www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login.php
185.178.208.182301 Moved Permanently 568 B URL HTTP/1.1 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login.php
IP 185.178.208.182:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
Analyzer Verdict Alert fortinet Phishing
GET /login.php HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Fri, 27 Jan 2023 03:20:34 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login.php
Content-Type: text/html; charset=utf8
Content-Length: 568
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18331
Expires: Fri, 27 Jan 2023 08:26:06 GMT
Date: Fri, 27 Jan 2023 03:20:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6222
Expires: Fri, 27 Jan 2023 05:04:17 GMT
Date: Fri, 27 Jan 2023 03:20:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 02:35:19 GMT
content-type: application/json
age: 2716
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 49049f3c92aad686cd7ff28ecd2a5a4f
9cc2bc9c055450dbc4fae93eabe4ef8509b3ff57
02cf421968192286bb174ff0e6c818a843c4eca61a02cd493e6f95bb58a37015
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CF421968192286BB174FF0E6C818A843C4ECA61A02CD493E6F95BB58A37015"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3212
Expires: Fri, 27 Jan 2023 04:14:07 GMT
Date: Fri, 27 Jan 2023 03:20:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nitHpgPn2tA/VbDJSJEtQ7+b/KXIKbNU9WSzirA9/toMxQtMtgZqNee9KyesuUTAwQuBfeuOEmI=
x-amz-request-id: K6KMYDP5MDE87GS5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 02:49:14 GMT
age: 1881
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 03:20:35 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 75a41581681122f1a63cef34a1e8df94
2c6ecbf1fc87bd7298baca802714db739e6bd100
1a2ba3e86589da6e62502ae383a3539717272b30004e6d2e158eeaefea40d7c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A2BA3E86589DA6E62502AE383A3539717272B30004E6D2E158EEAEFEA40D7C2"
Last-Modified: Fri, 27 Jan 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21580
Expires: Fri, 27 Jan 2023 09:20:15 GMT
Date: Fri, 27 Jan 2023 03:20:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 02:41:40 GMT
age: 2335
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19411
Expires: Fri, 27 Jan 2023 08:44:06 GMT
Date: Fri, 27 Jan 2023 03:20:35 GMT
Connection: keep-alive
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/modules/letsencrypt/global.js?1672773325
185.178.208.182200 OK 350 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/modules/letsencrypt/global.js?1672773325
IP 185.178.208.182:0
Hash 9dd70cbc68959644974623a33fe64e3d
f2b71e7b7245e499c79e78bc8aa249be362dfa76
e785cab652ed72a6c94c71b92bae72267f5efcbb97c7fdae2ee0fd93fd6783ae
GET /modules/letsencrypt/global.js?1672773325 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:34 GMT
content-type: application/javascript
last-modified: Tue, 03 Jan 2023 19:15:25 GMT
etag: W/"63b47ecd-2d6"
content-encoding: gzip
x-powered-by: PleskLin
age: 1
content-length: 350
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/modules/notifier/global.js?1672773219
185.178.208.182200 OK 4.3 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/modules/notifier/global.js?1672773219
IP 185.178.208.182:0
File type ASCII text, with very long lines (15013), with no line terminators
Hash e746aef1e5cde49a50ee0ec7a3f3cfa9
6322e77bc07d7844e1586fb4c4602d27c82cbbc0
ccacd33949993052fc315f728591a6570cc32502714c7e3740fa56a0e4a59efb
GET /modules/notifier/global.js?1672773219 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:32 GMT
content-type: application/javascript
last-modified: Tue, 03 Jan 2023 19:13:39 GMT
etag: W/"63b47e63-3aa5"
content-encoding: gzip
x-powered-by: PleskLin
age: 3
content-length: 4268
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/externals/require.js?1673367587
185.178.208.182200 OK 7.4 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/externals/require.js?1673367587
IP 185.178.208.182:0
File type ASCII text, with very long lines (17560)
Hash 2783e102bedffbe02433a5d66b9f892b
72426a5d9c9cc986f01466008a3557d3563d18b1
a297ffbb89c40e21fd2047c0a5c4207981a3116e0e884d4c36b29ba2d82bd7df
Analyzer Verdict Alert fortinet Phishing
GET /cp/javascript/externals/require.js?1673367587 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:31 GMT
content-type: application/javascript
last-modified: Tue, 10 Jan 2023 16:19:47 GMT
etag: W/"63bd9023-4562"
content-encoding: gzip
x-powered-by: PleskLin
age: 4
