 1.0\012- data
Size:   7900
Md5:    61e86e7a20ecf3ba181ca4b9a9a1cdbd
Sha1:   482a65cffc69109af26669d64accbef71db3b836
Sha256: fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18
                                        
                                            GET /s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://vcxmetaversexx.zzux.com
Connection: keep-alive
Referer: http://fonts.googleapis.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 8404
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Sep 2022 09:48:03 GMT
Expires: Thu, 28 Sep 2023 09:48:03 GMT
Cache-Control: public, max-age=31536000
Age: 45735
Last-Modified: Thu, 21 Apr 2022 17:15:41 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 8404, version 1.0\012- data
Size:   8404
Md5:    141119ae119bf7ca75e10ef82f66e442
Sha1:   adebf435aa078db3c116cb9faae15f2ad81d3ac5
Sha256: c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff
                                        
                                            GET /meta/js HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Content-Length: 35327
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:40 GMT
ETag: "168a5-5e9a53a468958-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (1815)
Size:   35327
Md5:    538830958289d9161b34e9b6f0f72488
Sha1:   c516269bf9a738cef82ace7c0525f41a93b2fb75
Sha256: c0662c29101a79a0c5d62b273cb34b4fa830081d61722e32ec32205f2defd190

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/wpp.gif HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Content-Length: 3877
Last-Modified: Tue, 27 Sep 2022 09:25:54 GMT
Connection: keep-alive
ETag: "6332c1a2-f25"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 87a, 470 x 40\012- data
Size:   3877
Md5:    941648b845842a709da73e24652cf8a4
Sha1:   099e5f97e602d026c51537c9b45328dc99261d7c
Sha256: 2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/webflow.js.download HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:53 GMT
ETag: "92c10-5e9a53b19a86d-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (50020)
Size:   147184
Md5:    c4b0095b01ed8f86df80e43a2b91d041
Sha1:   c79105b1702e8db781c136b44bff3e26ba72cc36
Sha256: 581bfb791a74114e95306054d9668a80143a21e9a41328360503f5b6b09c2a9b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/bframe.html HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff
Upgrade-Insecure-Requests: 1

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:19 GMT
Last-Modified: Tue, 27 Sep 2022 09:25:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332c18b-2e07"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3186)
Size:   4069
Md5:    2f10cabca6c2651a48e260c0d202396c
Sha1:   ab25f083f7bb312f750fd2a372d0e2990bdf9525
Sha256: 7a7ff60899394d6467d0904d3c0cb7be8979f1ee27fe46e1749653b19648b74a

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 22:30:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /meta/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/meta/metamask-staging-2.webflow.css
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Content-Length: 45196
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:36 GMT
ETag: "b08c-5e9a53a0b06e9"
Accept-Ranges: bytes
Vary: Accept-Encoding


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 45196, version 3.66\012- data
Size:   45196
Md5:    2d75957df3bb3aa6ed84f6591b0d5a1a
Sha1:   906424e75625f63b0188471067065794d0348536
Sha256: 8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/meta/metamask-staging-2.webflow.css
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Content-Length: 44544
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:34 GMT
ETag: "ae00-5e9a539f2faa3"
Accept-Ranges: bytes
Vary: Accept-Encoding


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44544, version 3.66\012- data
Size:   44544
Md5:    9024d0bf73943172297c4628d0054e20
Sha1:   36c3795e7b297d06589e15ef59592683d9ed0974
Sha256: 88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /meta/styles__ltr.css HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/meta/bframe.html
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:19 GMT
Last-Modified: Tue, 27 Sep 2022 09:25:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6332c19c-cc90"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (52368), with no line terminators
Size:   24092
Md5:    ebdf18f77541c94124d305c6995475cb
Sha1:   7d3de2b58de6e2aeb9ab5a73254829544e7fe24d
Sha256: db4b6017d7f9a8c675bfa68021f3eeb0246016de004efc8e28a23b97df0da71e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /metamask.io/images/webclip.png HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:19 GMT
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   557
Md5:    d7b7d0cdc7f50d4028b970a4adc1a42d
Sha1:   2b3f25b5de65feee879d8da596250f55d050163b
Sha256: 4d78f11501b99f3ea1d0a1079bba04b9da57ef67ebd82d1da726723eaf875614

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /metamask.io/images/favicon.png HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/authen
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:19 GMT
Content-Length: 557
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   557
Md5:    d7b7d0cdc7f50d4028b970a4adc1a42d
Sha1:   2b3f25b5de65feee879d8da596250f55d050163b
Sha256: 4d78f11501b99f3ea1d0a1079bba04b9da57ef67ebd82d1da726723eaf875614

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /meta/hero2.4.png HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/meta/metamask-staging-2.webflow.css
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:18 GMT
Content-Length: 589568
Last-Modified: Tue, 27 Sep 2022 09:25:36 GMT
Connection: keep-alive
ETag: "6332c190-8ff00"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 1752 x 1452, 8-bit/color RGBA, non-interlaced\012- data
Size:   589568
Md5:    d0ec70f4c666fbf6ad0d30a52d08c5c9
Sha1:   e48f0688bc4f592824840478d12c05df0dd12002
Sha256: 3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://vcxmetaversexx.zzux.com
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Wed, 28 Sep 2022 22:30:20 GMT
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size:   1621
Md5:    c90524d6a02b27addb56c350fe6fbb2d
Sha1:   d713d1b53323c0169ffe0649be8c9d04a189f999
Sha256: 4aefd395113d052a874ac1919aed0e288835e0377683f1e71e98838d16c986e0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 22:30:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /meta/recaptcha__nl.js.download HTTP/1.1 
Host: vcxmetaversexx.zzux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/meta/bframe.html
Cookie: cazanova=mqivb23hb2g06bt6g2nfij8dr5t0ccff

                                         
                                         210.16.120.193
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 28 Sep 2022 22:30:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 27 Sep 2022 09:25:45 GMT
ETag: "56577-5e9a53a9d736e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (820)
Size:   137504
Md5:    2128869002ee143c12253efdafd190a4
Sha1:   9781a8b2fa7342367a7ef81a70ad7234ad6505bb
Sha256: bb787fc0dfa0c02a27b4e75825e9c4e0839637f02fda1b60b645719bbfad663b

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://vcxmetaversexx.zzux.com
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15344
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 26 Sep 2022 20:06:20 GMT
Expires: Tue, 26 Sep 2023 20:06:20 GMT
Cache-Control: public, max-age=31536000
Age: 181440
Last-Modified: Mon, 16 Oct 2017 17:32:55 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size:   15344
Md5:    5d4aeb4e5f5ef754e307d7ffaef688bd
Sha1:   06db651cdf354c64a7383ea9c77024ef4fb4cef8
Sha256: 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
                                        
                                            GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://vcxmetaversexx.zzux.com
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/

                                         
                                         142.250.74.163
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 15552
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 23 Sep 2022 16:38:48 GMT
Expires: Sat, 23 Sep 2023 16:38:48 GMT
Cache-Control: public, max-age=31536000
Age: 453092
Last-Modified: Mon, 16 Oct 2017 17:33:02 GMT


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size:   15552
Md5:    285467176f7fe6bb6a9c6873b3dad2cc
Sha1:   ea04e4ff5142ddd69307c183def721a160e0a64e
Sha256: 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
                                        
                                            GET /icon?family=Material+Icons HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://vcxmetaversexx.zzux.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 22:30:17 GMT
date: Wed, 28 Sep 2022 22:30:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---