r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3c0c53379f331e934f61070074d41035
420f6e542cbf741838566f22e475a80e2f600d21
4b7213ec107cdf1c2cd61a124453fb682ec291af0004d071105c87e2fe7528f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B7213EC107CDF1C2CD61A124453FB682EC291AF0004D071105C87E2FE7528F5"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5453
Expires: Tue, 13 Dec 2022 21:46:36 GMT
Date: Tue, 13 Dec 2022 20:15:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b642ec5702fb818c5d1c67168cc68fdb
015146489a8e7fcb4ba0ba74cfe757a072705f93
4846d047a23903856bd113d02639ce7e08a1e40030151d302295b2d12df98ffc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4846D047A23903856BD113D02639CE7E08A1E40030151D302295B2D12DF98FFC"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6632
Expires: Tue, 13 Dec 2022 22:06:15 GMT
Date: Tue, 13 Dec 2022 20:15:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d29881eeb0456eff8cf415ad2ce64ba0
e3cfdd5f56ff88066257ec8f4726f53e3a733bd3
2cd90072f113163f976ddb8bc7017884efd3f764e7e8961b04e3ba5ec0a17d85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CD90072F113163F976DDB8BC7017884EFD3F764E7E8961B04E3BA5EC0A17D85"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6523
Expires: Tue, 13 Dec 2022 22:04:26 GMT
Date: Tue, 13 Dec 2022 20:15:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 13 Dec 2022 20:08:47 GMT
content-type: application/json
age: 416
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: CzpfEKBD1UZEpRE1zYeL8nFXvpOpnrOwtfpdiSDxF6cQltNhnUglyzQY5/aJh6A5NYGIu4AHfSc=
x-amz-request-id: 9S54WQ9CDVH6S64X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 13 Dec 2022 19:50:11 GMT
age: 1532
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Dec 2022 20:15:43 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
95.101.10.131200 OK 12 kB URL HTTP/2 img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 12096, version 1.0\012- data
Hash 4810a19d6fb1d3244fc70cf4de1fafe7
d6e5165c861b57f74d97fb30dc1b3286dcc49c76
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5
GET /ux/fonts/uxfont/2.0/uxfont.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Tue, 01 Oct 2019 21:51:42 GMT
accept-ranges: bytes
etag: "f46b9269a278d51:0"
content-length: 12096
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
95.101.10.131200 OK 27 kB URL HTTP/2 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Hash 1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:07 GMT
accept-ranges: bytes
etag: "ec1d1690b07ad31:0"
content-length: 26620
unused62: 8096267
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
95.101.10.131200 OK 40 kB URL HTTP/2 img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 40132, version 1.66\012- data
Hash 162c9e176014c90e76618bd4b7a8a3f0
7fec64f1167b3086a533379a307f257eb777c129
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
GET /ux/fonts/gd-sage/1.0/gd-sage-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 04 Apr 2019 17:08:28 GMT
accept-ranges: bytes
etag: "36811569ebd41:0"
content-length: 40132
unused62: 8096267
x-edgeconnect-cache-status: 1
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
95.101.10.131200 OK 26 kB URL HTTP/2 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Hash 5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:05 GMT
accept-ranges: bytes
etag: "2a87a78eb07ad31:0"
content-length: 25832
unused62: 8096267
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/index_files/utilityheader.css
46.20.206.52200 OK 10 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/utilityheader.css
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5af50066b71c93aecc4658970a49018f
724463931f27c2cd844407d09ed3565649f2ee8f
dc15fcb1147f15eb64d13edde5e1d7b52d1c2064a25075dc0642808afd8465d0
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
GET /wp-includes/index_files/utilityheader.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 10473
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 13 Dec 2022 20:07:57 GMT
age: 467
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
46.20.206.52200 OK 26 kB URL HTTP/1.1 portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
IP 46.20.206.52:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (27098), with CRLF line terminators
Hash 1df639c8783038f88804971d40438d3c
f60f6331acc79d354755ffc893256ccc7513cac9
925ea716248668935ff736c9b743d66d3b4c259f32b70a77a522ea2846bf0626
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
GET /wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4 HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.3.1, ASP.NET
Date: Tue, 13 Dec 2022 20:15:42 GMT
Content-Length: 26182
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash de9e80c3bbe25e8623562110be8b8c9c
013f87db47c4ce3daf3380bc5e0ac3b1b496fe6f
792d587777c03d661a39a0593b71b3ec7611cb6e9d7a834bc79f28e6ace19692
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5591
Cache-Control: max-age=138259
