Report - portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

Report Overview

Submitted URL
portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
IP
46.20.206.52
ASN
#24722 LLC Babilon-T
Submitted
2022-12-13 20:15:55
Access
Website Title
Final URL
Tags
godaddy domain_registrar
urlquery detections
Phishing - GoDaddy

Detections

urlquery
29
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413 B	5.8 kB	34.160.144.191
img1.wsimg.com	9893	2012-06-20T16:42:31Z	2023-03-07T09:07:45Z	3.9 kB	171 kB	95.101.10.131
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606 B	127 B	52.38.146.2
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T05:09:25Z	3.2 kB	58 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2.4 kB	6.2 kB	23.36.76.226
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333 B	391 B	34.117.237.239
portal.alri.tj	unknown	2021-05-24T11:15:08Z	2023-02-01T08:50:24Z	5.7 kB	470 kB	46.20.206.52
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T05:22:46Z	341 B	797 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/polyfill.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/tti.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/tcc.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/heartbeat.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/utilityheader.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/splitio.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/login-panel.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/uxcore2.js	Phishing
2022-12-13	medium	portal.alri.tj/wp-includes/index_files/vendor.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4	551 B	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4 IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 8b676c0fa98f075299c0483119178c41 30ef607678ac0828170b0498fc88cd778cb10468 77d05b3d82c21790d8d950fba12450d48b66ab2b7b644f0504fe3365df927fd8 Loading...

	portal.alri.tj/wp-includes/index_files/utilityheader.js	176 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/utilityheader.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 85e8d69db652be142f113338d342ed54 83c050336e4ede2e98675772ff4fb036cde1657d 5cacc750ef66c6933cbeb75b6017e66e6ce41bb976c24d6684a08b598ed8848b Loading...

	portal.alri.tj/wp-includes/index_files/uxcore2.js	248 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/uxcore2.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 328c4749c0e4152201af6aaa3ad9d33d ead63cfde6771523d21a20db743d853abc4a3fc5 389f2af2c92c791b28b71c6838ef52152e5e47852cb87d196f1668e9b7e2f6f7 Loading...

	portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4	454 B	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4 IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash d44fc1b1a79409b7030831135d92f2b2 cca9ae21cf32d432ec30cc860d3a2d7248592012 07abae8024ac8f90c91dbd751f37888da813307942f9e83a23894e4544a77c67 Loading...

	portal.alri.tj/wp-includes/index_files/tti.js	18 kB	2023-03-09	2024-04-04
Pretty URL portal.alri.tj/wp-includes/index_files/tti.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2024-04-04 07:18:56 Times Seen12 Hash ee768b37adbe1f761458e24514bec4b1 7e08713114ade604a019da9e341397efa1713285 1ac5527afdcca2a3e9d07083bc5c79ac8143a72efa75b9a211dcfebcb58a01dd Loading...

	portal.alri.tj/wp-includes/index_files/polyfill.js	72 B	2023-03-07	2024-04-26
Pretty URL portal.alri.tj/wp-includes/index_files/polyfill.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:35 Last Seen2024-04-26 17:55:07 Times Seen291 Hash 7bf5fb2fd30cea050be6a48b90343984 e3d8fc7eec3e4338218b844d40a1ae86cc8581c6 aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11 Loading...

	portal.alri.tj/wp-includes/index_files/splitio.js	190 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/splitio.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:34 Times Seen1 Hash 153b0ee5f69840fe239a01574097118b 07f98cd0b54ac0d77fe31a71885d68b479d7d140 7f74b86a7005056f8ae26abf869dac3e8feec06d6fd4bffa4ecaf4d322c666eb Loading...

	portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4	28 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4 IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash db96d581156e1275e1e877ef2e9673b8 2bc970e81c055423fde80f6ef8fe501863fcf0f6 05a4e8e9c9811572526ec94424041d92d9b886b3bddb031d6146cc1b9a6c5ac4 Loading...

	portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js	56 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:34 Times Seen1 Hash 8c9a028515e67aa81e7d65b51cedc150 662e8038f7e03982a6a7f38b1ca9166a09458651 ddd664aff11d41d842db55bae887e331042a6f596acfc24d06121a86cac0d005 Loading...

	portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4	912 B	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4 IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 434e563fc881b922df3dc028771f135f ac02844c25a7ffe558f3f73afcd76f1bd4828cf9 ae032dd70151fc5083321e2b1f568005e6d5162497a59efdb205b3406d54bbb7 Loading...

	portal.alri.tj/wp-includes/index_files/vendor.js	227 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/vendor.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 8cb36bd60ad5db1a5950fb0863a1627c b291a9022530c0fb283a4435340bff14c938c77b 2ded7c7b8ce3c10842fb6d0527a098f2cde9e15f38cb7e723a04a2dbf55419d2 Loading...

	portal.alri.tj/wp-includes/index_files/heartbeat.js	2.6 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/heartbeat.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 4a3e8d4a329e0cbc5c9e16996cb9b3f7 e33676bbf017e1aada0e0e3fad91ff276c861c51 192491b286f108eaf8039bee71fcf5e0e6bea567bd040177b004e74c6de324b9 Loading...

	portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js	13 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 599b3646ebe5a1c1c889bccc25665723 b307565caa3c525a77e1bf28592a82322666b718 d2535d155f019501ac81eab310179be89176f8e0335b36d2a0429d2bb4312ab3 Loading...

	portal.alri.tj/wp-includes/index_files/tcc.js	106 kB	2023-03-09	2023-03-13
Pretty URL portal.alri.tj/wp-includes/index_files/tcc.js IP 46.20.206.52 ASN #24722 LLC Babilon-T Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:05:56 Last Seen2023-03-13 09:50:35 Times Seen1 Hash 2714b93c0d2f5b2a74612d3fd67bd8ec 158ffac0452767dceba67677509fed888daf02a4 189e31cf2cc7e6a7130a35b90507751d07511f4a837a1d19b028414bf7282231 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 21:37:44 Times Seen37101573 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (42)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3c0c53379f331e934f61070074d41035
420f6e542cbf741838566f22e475a80e2f600d21
4b7213ec107cdf1c2cd61a124453fb682ec291af0004d071105c87e2fe7528f5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B7213EC107CDF1C2CD61A124453FB682EC291AF0004D071105C87E2FE7528F5"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5453
Expires: Tue, 13 Dec 2022 21:46:36 GMT
Date: Tue, 13 Dec 2022 20:15:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b642ec5702fb818c5d1c67168cc68fdb
015146489a8e7fcb4ba0ba74cfe757a072705f93
4846d047a23903856bd113d02639ce7e08a1e40030151d302295b2d12df98ffc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4846D047A23903856BD113D02639CE7E08A1E40030151D302295B2D12DF98FFC"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6632
Expires: Tue, 13 Dec 2022 22:06:15 GMT
Date: Tue, 13 Dec 2022 20:15:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d29881eeb0456eff8cf415ad2ce64ba0
e3cfdd5f56ff88066257ec8f4726f53e3a733bd3
2cd90072f113163f976ddb8bc7017884efd3f764e7e8961b04e3ba5ec0a17d85

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CD90072F113163F976DDB8BC7017884EFD3F764E7E8961B04E3BA5EC0A17D85"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6523
Expires: Tue, 13 Dec 2022 22:04:26 GMT
Date: Tue, 13 Dec 2022 20:15:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 13 Dec 2022 20:08:47 GMT
content-type: application/json
age: 416
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: CzpfEKBD1UZEpRE1zYeL8nFXvpOpnrOwtfpdiSDxF6cQltNhnUglyzQY5/aJh6A5NYGIu4AHfSc=
x-amz-request-id: 9S54WQ9CDVH6S64X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 13 Dec 2022 19:50:11 GMT
age: 1532
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 13 Dec 2022 20:15:43 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2