content-length: 7382
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/main.js?1674786601
185.178.208.182200 OK 153 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/main.js?1674786601
IP 185.178.208.182:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 153 kB (152710 bytes)
Hash 10023cb58f97793ec2dfd792237d8dda
8d446146cba65729979692d9c5cf6934aab05359
378a715c5bcfac57f6aad443f8630afbcfdfd91f89a4d19cc2f1c4a31f3243b8
Analyzer Verdict Alert fortinet Phishing
GET /cp/javascript/main.js?1674786601 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:30 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 02:30:01 GMT
etag: W/"63d33729-981c7"
content-encoding: gzip
x-powered-by: PleskLin
age: 5
content-length: 152710
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/plesk-ui-library.min.js?1671611340
185.178.208.182200 OK 169 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/plesk-ui-library.min.js?1671611340
IP 185.178.208.182:0
File type ASCII text, with very long lines (26393)
Size 169 kB (168734 bytes)
Hash cdc289456f7caa3a9cfc2ce8697ca64a
bd9353cac117d65bc49707fb36da5e1d68b9ab27
455bc0ac5728d34966691b9ff5b6a7e72590d59eb1e485558da974097bbcbd97
Analyzer Verdict Alert fortinet Phishing
GET /ui-library/plesk-ui-library.min.js?1671611340 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:26 GMT
content-type: application/javascript
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: W/"63a2c3cc-76860"
content-encoding: gzip
x-powered-by: PleskLin
age: 9
content-length: 168734
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/externals/prototype.js?1673367587
185.178.208.182200 OK 35 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/externals/prototype.js?1673367587
IP 185.178.208.182:0
File type ASCII text, with very long lines (60984)
Hash c7b7d75eaeb614511bae0303d2ac4103
174d20a99189f8c64588ebbd35647104f7c6372a
0ff0a54a5623b4db49b1fd82473cd258cc601f236300ba46ced34177673245fa
Analyzer Verdict Alert fortinet Phishing
GET /cp/javascript/externals/prototype.js?1673367587 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:25 GMT
content-type: application/javascript
last-modified: Tue, 10 Jan 2023 16:19:47 GMT
etag: W/"63bd9023-17b8d"
content-encoding: gzip
x-powered-by: PleskLin
age: 12
content-length: 35367
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.45.114101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.45.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HR7g6kyq1rMXLSh55RF5uA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: N5J9ngJYOi906kETb6s+NPIc908=
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/fonts/open-sans-regular.woff2?e7777b3c2bb7ae4d50f3abe9ee4f1eb5
185.178.208.182200 OK 60 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/fonts/open-sans-regular.woff2?e7777b3c2bb7ae4d50f3abe9ee4f1eb5
IP 185.178.208.182:0
File type Web Open Font Format (Version 2), TrueType, length 59600, version 1.0\012- data
Hash e78dce533ecee30c5efd812bb23c248d
87d988c2f0343952ccded7c17b000e33db6f3d15
03e2544599e5a06566b2579f82ac6e445b724435fccb1f3e8988e58f45b1fc5e
Analyzer Verdict Alert fortinet Phishing
GET /ui-library/fonts/open-sans-regular.woff2?e7777b3c2bb7ae4d50f3abe9ee4f1eb5 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:36 GMT
content-type: font/woff2
content-length: 59600
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: "63a2c3cc-e8d0"
accept-ranges: bytes
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/fonts/open-sans-600.woff2?098c0a7547a49b0ce57658f41c897ecd
185.178.208.182200 OK 62 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/fonts/open-sans-600.woff2?098c0a7547a49b0ce57658f41c897ecd
IP 185.178.208.182:0
File type Web Open Font Format (Version 2), TrueType, length 61548, version 1.0\012- data
Hash e9681ca3d29d814a5621d4764dd1a11e
bbda68459fc0531b915bdf9e524ecc8f782db0aa
51f0bacf9e49a400a5a2947ef6b14127ef3241b0760d97721e0aedd7add66456
Analyzer Verdict Alert fortinet Phishing
GET /ui-library/fonts/open-sans-600.woff2?098c0a7547a49b0ce57658f41c897ecd HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:36 GMT
content-type: font/woff2
content-length: 61548
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: "63a2c3cc-f06c"
accept-ranges: bytes
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
sentry.io/api/1327420/envelope/?sentry_key=50365a6fe24f4ff28f6b625410e04a35&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.23.0