Content-Type: application/ocsp-response
Date: Tue, 13 Dec 2022 20:15:44 GMT
Etag: "639840ac-1d7"
Expires: Thu, 15 Dec 2022 10:40:03 GMT
Last-Modified: Tue, 13 Dec 2022 09:06:52 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
portal.alri.tj/wp-includes/index_files/polyfill.js
46.20.206.52200 OK 182 B URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/polyfill.js
IP 46.20.206.52:0
Hash 6b7f8e85fb1346fda2c1e59d77e92ba8
461d736444c0c3b9a6809b905371486b42f8e853
b383d9f34eb488bc226039331ffffd5510a05b7538de5548147dc2d5e05c7d93
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/polyfill.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 182
portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js
46.20.206.52200 OK 4.4 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (12690)
Hash a34cd21ef037c15c7be9ea56e482ede7
d80d138f9cea937a39847d1d5ea4122da3a0ca19
2cfd84a7e2f1ee23bd1acc5bb01ef7cdd9f81f2ca5b18faec8916aa53027f662
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendorsbrowser-deprecation-banner.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 4380
push.services.mozilla.com/
52.38.146.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.146.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NBZUWtzmkijDau8u8dfg6g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RwUSV1DEBIBmdpCMnOhYzFDAPMc=
portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js
46.20.206.52200 OK 14 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (55940)
Hash 4721a7b85fd33709b63b5d4f0ee3e8c2
129f424399dd1a25897e12e77a996279b20a7e7f
934384d99f90f649c1d1bf4a9ec04c40f761f8255b513f0a3a043911560f3209
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendorsheader-cart.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 13786
portal.alri.tj/wp-includes/index_files/uxcore2.css
46.20.206.52200 OK 36 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/uxcore2.css
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 1e8752866af62bef73c8eea0f413dd24
3a768285fffe8da79a9cee7982e6d7d28f201a49
67bc6064af7ac2fe317dd66371db05fb7ee1afcb296756529c4513e082ed3047
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
GET /wp-includes/index_files/uxcore2.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:42 GMT
Content-Length: 36322
portal.alri.tj/wp-includes/index_files/tti.js
46.20.206.52200 OK 7.7 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/tti.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (17769)
Hash 241198855ad46b19c1ac550c2d402fb7
2d0269484b478cd2669e57ed04eaa78b4d0d64ac
01bec00d342153a0455fe6f03d596817f97bea9c1b28d81aa7ae085fe5d8a6d5
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/tti.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 7661
portal.alri.tj/wp-includes/index_files/tcc.js
46.20.206.52200 OK 26 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/tcc.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c5ecbdd265654f9303efe80e0130adc7
d4eec7bc899360324b999832661177bb872ed6f9
b22938a75a39eb2e127752a609271cda84c4581955289dce1da72ddf213db3a1
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/tcc.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 25931
portal.alri.tj/wp-includes/index_files/heartbeat.js
46.20.206.52200 OK 1.5 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/heartbeat.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (2577)
Hash 2f8fd474adbe4815282d788974c94319
3ea112fff5fcb9ba84d5ea8546686b42ab9ceb89
02ded1490d86402401a1ac8e686beb20f4bf53e9b7625eabf6904fdcca021878
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/heartbeat.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cccd50cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 1495
portal.alri.tj/wp-includes/index_files/utilityheader.js
46.20.206.52200 OK 41 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/utilityheader.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Hash 3c13e50e6cde6fe7c5954e3e14d361fa
88f51c5a72131432443b68a7483fdb2c4be0ad53
c9e31bbf33960779196f8cede97d956a6887b6d7828eaf9226a06ad0db6f1fe6
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/utilityheader.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 41080
portal.alri.tj/wp-includes/index_files/splitio.js
46.20.206.52200 OK 57 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/splitio.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (65504), with no line terminators
Hash 96a94623e8f33f9dd6b5c4c705683f3c
1f63f7dd0a9ba68312509135f057c14da4eeb3f8
3f4ee27ffbe3c4724c21d7a4d21cb259eecd7907f6dce190648ecfe59de34423
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/splitio.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 56791
portal.alri.tj/wp-includes/index_files/login-panel.js
46.20.206.52200 OK 121 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/login-panel.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (44600), with NEL line terminators
Size 121 kB (121341 bytes)
Hash b8f48b5a2a6a4281766ad378c866ebac