95.101.10.131

200 OK

12 kB

URL HTTP/2
img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 12096, version 1.0\012- data
Size
12 kB (12096 bytes)
Hash
4810a19d6fb1d3244fc70cf4de1fafe7
d6e5165c861b57f74d97fb30dc1b3286dcc49c76
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5

HTTP Headers

GET /ux/fonts/uxfont/2.0/uxfont.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Tue, 01 Oct 2019 21:51:42 GMT
accept-ranges: bytes
etag: "f46b9269a278d51:0"
content-length: 12096
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2

95.101.10.131

200 OK

27 kB

URL HTTP/2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Size
27 kB (26620 bytes)
Hash
1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70

HTTP Headers

GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:07 GMT
accept-ranges: bytes
etag: "ec1d1690b07ad31:0"
content-length: 26620
unused62: 8096267
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2

95.101.10.131

200 OK

40 kB

URL HTTP/2
img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), CFF, length 40132, version 1.66\012- data
Size
40 kB (40132 bytes)
Hash
162c9e176014c90e76618bd4b7a8a3f0
7fec64f1167b3086a533379a307f257eb777c129
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be

HTTP Headers

GET /ux/fonts/gd-sage/1.0/gd-sage-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 04 Apr 2019 17:08:28 GMT
accept-ranges: bytes
etag: "36811569ebd41:0"
content-length: 40132
unused62: 8096267
x-edgeconnect-cache-status: 1
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2

95.101.10.131

200 OK

26 kB

URL HTTP/2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Size
26 kB (25832 bytes)
Hash
5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270

HTTP Headers

GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:05 GMT
accept-ranges: bytes
etag: "2a87a78eb07ad31:0"
content-length: 25832
unused62: 8096267
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:43 GMT
date: Tue, 13 Dec 2022 20:15:43 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

portal.alri.tj/wp-includes/index_files/utilityheader.css

46.20.206.52

200 OK

10 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/utilityheader.css
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text, with very long lines (65536), with no line terminators
Size
10 kB (10473 bytes)
Hash
5af50066b71c93aecc4658970a49018f
724463931f27c2cd844407d09ed3565649f2ee8f
dc15fcb1147f15eb64d13edde5e1d7b52d1c2064a25075dc0642808afd8465d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy

HTTP Headers

GET /wp-includes/index_files/utilityheader.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 10473

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 13 Dec 2022 20:07:57 GMT
age: 467
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

46.20.206.52

200 OK

26 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (27098), with CRLF line terminators
Size
26 kB (26182 bytes)
Hash
1df639c8783038f88804971d40438d3c
f60f6331acc79d354755ffc893256ccc7513cac9
925ea716248668935ff736c9b743d66d3b4c259f32b70a77a522ea2846bf0626

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy

HTTP Headers

GET /wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4 HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.3.1, ASP.NET
Date: Tue, 13 Dec 2022 20:15:42 GMT
Content-Length: 26182

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
de9e80c3bbe25e8623562110be8b8c9c
013f87db47c4ce3daf3380bc5e0ac3b1b496fe6f
792d587777c03d661a39a0593b71b3ec7611cb6e9d7a834bc79f28e6ace19692

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5591
Cache-Control: max-age=138259
Content-Type: application/ocsp-response
Date: Tue, 13 Dec 2022 20:15:44 GMT
Etag: "639840ac-1d7"
Expires: Thu, 15 Dec 2022 10:40:03 GMT
Last-Modified: Tue, 13 Dec 2022 09:06:52 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

portal.alri.tj/wp-includes/index_files/polyfill.js

46.20.206.52

200 OK

182 B

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/polyfill.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text
Size
182 B (182 bytes)
Hash
6b7f8e85fb1346fda2c1e59d77e92ba8
461d736444c0c3b9a6809b905371486b42f8e853
b383d9f34eb488bc226039331ffffd5510a05b7538de5548147dc2d5e05c7d93

