manager.principlerec.com/
51.79.11.195301 Moved Permanently 162 B URL HTTP/1.1 manager.principlerec.com/
IP 51.79.11.195:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 30 Nov 2022 04:01:51 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://manager.principlerec.com/
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5856
Expires: Wed, 30 Nov 2022 05:39:28 GMT
Date: Wed, 30 Nov 2022 04:01:52 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6125
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:01:52 GMT
Last-Modified: Wed, 30 Nov 2022 02:19:47 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10862
Expires: Wed, 30 Nov 2022 07:02:54 GMT
Date: Wed, 30 Nov 2022 04:01:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 03:19:39 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2533
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZxRbX+Wem3rWzmtyg59lYMpb0aGiIdCjKR2nDXgdOYbk/X7NmEIWLky11l8py35nXUo14x4sOE8=
x-amz-request-id: 0Y76D1FE6W3K4XV5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 03:45:04 GMT
age: 1008
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 03:11:13 GMT
cache-control: public,max-age=3600
age: 3039
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
manager.principlerec.com/
51.79.11.195302 Found 0 B URL HTTP/2 manager.principlerec.com/
IP 51.79.11.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Wed, 30 Nov 2022 04:01:52 GMT
content-type: text/html; charset=utf-8
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; expires=Wed, 30-Nov-2022 05:02:52 GMT; Max-Age=3660; path=/; HttpOnly
sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k; expires=Wed, 30-Nov-2022 12:01:52 GMT; Max-Age=28800; path=/; HttpOnly
location: https://manager.principlerec.com/authentication/login
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6125
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 04:01:52 GMT
Last-Modified: Wed, 30 Nov 2022 02:19:48 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
manager.principlerec.com/authentication/login
51.79.11.195200 OK 5.7 kB URL HTTP/2 manager.principlerec.com/authentication/login
IP 51.79.11.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (694), with CRLF, LF line terminators
Hash 86268ac315eb5194082efc1a99effb44
4e14f6ff6252f348103f4f150f277e8bbec1d00c
463184cf99c464f7830fae6c1b256b6933d10407c7916c56098655e9874c7de9
Analyzer Verdict Alert fortinet Malware
GET /authentication/login HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/html; charset=utf-8
content-length: 5669
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; expires=Wed, 30-Nov-2022 05:02:52 GMT; Max-Age=3660; path=/; HttpOnly
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.187.71.185101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.71.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NpbVRS/yqeFIcu4VN/5P1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: q0gvmOBhjV9MNoXzmDbW4DUnCKM=
manager.principlerec.com/assets/css/reset.min.css?v=2.9.3
51.79.11.195200 OK 514 B URL HTTP/2 manager.principlerec.com/assets/css/reset.min.css?v=2.9.3
IP 51.79.11.195:0
File type ASCII text, with very long lines (971), with no line terminators
Hash 71d0474794c4d99e89bc360c28340869
7d4c049a698d44dd686d0e4e93421e10fad3e6dc
0003da1c9ba6f1805b8f14780c117fbdf006c59c853271cc9d9a1842d91e9f31
Analyzer Verdict Alert fortinet Malware
GET /assets/css/reset.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
content-length: 514
x-accel-version: 0.01
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: "3cb-5d63ec6223400-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3
51.79.11.195200 OK 263 B URL HTTP/2 manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3
IP 51.79.11.195:0
Hash 04879b4eb221ad7eb1a2a173375d8ad5
555e74d1ea628bcbc63b6324c76a7c7ad706896b
14d4fff1afe0ab8a656924ee94a1f8055d97f11a6ca0033c2a222508528664ca
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/roboto/roboto.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
content-length: 263
x-accel-version: 0.01
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "3de-5d63ec7ebf780-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2
manager.principlerec.com/modules/si_custom_theme/assets/css/si_custom_theme_style_client.css
51.79.11.195200 OK 256 B URL HTTP/2 manager.principlerec.com/modules/si_custom_theme/assets/css/si_custom_theme_style_client.css
IP 51.79.11.195:0
File type ASCII text, with CRLF line terminators
Hash e78f90ceceaa16dfa97cfdab875d794a
437ed9709be6ff867be15219145d6afb92605ec0
2a1d866091103a74889174e59bf130eb5df5ec9c8b97ce3497e291b17b71ae07
GET /modules/si_custom_theme/assets/css/si_custom_theme_style_client.css HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
content-length: 256
x-accel-version: 0.01