3325b3bcd00923b1a8f9be0e3a80a93d985e49f0
f317a6a3f19e93be3eea75bb10ce7814983de96519cb11755ffdd36862c5a056
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/login-panel.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 121341
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a14c22-5022-4263-af44-d51914a825ed.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a14c22-5022-4263-af44-d51914a825ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82729f01d4f9937407d14605a2b611f4
63ef739dbbcd1238da788c05909df21826d9f37b
4420ac61a207ef4d7899632123af2dd2c7421e6d16a494aea33383d37d603038
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a14c22-5022-4263-af44-d51914a825ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5871
x-amzn-requestid: 0c5fa60d-81f3-4796-966d-cf91b6a28939
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dDWefGstIAMF-zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63979df6-7234498f4094f61107741d1c;Sampled=0
x-amzn-remapped-date: Mon, 12 Dec 2022 21:32:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CxVd8_RIj3lEuDAyy9zMdU6jUrRHrosdRCMLCePbaILqq1vqlzvlJg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:47:05 GMT
age: 80920
etag: "63ef739dbbcd1238da788c05909df21826d9f37b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F622bf755-def0-4e51-bb28-27d9da812817.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F622bf755-def0-4e51-bb28-27d9da812817.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1cbf03520fcaf4f7e4d67ae4c5e9121c
16ad8a3292a2c80e13c934811b8741299dfcf7b1
9d4e37db254468ea92b877c709952ccff1d0397b7b46697e495512039ee435f8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F622bf755-def0-4e51-bb28-27d9da812817.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11657
x-amzn-requestid: f0eb41e2-34c3-4635-b6ce-c5197fa044f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw5BgGX0IAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903ba3-4db2921576de578c300b3237;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:07:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jwTBTRVgm1SNPBEU_32n5p_R-awdJFS49vYjJf0WqlSMxS0wMi7byw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 04:43:42 GMT
age: 55923
etag: "16ad8a3292a2c80e13c934811b8741299dfcf7b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba22bdf-55a7-4e1e-9034-79415392197a.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba22bdf-55a7-4e1e-9034-79415392197a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6788236cae1083aaf5a1cf95f1a6c9b
3825506ecfd360bf5352979023f445748373be3b
544d94a4896d3db29f3b6e518503f82776a3feaa55a5e9114b5572da1e667691
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba22bdf-55a7-4e1e-9034-79415392197a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9676
x-amzn-requestid: 6d84c903-9bdb-4255-8324-d87d99cd1979
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dDWgGHZZoAMFtwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63979e00-7964e1ca60e88ca45822b963;Sampled=0
x-amzn-remapped-date: Mon, 12 Dec 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: btTZz7Nxw4axn2z0AGHK8opfEpmDf7ezidoktYn-0AHOvA-DHVUBIQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:47:06 GMT
age: 80919
etag: "3825506ecfd360bf5352979023f445748373be3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 690133687ca909986a7ac4e919193bbb
9f36b8f5cd7f540d18318c0b8ca55d40e85ed1d4
d4913048b7f2b341c77a345420a855e6385e00c64ef30f6cf136ad16f6bda771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6711
x-amzn-requestid: ac93518c-b2e1-4995-9152-11c30c05cc9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c9h4oHmiIAMFXQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639549d0-5180e10e467c4c4c5e7fd1f4;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 03:09:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iPEuoDVSO2rNh9Y9VA2sYsfqtiMYPHJx2IQdW2Yevo2eqsch2MesJg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 03:38:02 GMT
age: 59863
etag: "9f36b8f5cd7f540d18318c0b8ca55d40e85ed1d4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc57568b-de5b-4cc8-9e29-a57a302df9b6.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc57568b-de5b-4cc8-9e29-a57a302df9b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9f8d3e3c9e5d2ed74c3894b4825fcc2f
6bbd19dbf5112b5c52a1ccbfff3c9d7d0ab030da
9e44f93e65206ae7095cf9177296f4f528f1c2597cffa4853b7d6dcabf032796
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc57568b-de5b-4cc8-9e29-a57a302df9b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5619
x-amzn-requestid: df7189d2-5cad-43a2-9511-20c5de53f710
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAEMPFCSIAMF4uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d81-729683c606fd6abc5bc70534;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2pga97qYwh0G0tlQvRwkVvA3Xm9yynDBhOATBNKLFk1IxG5PBgv4fw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:58:39 GMT
age: 80226