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/polyfill.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 182

portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js

46.20.206.52

200 OK

4.4 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text, with very long lines (12690)
Size
4.4 kB (4380 bytes)
Hash
a34cd21ef037c15c7be9ea56e482ede7
d80d138f9cea937a39847d1d5ea4122da3a0ca19
2cfd84a7e2f1ee23bd1acc5bb01ef7cdd9f81f2ca5b18faec8916aa53027f662

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/vendorsbrowser-deprecation-banner.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 4380

push.services.mozilla.com/

52.38.146.2

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.38.146.2:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NBZUWtzmkijDau8u8dfg6g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RwUSV1DEBIBmdpCMnOhYzFDAPMc=

portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js

46.20.206.52

200 OK

14 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
Unicode text, UTF-8 text, with very long lines (55940)
Size
14 kB (13786 bytes)
Hash
4721a7b85fd33709b63b5d4f0ee3e8c2
129f424399dd1a25897e12e77a996279b20a7e7f
934384d99f90f649c1d1bf4a9ec04c40f761f8255b513f0a3a043911560f3209

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/vendorsheader-cart.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 13786

portal.alri.tj/wp-includes/index_files/uxcore2.css

46.20.206.52

200 OK

36 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/uxcore2.css
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
36 kB (36322 bytes)
Hash
1e8752866af62bef73c8eea0f413dd24
3a768285fffe8da79a9cee7982e6d7d28f201a49
67bc6064af7ac2fe317dd66371db05fb7ee1afcb296756529c4513e082ed3047

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy

HTTP Headers

GET /wp-includes/index_files/uxcore2.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:42 GMT
Content-Length: 36322

portal.alri.tj/wp-includes/index_files/tti.js

46.20.206.52

200 OK

7.7 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/tti.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text, with very long lines (17769)
Size
7.7 kB (7661 bytes)
Hash
241198855ad46b19c1ac550c2d402fb7
2d0269484b478cd2669e57ed04eaa78b4d0d64ac
01bec00d342153a0455fe6f03d596817f97bea9c1b28d81aa7ae085fe5d8a6d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/tti.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 7661

portal.alri.tj/wp-includes/index_files/tcc.js

46.20.206.52

200 OK

26 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/tcc.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25931 bytes)
Hash
c5ecbdd265654f9303efe80e0130adc7
d4eec7bc899360324b999832661177bb872ed6f9
b22938a75a39eb2e127752a609271cda84c4581955289dce1da72ddf213db3a1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/tcc.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 25931

portal.alri.tj/wp-includes/index_files/heartbeat.js

46.20.206.52

200 OK

1.5 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/heartbeat.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text, with very long lines (2577)
Size
1.5 kB (1495 bytes)
Hash
2f8fd474adbe4815282d788974c94319
3ea112fff5fcb9ba84d5ea8546686b42ab9ceb89
02ded1490d86402401a1ac8e686beb20f4bf53e9b7625eabf6904fdcca021878

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/heartbeat.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cccd50cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 1495

portal.alri.tj/wp-includes/index_files/utilityheader.js

46.20.206.52

200 OK

41 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/utilityheader.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Size
41 kB (41080 bytes)
Hash
3c13e50e6cde6fe7c5954e3e14d361fa
88f51c5a72131432443b68a7483fdb2c4be0ad53
c9e31bbf33960779196f8cede97d956a6887b6d7828eaf9226a06ad0db6f1fe6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/utilityheader.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 41080

portal.alri.tj/wp-includes/index_files/splitio.js

46.20.206.52

200 OK

57 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/splitio.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
Unicode text, UTF-8 text, with very long lines (65504), with no line terminators
Size
57 kB (56791 bytes)
Hash
96a94623e8f33f9dd6b5c4c705683f3c
1f63f7dd0a9ba68312509135f057c14da4eeb3f8
3f4ee27ffbe3c4724c21d7a4d21cb259eecd7907f6dce190648ecfe59de34423