last-modified: Thu, 03 Feb 2022 05:03:43 GMT
etag: "1ed-5d7160eed9239-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2
manager.principlerec.com/uploads/company/3d2f366f5c179c305aa1858670181546.png
51.79.11.195200 OK 2.8 kB URL HTTP/2 manager.principlerec.com/uploads/company/3d2f366f5c179c305aa1858670181546.png
IP 51.79.11.195:0
File type PNG image data, 300 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c25b4d0f9147abe0da70594276cfb72
239252dda90ee8ec10a0f487c264ea86e993d93c
2722b35637f92ef89b74218bde04c1435453fe28b16fa3e018ed24a2ddf62e7a
GET /uploads/company/3d2f366f5c179c305aa1858670181546.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: image/png
content-length: 2834
last-modified: Thu, 03 Feb 2022 04:57:51 GMT
etag: "61fb60cf-b12"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/roboto/fonts/Regular/Roboto-Regular.woff2?v=1.1.0
51.79.11.195200 OK 63 kB URL HTTP/2 manager.principlerec.com/assets/plugins/roboto/fonts/Regular/Roboto-Regular.woff2?v=1.1.0
IP 51.79.11.195:0
File type Web Open Font Format (Version 2), TrueType, length 63412, version 2.0\012- data
Hash bde1ca6a5d7cefc8108c75fdaad29ed6
1e042848a06b43a9369952c636bca41f95cfc316
cc7b26ac53700f78f8a452be6d14f14943e88dceb14edf64cddceba6e66f3f5e
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/roboto/fonts/Regular/Roboto-Regular.woff2?v=1.1.0 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: font/woff2
content-length: 63412
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-f7b4"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11664
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 04:01:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11664
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 04:01:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11664
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 04:01:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11664
Expires: Wed, 30 Nov 2022 07:16:18 GMT
Date: Wed, 30 Nov 2022 04:01:54 GMT
Connection: keep-alive
manager.principlerec.com/assets/css/bs-overides.min.css?v=2.9.3
51.79.11.195200 OK 10 kB URL HTTP/2 manager.principlerec.com/assets/css/bs-overides.min.css?v=2.9.3
IP 51.79.11.195:0
File type ASCII text, with very long lines (10848), with no line terminators
Hash 9b17d3371defa8f46e65afdcbba7bcc4
88ea420f44a9fb1d03d01b94af6be388d0fa737a
48838cb0ceb6b50fcd115c3f6c910e1401f2d7eaf548a993349eaeac974d5500
Analyzer Verdict Alert fortinet Malware
GET /assets/css/bs-overides.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: W/"61ed4650-2a60"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/themes/perfex/css/style.min.css?v=2.9.3
51.79.11.195200 OK 16 kB URL HTTP/2 manager.principlerec.com/assets/themes/perfex/css/style.min.css?v=2.9.3
IP 51.79.11.195:0
File type ASCII text, with very long lines (39843), with no line terminators
Hash d5981e532a3c974670b6c101bcad0f6b
f344bd91ae6238e22bbeef819f55c61e6323d34d
881824c6dbdc690b9d51f2c602cf08d4535812571f8cad95ad3836db740b3351
Analyzer Verdict Alert fortinet Malware
GET /assets/themes/perfex/css/style.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:48 GMT
etag: W/"61ed467c-9ba3"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9fb14804c284e300f976848e30396e9c
6004b4b7afd22dded903f026d245bc90a6706767
1cf96b0b6c83f182d018fa4ffb9924038bf282755091e7bacff2a624220260d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13195
x-amzn-requestid: 1303b72c-fe18-46a3-b3c1-06f3b8550d90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvHW6oAMFxgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1b3dbbb005a238117076d1f3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pw2Wm8mI8MxRAOVsdvvWLEuxPN5ffcgWBZ_KecuuS5stoTHF4hxECg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:33 GMT
age: 21201
etag: "6004b4b7afd22dded903f026d245bc90a6706767"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/bootstrap-select/css/bootstrap-select.min.css?v=2.9.3
51.79.11.195200 OK 9.7 kB URL HTTP/2 manager.principlerec.com/assets/plugins/bootstrap-select/css/bootstrap-select.min.css?v=2.9.3
IP 51.79.11.195:0
File type ASCII text, with very long lines (10879)
Hash b6770ce7663a7a9480b1f1757103fb3d
cad8e8c498c206ea5577d1dd849a912fb5e4ac73
01aff7e6fc4e986696258751e27e6239694cd51fb11fd52b9c41010641598f6e
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/bootstrap-select/css/bootstrap-select.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-2b6b"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 33ee67e62c49fc8d51f18df313002aac
3d8c927b6945d880f92d4e7a686cad5a9985e8ad
ba6e66e07cd93219926927fd2b468a92b8d02cc9bf1da0b3b9a3c48da160bbdc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9670
x-amzn-requestid: d9a529ac-9dc6-4e12-80c5-3250dc97e7bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcFiAoAMF0nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-116ddf09265d51523c3638b3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5BnByLndiK0korBr44MDgK6sgRBPooy2LE_2NjVIQhiTfmAdLupnZw==
via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:34 GMT
age: 22340
etag: "3d8c927b6945d880f92d4e7a686cad5a9985e8ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/datatables/datatables.min.css?v=2.9.3
51.79.11.195200 OK 11 kB URL HTTP/2 manager.principlerec.com/assets/plugins/datatables/datatables.min.css?v=2.9.3
IP 51.79.11.195:0
File type Unicode text, UTF-8 text, with very long lines (4327)
Hash 3c3f6e1da8cf4b47fdd0cd975379da58
2237c2ee2ba7ab7552b0ff9179bc7346a337d3c0
5c4185691bfe69f883ce55ef565deecc0a6cd8ed6d8c18cb4b4140accd33f42c
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/datatables/datatables.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-2000"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/uploads/company/favicon.png
51.79.11.195200 OK 1.9 kB URL HTTP/2 manager.principlerec.com/uploads/company/favicon.png
IP 51.79.11.195:0
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash c2207f41b6eeaceb6644e620e9fc1c72
118ad2f09337d01c630da2edc441861ac91eb3d0
800440321c485ba430c39e9717b8e2d6bba62c636c34dbc6b1433e0195fe443f
GET /uploads/company/favicon.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:54 GMT
content-type: image/png
content-length: 1866
last-modified: Thu, 03 Feb 2022 04:57:51 GMT
etag: "61fb60cf-74a"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/lightbox/images/prev.png
51.79.11.195200 OK 1.4 kB URL HTTP/2 manager.principlerec.com/assets/plugins/lightbox/images/prev.png
IP 51.79.11.195:0
File type PNG image data, 50 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 84b76dee6b27b795e89e3649078a11c2
6640a3432f7ba7aea6129cdf7a5d3eabd47c295c
7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2
GET /assets/plugins/lightbox/images/prev.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:54 GMT
content-type: image/png
content-length: 1360
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-550"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/lightbox/images/next.png
51.79.11.195200 OK 1.4 kB URL HTTP/2 manager.principlerec.com/assets/plugins/lightbox/images/next.png
IP 51.79.11.195:0
File type PNG image data, 50 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 31f15875975aab69085470aabbfec802
777e92c050f600b4519299c3d786b8f2f459fea4
15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a
GET /assets/plugins/lightbox/images/next.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:54 GMT
content-type: image/png
content-length: 1350
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-546"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/lightbox/images/loading.gif
51.79.11.195200 OK 8.5 kB URL HTTP/2 manager.principlerec.com/assets/plugins/lightbox/images/loading.gif
IP 51.79.11.195:0
File type GIF image data, version 89a, 32 x 32\012- data
Hash 2299ad0b3f63413f026dfec20c205b8f
cf720b50cf8dde0e1a84ce1c6a77788bfc5882d5
225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed
GET /assets/plugins/lightbox/images/loading.gif HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:54 GMT
content-type: image/gif
content-length: 8476
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-211c"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/roboto/fonts/Medium/Roboto-Medium.woff2?v=1.1.0
51.79.11.195200 OK 64 kB URL HTTP/2 manager.principlerec.com/assets/plugins/roboto/fonts/Medium/Roboto-Medium.woff2?v=1.1.0
IP 51.79.11.195:0
File type Web Open Font Format (Version 2), TrueType, length 63788, version 2.0\012- data
Hash 77c6e1606d99099a72efb51e2f5f679f
8ba4228923bd5e5c24035f1261ed20b6a7d8fc35
5efafd26d85f9d6c3340aa7b81aff0a4d9fe27d8f9ec9885565afb9fa2097d91
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/roboto/fonts/Medium/Roboto-Medium.woff2?v=1.1.0 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/roboto/roboto.css?v=2.9.3
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:54 GMT
content-type: font/woff2
content-length: 63788
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "61ed466e-f92c"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/lightbox/images/close.png
51.79.11.195200 OK 280 B URL HTTP/2 manager.principlerec.com/assets/plugins/lightbox/images/close.png
IP 51.79.11.195:0
File type PNG image data, 27 x 27, 8-bit colormap, non-interlaced\012- data
Hash d9d2d0b1308cb694aa8116915592e2a9
3ca48361cfe0e41163023d03c26296f375bb3eac
5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c
GET /assets/plugins/lightbox/images/close.png HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:54 GMT
content-type: image/png
content-length: 280
x-accel-version: 0.01
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: "118-5d63ec7ebf780"
accept-ranges: bytes
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.min.css?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.min.css?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/datetimepicker/jquery.datetimepicker.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-4077"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/font-awesome/css/font-awesome.min.css?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/font-awesome/css/font-awesome.min.css?v=2.9.3
IP 51.79.11.195:0
GET /assets/plugins/font-awesome/css/font-awesome.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:22 GMT
etag: W/"61ed4662-7918"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3
IP 51.79.11.195:0
GET /assets/plugins/jquery-validation/jquery.validate.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:30 GMT
etag: W/"61ed466a-5add"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/builds/bootstrap-select.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/builds/bootstrap-select.min.js?v=2.9.3
IP 51.79.11.195:0
GET /assets/builds/bootstrap-select.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: W/"61ed4650-10339"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/bootstrap/css/bootstrap.min.css?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/bootstrap/css/bootstrap.min.css?v=2.9.3
IP 51.79.11.195:0
GET /assets/plugins/bootstrap/css/bootstrap.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-1da71"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/datetimepicker/jquery.datetimepicker.full.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-ee46"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/datatables/datatables.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/datatables/datatables.min.js?v=2.9.3
IP 51.79.11.195:0
GET /assets/plugins/datatables/datatables.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:12 GMT
etag: W/"61ed4658-1f71f1"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/bootstrap/js/bootstrap.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-92e8"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/bootstrap-colorpicker/js/bootstrap-colorpicker.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-4914"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/lightbox/js/lightbox.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: W/"61ed466e-249c"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/lightbox/css/lightbox.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:34 GMT
etag: W/"61ed466e-b1e"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/bootstrap-colorpicker/css/bootstrap-colorpicker.min.css?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/bootstrap-colorpicker/css/bootstrap-colorpicker.min.css?v=2.9.3
IP 51.79.11.195:0
GET /assets/plugins/bootstrap-colorpicker/css/bootstrap-colorpicker.min.css?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: text/css
last-modified: Sun, 23 Jan 2022 12:13:06 GMT
etag: W/"61ed4652-f9d"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/Chart.js/Chart.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/Chart.js/Chart.min.js?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/Chart.js/Chart.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:10 GMT
etag: W/"61ed4656-244cb"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/themes/perfex/js/global.min.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/themes/perfex/js/global.min.js?v=2.9.3
IP 51.79.11.195:0
GET /assets/themes/perfex/js/global.min.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:48 GMT
etag: W/"61ed467c-7c6"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/plugins/jquery/jquery.min.js
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/plugins/jquery/jquery.min.js
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/plugins/jquery/jquery.min.js HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:28 GMT
etag: W/"61ed4668-152b5"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
manager.principlerec.com/assets/builds/common.js?v=2.9.3
51.79.11.195200 OK 0 B URL HTTP/2 manager.principlerec.com/assets/builds/common.js?v=2.9.3
IP 51.79.11.195:0
Analyzer Verdict Alert fortinet Malware
GET /assets/builds/common.js?v=2.9.3 HTTP/1.1
Host: manager.principlerec.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://manager.principlerec.com/authentication/login
Cookie: csrf_cookie_name=3af0ac61a787145d29317487ffe162e7; sp_session=8phjephphmrf5f1s77vp2k1ff0ov5h8k
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 04:01:53 GMT
content-type: application/javascript
last-modified: Sun, 23 Jan 2022 12:13:04 GMT
etag: W/"61ed4650-6c3d"
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2