35.188.42.15200 OK 2 B URL HTTP/1.1 sentry.io/api/1327420/envelope/?sentry_key=50365a6fe24f4ff28f6b625410e04a35&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.23.0
IP 35.188.42.15:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /api/1327420/envelope/?sentry_key=50365a6fe24f4ff28f6b625410e04a35&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.23.0 HTTP/1.1
Host: sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
Content-Length: 430
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 27 Jan 2023 03:20:36 GMT
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
access-control-expose-headers: x-sentry-rate-limits, retry-after, x-sentry-error
vary: Origin
x-envoy-upstream-service-time: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/images/apple-touch-icon.png?1673367587
185.178.208.182200 OK 4.5 kB URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/images/apple-touch-icon.png?1673367587
IP 185.178.208.182:0
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash ebbd61fb584cc8ae62ffa726070c952f
7aefbffc866e859207b23f736faeac97f51414e6
b23ec702f16e22329aa8d8a74cede38c886e609acd467517a004439cbbb1da1c
Analyzer Verdict Alert fortinet Phishing
GET /images/apple-touch-icon.png?1673367587 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:37 GMT
content-type: image/png
content-length: 4528
last-modified: Tue, 10 Jan 2023 16:19:47 GMT
etag: "63bd9023-11b0"
accept-ranges: bytes
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10771
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 03:20:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10771
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 03:20:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10771
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 03:20:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10771
Expires: Fri, 27 Jan 2023 06:20:08 GMT
Date: Fri, 27 Jan 2023 03:20:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 23:01:22 GMT
age: 15555
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7364957de1b4c82a923bd947f0cce750
d8aa55b64a65757e043b4b1b63efd93c8261d275
f1f7059968d08adfa1c775c906ecb6e5b752210af0bcdcebfa77c2ba6f15bbf4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: 2946b91b-1d7e-4eba-966d-600ae368cd3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzVxGw1oAMF-xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce328b-04037751257e13ca156eee8d;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4TidB2H164ziAxKhEORFw4BBF0FB2pkkwNq3iMQfS4t7yObXCA59Pw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 08:40:53 GMT
age: 67184
etag: "d8aa55b64a65757e043b4b1b63efd93c8261d275"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e96f3ea585b5fa8ed6446ed16e2b4b2
f90c205f370a2426dffe3c21b24bfa551b385556
6967ba25887f87200fcb39a3e6f065fd27596b2ebcf0d33a2751c655d6e724f2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4272
x-amzn-requestid: e051c22b-c2ec-4e59-b29b-ba1464d8015b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRz28G13oAMFeeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d099c5-48b013ff34b9702a6d2fd560;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 02:53:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3BquvYOvgBWY2JeuOjZH9t1bunnj5yAXmMqyqZKuD6v2xMm8BAG3lw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 02:41:06 GMT
age: 85657
etag: "f90c205f370a2426dffe3c21b24bfa551b385556"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2dfd3530064d405643a31fedd4fd7618
d8268771360e609892c5506f3114dc4f73c0aad0
b4790125e39e400c30d640cd0c64497256168892405511ec3d43b03dc0e5715a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feaa4a77d-7ed7-4b76-bcb0-24d1679a5359.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10973
x-amzn-requestid: caff330a-0cc6-488d-be82-c09c2bb87408
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLQYTEduIAMFZkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfa9b-1f26b225062c8465440cf460;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:10:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L-i1AEFIP6AoWwjds6n7ohyz-Ls1HoF9CXNJS7RRDFApBceBZXmoxA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:29:15 GMT
age: 53482
etag: "d8268771360e609892c5506f3114dc4f73c0aad0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a3d856f57bcfd0bb18253cd77dd6541b
9d9680fb1a9232bb2b42b824dc11633666bfa31a
f2a03384e72a4d3350ee6addc49d6a507837eb195647016ea001e846eaccb0e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6055
x-amzn-requestid: dd44b3ab-6248-419a-995a-f3aaf59dae77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLRhMFPYIAMF91g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfc6d-4df410b022dbbb55297e6ac7;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:18:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b0NnMvzF8QzmCB6erAH6gTky4A2vBwI6huYmgX8hLTatYq_NHhQl1A==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 15:23:32 GMT
age: 43025
etag: "9d9680fb1a9232bb2b42b824dc11633666bfa31a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 464592dade1d7207d58b22d5d09d9254
3caa2537edfe4c738540884b3eda51e437d26f4d
c0cdec94ff460c4b875657bb53ed90ef2ef786a2b8095d1ebf09365556536375
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61f2aec8-2d63-4f9f-9980-04c179cc5720.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4627
x-amzn-requestid: 38f2ed09-3a2e-4b5d-bde9-24fd7467d1a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZJE-BIAMFvdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3a-4ad90b1c2883444f547b6f84;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pl5Ta4lZHz2a_R1U3OnL1AZFcLc4Ez6_2U7WZ6ZYUC26k9r7m6mxXw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:21:49 GMT
age: 82728
etag: "3caa2537edfe4c738540884b3eda51e437d26f4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 5c7823247bca32731cdc82212a8baaec
42a9b031a7f2f044192c00642e7ad17af1349b06
73528d61cd78a3fed7e2e9594b65a26e328676d9f6f74fe5a2aaf6c0d5253bbd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=94996
Date: Fri, 27 Jan 2023 03:20:37 GMT
Etag: "63d21027-1d7"
Expires: Sat, 28 Jan 2023 05:43:53 GMT
Last-Modified: Thu, 26 Jan 2023 05:31:19 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KvkVET1pkOt381eixlqq6NYa44GEIBuw2-c4uxRWNzIB9wiAsvfrfQ==
Age: 754
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 5c7823247bca32731cdc82212a8baaec
42a9b031a7f2f044192c00642e7ad17af1349b06
73528d61cd78a3fed7e2e9594b65a26e328676d9f6f74fe5a2aaf6c0d5253bbd
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=98804
Date: Fri, 27 Jan 2023 03:20:37 GMT
Etag: "63d21027-1d7"
Expires: Sat, 28 Jan 2023 06:47:21 GMT
Last-Modified: Thu, 26 Jan 2023 05:31:19 GMT
Server: ECS (nyb/1D2D)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: krWBmECNSvqh9iB80TX7VSksgNEeTFP7lCE0vgACRaGt6HJe8snLMw==
Age: 4562
firehose.us-west-2.amazonaws.com/
35.89.72.103200 OK 20 B URL HTTP/1.1 firehose.us-west-2.amazonaws.com/
IP 35.89.72.103:0
Hash 3970e82605c7d109bb348fc94e9eecc0
e03849ea786b9f7b28a35c17949e85a93eb1cff1
f5d031af01f137ae07fa71720fab94d16cc8a2a59868766002918b7c240f3967
OPTIONS / HTTP/1.1
Host: firehose.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/
Origin: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amzn-RequestId: e5df3c48-7438-33d2-b992-790d93d6f99d
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Access-Control-Allow-Headers: authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Allow-Methods: POST
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Access-Control-Max-Age: 172800
Content-Length: 20
Date: Fri, 27 Jan 2023 03:20:37 GMT
firehose.us-west-2.amazonaws.com/
35.89.72.103200 OK 244 B URL HTTP/1.1 firehose.us-west-2.amazonaws.com/
IP 35.89.72.103:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 78dc7265f56471d2b990f70d7acda993
e269662bab4ab13785e2d63f6cd7ced61aba90d5
562272dc9cb0b9b9271a8b89f12868f8969a694c662596d6b512be18f2f56330
POST / HTTP/1.1
Host: firehose.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Amz-User-Agent: aws-sdk-js/2.1267.0 callback
Content-Type: application/x-amz-json-1.1
X-Amz-Target: Firehose_20150804.PutRecord
X-Amz-Content-Sha256: a1f054ff3a36cbdf4d282c3f8c147e147e92375a27a39d2a43a2dd23aef209b0
X-Amz-Date: 20230127T032037Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAR4YEYRJLZOCG766Q/20230127/us-west-2/firehose/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-target;x-amz-user-agent, Signature=88f5c2f99d1720c9d81c68915734e6e442c7484be09f9457dd72dc81739d0a03
Content-Length: 290
Origin: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amzn-RequestId: c97e02bb-57ee-9900-9533-47fdb000534f
Access-Control-Allow-Origin: *
Content-Encoding: gzip
x-amz-id-2: seXt8RS52eSRKjO91Zct64MHr5WKsBm9kvUyWlMJHNpxxeJ0hfduAcra/5WSaM3EEZ9RGvVs4UwWDg41JJxkzwmJoehfCRDv
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Content-Type: application/x-amz-json-1.1
Content-Length: 244
Date: Fri, 27 Jan 2023 03:20:37 GMT
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login.php
185.178.208.182303 See Other 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login.php
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /login.php HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 303 See Other
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=frDIhelmZqIR6rjaULCh; Domain=.uyduportal.net; HttpOnly; Path=/; Expires=Sat, 27-Jan-2024 03:20:35 GMT
date: Fri, 27 Jan 2023 03:20:35 GMT
content-type: text/html; charset=utf-8
expires: Fri, 28 May 1999 00:00:00 GMT
last-modified: Fri, 27 Jan 2023 03:20:35 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
p3p: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
location: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
x-powered-by: PleskLin
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/modules/letsencrypt/global.css?1672773325
185.178.208.182200 OK 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/modules/letsencrypt/global.css?1672773325
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /modules/letsencrypt/global.css?1672773325 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:35 GMT
content-type: text/css
last-modified: Tue, 03 Jan 2023 19:15:25 GMT
etag: W/"63b47ecd-2a4"
content-encoding: gzip
x-powered-by: PleskLin
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/theme/css/main.css?1673740802
185.178.208.182200 OK 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/theme/css/main.css?1673740802
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /cp/theme/css/main.css?1673740802 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:36 GMT
content-type: text/css
last-modified: Sun, 15 Jan 2023 00:00:02 GMT
etag: W/"63c34202-4eccc"
content-encoding: gzip
x-powered-by: PleskLin
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/vendors.js?1673367587
185.178.208.182200 OK 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/javascript/vendors.js?1673367587
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /cp/javascript/vendors.js?1673367587 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:28 GMT
content-type: application/javascript
last-modified: Tue, 10 Jan 2023 16:19:47 GMT
etag: W/"63bd9023-151256"
content-encoding: gzip
x-powered-by: PleskLin
age: 7
content-length: 444903
ddg-cache-status: MISS,HIT
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
185.178.208.182200 OK 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /login_up.php HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:35 GMT
content-type: text/html; charset=utf-8
expires: Fri, 28 May 1999 00:00:00 GMT
last-modified: Fri, 27 Jan 2023 03:20:35 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
p3p: CP="NON COR CURa ADMa OUR NOR UNI COM NAV STA"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
185.178.208.182200 OK 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/ui-library/plesk-ui-library.css?1671611340
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /ui-library/plesk-ui-library.css?1671611340 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:36 GMT
content-type: text/css
last-modified: Wed, 21 Dec 2022 08:29:00 GMT
etag: W/"63a2c3cc-2ceab"
content-encoding: gzip
x-powered-by: PleskLin
age: 2
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/images/favicon.svg?1673367587
185.178.208.182200 OK 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/images/favicon.svg?1673367587
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /images/favicon.svg?1673367587 HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:37 GMT
content-type: image/svg+xml
last-modified: Tue, 10 Jan 2023 16:19:47 GMT
etag: W/"63bd9023-27a"
accept-ranges: bytes
x-powered-by: PleskLin
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/theme/images/logos/plesk/logo.svg
185.178.208.182200 OK 0 B URL HTTP/2 www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/cp/theme/images/logos/plesk/logo.svg
IP 185.178.208.182:0
Analyzer Verdict Alert fortinet Phishing
GET /cp/theme/images/logos/plesk/logo.svg HTTP/1.1
Host: www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.udgppecsdhfjbmiheeribwww.staging.gold.uyduportal.net/login_up.php
Cookie: __ddg1_=frDIhelmZqIR6rjaULCh
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 03:20:36 GMT
content-type: image/svg+xml
last-modified: Tue, 10 Jan 2023 16:19:47 GMT
etag: W/"63bd9023-aa8"
accept-ranges: bytes
x-powered-by: PleskLin
content-encoding: br
vary: Accept-Encoding
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2