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/splitio.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 56791

portal.alri.tj/wp-includes/index_files/login-panel.js

46.20.206.52

200 OK

121 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/login-panel.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
Unicode text, UTF-8 text, with very long lines (44600), with NEL line terminators
Size
121 kB (121341 bytes)
Hash
b8f48b5a2a6a4281766ad378c866ebac
3325b3bcd00923b1a8f9be0e3a80a93d985e49f0
f317a6a3f19e93be3eea75bb10ce7814983de96519cb11755ffdd36862c5a056

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/login-panel.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:44 GMT
Content-Length: 121341

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
08f7321e01de2d111fc8100424937061
01ea459fe9270ea25e3cec2228d1cf3cd61d80b8
36ca62b5281e0d5434f0bf6119b2074eb05f5336db3113b5556d2a4273ed2816

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36CA62B5281E0D5434F0BF6119B2074EB05F5336DB3113B5556D2A4273ED2816"
Last-Modified: Mon, 12 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14999
Expires: Wed, 14 Dec 2022 00:25:44 GMT
Date: Tue, 13 Dec 2022 20:15:45 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a14c22-5022-4263-af44-d51914a825ed.jpeg

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a14c22-5022-4263-af44-d51914a825ed.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5871 bytes)
Hash
82729f01d4f9937407d14605a2b611f4
63ef739dbbcd1238da788c05909df21826d9f37b
4420ac61a207ef4d7899632123af2dd2c7421e6d16a494aea33383d37d603038

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a14c22-5022-4263-af44-d51914a825ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5871
x-amzn-requestid: 0c5fa60d-81f3-4796-966d-cf91b6a28939
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dDWefGstIAMF-zA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63979df6-7234498f4094f61107741d1c;Sampled=0
x-amzn-remapped-date: Mon, 12 Dec 2022 21:32:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CxVd8_RIj3lEuDAyy9zMdU6jUrRHrosdRCMLCePbaILqq1vqlzvlJg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:47:05 GMT
age: 80920
etag: "63ef739dbbcd1238da788c05909df21826d9f37b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F622bf755-def0-4e51-bb28-27d9da812817.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11657 bytes)
Hash
1cbf03520fcaf4f7e4d67ae4c5e9121c
16ad8a3292a2c80e13c934811b8741299dfcf7b1
9d4e37db254468ea92b877c709952ccff1d0397b7b46697e495512039ee435f8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F622bf755-def0-4e51-bb28-27d9da812817.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11657
x-amzn-requestid: f0eb41e2-34c3-4635-b6ce-c5197fa044f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw5BgGX0IAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903ba3-4db2921576de578c300b3237;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:07:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jwTBTRVgm1SNPBEU_32n5p_R-awdJFS49vYjJf0WqlSMxS0wMi7byw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 04:43:42 GMT
age: 55923
etag: "16ad8a3292a2c80e13c934811b8741299dfcf7b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba22bdf-55a7-4e1e-9034-79415392197a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9676 bytes)
Hash
e6788236cae1083aaf5a1cf95f1a6c9b
3825506ecfd360bf5352979023f445748373be3b
544d94a4896d3db29f3b6e518503f82776a3feaa55a5e9114b5572da1e667691

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba22bdf-55a7-4e1e-9034-79415392197a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9676
x-amzn-requestid: 6d84c903-9bdb-4255-8324-d87d99cd1979
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dDWgGHZZoAMFtwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63979e00-7964e1ca60e88ca45822b963;Sampled=0
x-amzn-remapped-date: Mon, 12 Dec 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: btTZz7Nxw4axn2z0AGHK8opfEpmDf7ezidoktYn-0AHOvA-DHVUBIQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:47:06 GMT
age: 80919
etag: "3825506ecfd360bf5352979023f445748373be3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6711 bytes)
Hash
690133687ca909986a7ac4e919193bbb
9f36b8f5cd7f540d18318c0b8ca55d40e85ed1d4
d4913048b7f2b341c77a345420a855e6385e00c64ef30f6cf136ad16f6bda771