etag: "6bbd19dbf5112b5c52a1ccbfff3c9d7d0ab030da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefb81a20-e06f-4f47-bfa8-916a4837d754.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefb81a20-e06f-4f47-bfa8-916a4837d754.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 703d359edb819eaefc6ccae224bbde15
4b8d7b5ff7cf1333bd0019b2d72cf2aadef6caf8
0452d24052bef979fd13f1a0fefb4c7803ff91c5afa3c871f85b73eb08f15489
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefb81a20-e06f-4f47-bfa8-916a4837d754.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12144
x-amzn-requestid: 0d00ec22-808c-4f60-98b1-87eef4aad829
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c6n0yFORIAMFskA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394201e-58f1a5c87fc341bf56fa9d68;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 05:58:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sW4dQXExyH6JvbdtSgIPJUiifHh-VfbfcG5hKMaJ4tZA3pO-fobF6w==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 20:36:31 GMT
age: 85154
etag: "4b8d7b5ff7cf1333bd0019b2d72cf2aadef6caf8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/index_files/uxcore2.js
46.20.206.52200 OK 58 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/uxcore2.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash b0fb4831b9d584f58ac1e890011d61ad
9f6137a1ef2e99ac6ed46adf0ecff9b658fd920a
16512ae7171ad86228f5048eb3185a6f26b41c81208c295b116b6c1986fba9cc
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/uxcore2.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 57551
portal.alri.tj/wp-includes/index_files/vendor.js
46.20.206.52200 OK 62 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendor.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9c8025a4e11d26122f597a0bfdc4e979
d3bb644131d3eafb931e9a62898f3fc212063488
ff0957e05769a89e8c3e680580729152419ef453594b59d7467cb14488bbe93c
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendor.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 62134
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
95.101.10.131200 OK 27 kB URL HTTP/1.1 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Hash 1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:07 GMT
Accept-Ranges: bytes
ETag: "ec1d1690b07ad31:0"
Content-Length: 26620
Cache-Control: max-age=31536000
Expires: Wed, 13 Dec 2023 20:15:46 GMT
Date: Tue, 13 Dec 2022 20:15:46 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
95.101.10.131200 OK 26 kB URL HTTP/1.1 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Hash 5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:05 GMT
Accept-Ranges: bytes
ETag: "2a87a78eb07ad31:0"
Content-Length: 25832
Cache-Control: max-age=31536000
Expires: Wed, 13 Dec 2023 20:15:46 GMT
Date: Tue, 13 Dec 2022 20:15:46 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
img1.wsimg.com/ux/favicon/android-icon-192x192.png
95.101.10.131200 OK 3.9 kB URL HTTP/2 img1.wsimg.com/ux/favicon/android-icon-192x192.png
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash fcf2e3f67a6d5f477a77363355ca6131
365e6dec6683632d742993a1bffd1a8826459774
75687db078ab91e868922b75c8152cd2e0633be4ef46e21e7b86450458766cc7
GET /ux/favicon/android-icon-192x192.png HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Mon, 13 Jan 2020 21:50:05 GMT
accept-ranges: bytes
etag: "8024356a5bcad51:0"
content-length: 3875
unused62: 8096267
x-edgeconnect-cache-status: 1
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:46 GMT
date: Tue, 13 Dec 2022 20:15:46 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js
95.101.10.131200 OK 6.3 kB URL HTTP/2 img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (17769)
Hash a6cc9752a2019e0395a80869ded57529
0698f5f504cbef454fb3c9fc5027b8d38f14c14c
618553560f09815c349038dce26a0eee4db74aad5078ce4ae267fde303aee17d
GET /wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: pYhfZEUzxCpqib8fFE8WCO1Fh+dgDaGHVl5JfafXqhR9YXhhgTWoUVTPKKH3WFjkivFPVC9Or/Q=
x-amz-request-id: R99BZZ2G0JSHQY43
last-modified: Fri, 08 Nov 2019 23:54:02 GMT
etag: "ee768b37adbe1f761458e24514bec4b1"
x-amz-server-side-encryption: AES256
x-amz-version-id: B3EGsm1LpWxPXmGYQbjAOuKrVNPUh8a2
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:47 GMT
date: Tue, 13 Dec 2022 20:15:47 GMT
content-length: 6288
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/auth/v1/static/2808/img/favicon.ico
95.101.10.131404 Not Found 153 B URL HTTP/2 img1.wsimg.com/auth/v1/static/2808/img/favicon.ico
IP 95.101.10.131:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ac5ea41aae137cead073d37a7bb732bc
85bde4b57e1f38bd7ff0e6cf4b6ac5f626a5fbae
fcdc802dabd14bed15efb9235ee0decac4adb6908dca03eeba74e2bf8f4eb5a7
GET /auth/v1/static/2808/img/favicon.ico HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
content-length: 153
pragma: no-cache
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:47 GMT
date: Tue, 13 Dec 2022 20:15:47 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2