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3319031c-7524-4aba-998b-86a7b8a1132f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6711
x-amzn-requestid: ac93518c-b2e1-4995-9152-11c30c05cc9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c9h4oHmiIAMFXQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639549d0-5180e10e467c4c4c5e7fd1f4;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 03:09:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iPEuoDVSO2rNh9Y9VA2sYsfqtiMYPHJx2IQdW2Yevo2eqsch2MesJg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Dec 2022 03:38:02 GMT
age: 59863
etag: "9f36b8f5cd7f540d18318c0b8ca55d40e85ed1d4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc57568b-de5b-4cc8-9e29-a57a302df9b6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5619 bytes)
Hash
9f8d3e3c9e5d2ed74c3894b4825fcc2f
6bbd19dbf5112b5c52a1ccbfff3c9d7d0ab030da
9e44f93e65206ae7095cf9177296f4f528f1c2597cffa4853b7d6dcabf032796

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc57568b-de5b-4cc8-9e29-a57a302df9b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5619
x-amzn-requestid: df7189d2-5cad-43a2-9511-20c5de53f710
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dAEMPFCSIAMF4uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63964d81-729683c606fd6abc5bc70534;Sampled=0
x-amzn-remapped-date: Sun, 11 Dec 2022 21:37:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2pga97qYwh0G0tlQvRwkVvA3Xm9yynDBhOATBNKLFk1IxG5PBgv4fw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:58:39 GMT
age: 80226
etag: "6bbd19dbf5112b5c52a1ccbfff3c9d7d0ab030da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefb81a20-e06f-4f47-bfa8-916a4837d754.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12144 bytes)
Hash
703d359edb819eaefc6ccae224bbde15
4b8d7b5ff7cf1333bd0019b2d72cf2aadef6caf8
0452d24052bef979fd13f1a0fefb4c7803ff91c5afa3c871f85b73eb08f15489

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefb81a20-e06f-4f47-bfa8-916a4837d754.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12144
x-amzn-requestid: 0d00ec22-808c-4f60-98b1-87eef4aad829
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c6n0yFORIAMFskA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6394201e-58f1a5c87fc341bf56fa9d68;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 05:58:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sW4dQXExyH6JvbdtSgIPJUiifHh-VfbfcG5hKMaJ4tZA3pO-fobF6w==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 20:36:31 GMT
age: 85154
etag: "4b8d7b5ff7cf1333bd0019b2d72cf2aadef6caf8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

portal.alri.tj/wp-includes/index_files/uxcore2.js

46.20.206.52

200 OK

58 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/uxcore2.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
58 kB (57551 bytes)
Hash
b0fb4831b9d584f58ac1e890011d61ad
9f6137a1ef2e99ac6ed46adf0ecff9b658fd920a
16512ae7171ad86228f5048eb3185a6f26b41c81208c295b116b6c1986fba9cc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/uxcore2.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 57551

portal.alri.tj/wp-includes/index_files/vendor.js

46.20.206.52

200 OK

62 kB

URL HTTP/1.1
portal.alri.tj/wp-includes/index_files/vendor.js
IP
46.20.206.52:0
ASN
#24722 LLC Babilon-T

File type
ASCII text, with very long lines (65536), with no line terminators
Size
62 kB (62134 bytes)
Hash
9c8025a4e11d26122f597a0bfdc4e979
d3bb644131d3eafb931e9a62898f3fc212063488
ff0957e05769a89e8c3e680580729152419ef453594b59d7467cb14488bbe93c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - GoDaddy
urlquery	phishing	Phishing - GoDaddy
fortinet	Phishing

HTTP Headers

GET /wp-includes/index_files/vendor.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=OTc4MDgyMzE4OTc4MDgyMzE4&session=OTc4MDgyMzE4OTc4MDgyMzE4

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 13 Dec 2022 20:15:43 GMT
Content-Length: 62134

img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2

95.101.10.131

200 OK

27 kB

URL HTTP/1.1
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Size
27 kB (26620 bytes)
Hash
1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70

HTTP Headers

GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/

HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:07 GMT
Accept-Ranges: bytes
ETag: "ec1d1690b07ad31:0"
Content-Length: 26620
Cache-Control: max-age=31536000
Expires: Wed, 13 Dec 2023 20:15:46 GMT
Date: Tue, 13 Dec 2022 20:15:46 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *

img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2

95.101.10.131

200 OK

26 kB

URL HTTP/1.1
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Size
26 kB (25832 bytes)
Hash
5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270

HTTP Headers

GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/

HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:05 GMT
Accept-Ranges: bytes
ETag: "2a87a78eb07ad31:0"
Content-Length: 25832
Cache-Control: max-age=31536000
Expires: Wed, 13 Dec 2023 20:15:46 GMT
Date: Tue, 13 Dec 2022 20:15:46 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *

img1.wsimg.com/ux/favicon/android-icon-192x192.png

95.101.10.131

200 OK

3.9 kB

URL HTTP/2
img1.wsimg.com/ux/favicon/android-icon-192x192.png
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
3.9 kB (3875 bytes)
Hash
fcf2e3f67a6d5f477a77363355ca6131
365e6dec6683632d742993a1bffd1a8826459774
75687db078ab91e868922b75c8152cd2e0633be4ef46e21e7b86450458766cc7

HTTP Headers

GET /ux/favicon/android-icon-192x192.png HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/png
last-modified: Mon, 13 Jan 2020 21:50:05 GMT
accept-ranges: bytes
etag: "8024356a5bcad51:0"
content-length: 3875
unused62: 8096267
x-edgeconnect-cache-status: 1
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:46 GMT
date: Tue, 13 Dec 2022 20:15:46 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js

95.101.10.131

200 OK

6.3 kB

URL HTTP/2
img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (17769)
Size
6.3 kB (6288 bytes)
Hash
a6cc9752a2019e0395a80869ded57529
0698f5f504cbef454fb3c9fc5027b8d38f14c14c
618553560f09815c349038dce26a0eee4db74aad5078ce4ae267fde303aee17d

HTTP Headers

GET /wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: pYhfZEUzxCpqib8fFE8WCO1Fh+dgDaGHVl5JfafXqhR9YXhhgTWoUVTPKKH3WFjkivFPVC9Or/Q=
x-amz-request-id: R99BZZ2G0JSHQY43
last-modified: Fri, 08 Nov 2019 23:54:02 GMT
etag: "ee768b37adbe1f761458e24514bec4b1"
x-amz-server-side-encryption: AES256
x-amz-version-id: B3EGsm1LpWxPXmGYQbjAOuKrVNPUh8a2
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:47 GMT
date: Tue, 13 Dec 2022 20:15:47 GMT
content-length: 6288
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/auth/v1/static/2808/img/favicon.ico

95.101.10.131

404 Not Found

153 B

URL HTTP/2
img1.wsimg.com/auth/v1/static/2808/img/favicon.ico
IP
95.101.10.131:0
ASN
#20940 Akamai International B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
ac5ea41aae137cead073d37a7bb732bc
85bde4b57e1f38bd7ff0e6cf4b6ac5f626a5fbae
fcdc802dabd14bed15efb9235ee0decac4adb6908dca03eeba74e2bf8f4eb5a7

HTTP Headers

GET /auth/v1/static/2808/img/favicon.ico HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
content-length: 153
pragma: no-cache
cache-control: max-age=31536000
expires: Wed, 13 Dec 2023 20:15:47 GMT
date: Tue, 13 Dec 2022 20:15:47 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations