r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7907
Expires: Sat, 28 Jan 2023 12:20:56 GMT
Date: Sat, 28 Jan 2023 10:09:09 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4785
Expires: Sat, 28 Jan 2023 11:28:54 GMT
Date: Sat, 28 Jan 2023 10:09:09 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3139
Expires: Sat, 28 Jan 2023 11:01:28 GMT
Date: Sat, 28 Jan 2023 10:09:09 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 09:43:05 GMT
content-type: application/json
age: 1564
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SsXIMbITMwfL9uozhIKQh9sBta645YTzsJRZEfCQVPRNPCjTnhyheT+ygFdtXMlQTm9DUzAGp/Rytxm8NYO0sw==
x-amz-request-id: EW63DR3ERGKS8AXR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 09:20:55 GMT
age: 2894
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
200 OK 26 kB URL HTTP/1.1 portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (27098), with CRLF line terminators
Hash 1df639c8783038f88804971d40438d3c
f60f6331acc79d354755ffc893256ccc7513cac9
925ea716248668935ff736c9b743d66d3b4c259f32b70a77a522ea2846bf0626
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
NIDS Severity Alert suricata high ET PHISHING Generic Phishkit Activity (GET)
GET /wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0 HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.3.1, ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 26182
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 10:09:10 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
200 OK 26 kB URL HTTP/2 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Hash 5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:05 GMT
accept-ranges: bytes
etag: "2a87a78eb07ad31:0"
content-length: 25832
cache-control: max-age=31536000
expires: Sun, 28 Jan 2024 10:09:10 GMT
date: Sat, 28 Jan 2023 10:09:10 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
200 OK 12 kB URL HTTP/2 img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
IP
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 12096, version 1.0\012- data
Hash 4810a19d6fb1d3244fc70cf4de1fafe7
d6e5165c861b57f74d97fb30dc1b3286dcc49c76
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5
GET /ux/fonts/uxfont/2.0/uxfont.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Tue, 01 Oct 2019 21:51:42 GMT
accept-ranges: bytes
etag: "f46b9269a278d51:0"
content-length: 12096
cache-control: max-age=31536000
expires: Sun, 28 Jan 2024 10:09:10 GMT
date: Sat, 28 Jan 2023 10:09:10 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
200 OK 40 kB URL HTTP/2 img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
IP
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 40132, version 1.66\012- data
Hash 162c9e176014c90e76618bd4b7a8a3f0
7fec64f1167b3086a533379a307f257eb777c129
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
GET /ux/fonts/gd-sage/1.0/gd-sage-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 04 Apr 2019 17:08:28 GMT
accept-ranges: bytes
etag: "36811569ebd41:0"
content-length: 40132
cache-control: max-age=31536000
expires: Sun, 28 Jan 2024 10:09:10 GMT
date: Sat, 28 Jan 2023 10:09:10 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
200 OK 27 kB URL HTTP/2 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Hash 1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:07 GMT
accept-ranges: bytes
etag: "ec1d1690b07ad31:0"
content-length: 26620
cache-control: max-age=31536000
expires: Sun, 28 Jan 2024 10:09:10 GMT
date: Sat, 28 Jan 2023 10:09:10 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/index_files/utilityheader.css
200 OK 16 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/utilityheader.css
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5147b071ece677709e8e508eb9de2633
54749ba62ef1773bf39610aacf86b738e187d685
470dd45f4f174e44d1b57c9ef6f9db3a6fe2c657a887ac9feedd1b29d64ba506
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
GET /wp-includes/index_files/utilityheader.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 15959
portal.alri.tj/wp-includes/index_files/polyfill.js
200 OK 182 B URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/polyfill.js
IP
Hash 6b7f8e85fb1346fda2c1e59d77e92ba8
461d736444c0c3b9a6809b905371486b42f8e853
b383d9f34eb488bc226039331ffffd5510a05b7538de5548147dc2d5e05c7d93
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/polyfill.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 182
portal.alri.tj/wp-includes/index_files/heartbeat.js
200 OK 1.5 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/heartbeat.js
IP
File type ASCII text, with very long lines (2577)
Hash 2f8fd474adbe4815282d788974c94319
3ea112fff5fcb9ba84d5ea8546686b42ab9ceb89
02ded1490d86402401a1ac8e686beb20f4bf53e9b7625eabf6904fdcca021878
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/heartbeat.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cccd50cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 1495
portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js
200 OK 5.2 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js
IP
File type ASCII text, with very long lines (12690)
Hash f7316524f7f3103b383adf3b8a74943d
2f9578bf4031150dfb4c3f340b7f1918dd3cae0f
b2142069329002d79684e4290e6c674a2b45e5156d093c328e0feb46696afaec
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendorsbrowser-deprecation-banner.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 5229
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 09:49:03 GMT
age: 1207
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/index_files/tcc.js
200 OK 35 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/tcc.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 672180e44a56107a517319808d5d24e5
9f133425890eb8a8d9978001f6d4f4ff1db6f9d9
a359fa952057eeb2d7a000816784e036a4eec5f569297790c2d19883f4a4de78
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/tcc.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 35422
portal.alri.tj/wp-includes/index_files/tti.js
200 OK 7.7 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/tti.js
IP
File type ASCII text, with very long lines (17769)
Hash 241198855ad46b19c1ac550c2d402fb7
2d0269484b478cd2669e57ed04eaa78b4d0d64ac
01bec00d342153a0455fe6f03d596817f97bea9c1b28d81aa7ae085fe5d8a6d5
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/tti.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 7661
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5636
Expires: Sat, 28 Jan 2023 11:43:06 GMT
Date: Sat, 28 Jan 2023 10:09:10 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3VpMhXizMoG5c+if3UewNg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nPqpY8MH+Mky7t9yAzl6mFRgxx8=
portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js
200 OK 18 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js
IP
File type Unicode text, UTF-8 text, with very long lines (55940)
Hash a25d9ce66ced104aca1e908d25b8d3cc
4b2466a4e1d82959fc475562fa5495dc65701aba
bc52e2dd183dab4332dd832c76a454adb6c6a807ecca7176ce4fa945b06788a2
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendorsheader-cart.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 17781
portal.alri.tj/wp-includes/index_files/uxcore2.css
200 OK 52 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/uxcore2.css
IP
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash f27faeeacb3053c93da2e5dfe87af3eb
bf1bb059aab56d8ac4681fdae646c9230733432c
dfefe14de6163c4ab7b29e55732ce3aae5f17717a51c0de9216172947c4e6a35
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
GET /wp-includes/index_files/uxcore2.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 51539
portal.alri.tj/wp-includes/index_files/vendor.js
200 OK 80 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendor.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1f6ecbce2b7453826da45043cc0e5380
ebe06523c31b0d69f109c5dda1390698beb16a8a
8e3cecb2d9b1cee6821e5f9757108ce6235aba1a798bef4503cc37fa2d23db3a
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendor.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
portal.alri.tj/wp-includes/index_files/splitio.js
200 OK 73 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/splitio.js
IP
File type Unicode text, UTF-8 text, with very long lines (65504), with no line terminators
Hash 7eb9b2b5613d4e36258ae24128046ae1
b255ecaad1f8b740c7708caa097a63a5afe10ec1
2bfae3b42f995c6382dd2d2577206b9b9453fed2ac409006eead6a06a67b6cdf
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/splitio.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
portal.alri.tj/wp-includes/index_files/uxcore2.js
200 OK 79 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/uxcore2.js
IP
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 716650a905d43164c293ac88ea2898ce
b9a66269e8b6033d2ed023b99784b62c7148a345
02140602c7bc258f701ff83036dff5991c0ef7449aa2d296c88a63befa45af41
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/uxcore2.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17327
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 10:09:12 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17327
Expires: Sat, 28 Jan 2023 14:57:59 GMT
Date: Sat, 28 Jan 2023 10:09:12 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 43946
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yEFlWGi3J14JLA0l2h02VlIqV8opHesKP6GOvfoP5Tp0m7dOYDxIGA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:59:32 GMT
age: 43780
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 18:36:01 GMT
age: 55991
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1WE1zQwrCGVy8HLT9_BFkAr6rQE_ROyttMOByR32KeT0w2Hd_ylvYQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:00 GMT
age: 42792
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 940946e65210c717266c3a64751f1b72
f0e66aeef0c72865d565f48b563f66a184b758a9
1d031b8a530a1e6d84d79fae891f023e1ab7646596c00c57d83cfffce1f6fdf5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5742
x-amzn-requestid: b22fd8a5-eefc-494e-a304-75b69eef069d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFr2GsdoAMFpqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8318-69b5e7c726fa92134d08c775;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xBpEdVPmvtXlsyGTvZCkIahK7_Ivhq4yswhw23ixIOH1zlgWPyLH9Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 01:14:42 GMT
age: 32070
etag: "f0e66aeef0c72865d565f48b563f66a184b758a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0856916fa7de25bdb308c04d0ae58180
72abe5101dc03c35399e6e5aab02328c206f480a
9b8c3380c842aa6de358def0d56263bafec61e37bc951a06c06e6953419e2804
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6733
x-amzn-requestid: cd0cc842-d109-42b4-9104-0cb48a964794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkGupoAMF3Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-14b754495bb33b0f5f0cd805;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q599noZ2W5oOkldsXrti4Fbu8JlpfKHbLCURsarLwPQP7GlcZSKI-A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:26 GMT
age: 42766
etag: "72abe5101dc03c35399e6e5aab02328c206f480a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/index_files/utilityheader.js
200 OK 56 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/utilityheader.js
IP
File type ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Hash 92e06357de9f7a76cf52d67859358eed
df37d567259fd61b52d1ff1436424b0f5f3eb34c
849b6f88ab8fae199c372fbfa739bd8f2db8b79d1f0bcfb959dff69ad7c19930
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/utilityheader.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:09 GMT
Content-Length: 55809
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
200 OK 27 kB URL HTTP/1.1 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Hash 1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:07 GMT
Accept-Ranges: bytes
ETag: "ec1d1690b07ad31:0"
Content-Length: 26620
Cache-Control: max-age=31536000
Expires: Sun, 28 Jan 2024 10:09:12 GMT
Date: Sat, 28 Jan 2023 10:09:12 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
200 OK 26 kB URL HTTP/1.1 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Hash 5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:05 GMT
Accept-Ranges: bytes
ETag: "2a87a78eb07ad31:0"
Content-Length: 25832
Cache-Control: max-age=31536000
Expires: Sun, 28 Jan 2024 10:09:12 GMT
Date: Sat, 28 Jan 2023 10:09:12 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
portal.alri.tj/wp-includes/index_files/login-panel.js
200 OK 160 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/login-panel.js
IP
File type Unicode text, UTF-8 text, with very long lines (44600), with NEL line terminators
Size 160 kB (159698 bytes)
Hash a4f0e30653b0423f5141d242540f103b
081e391ce64eec16d6454e63f882eb2163fbea0d
99b47339bbd6cd4fcc5b7e1bb2add0dacbd605af94f6fee846be44916f829c08
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/login-panel.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ODM0MDUzNTE0ODM0MDUzNTE0&session=ODM0MDUzNTE0ODM0MDUzNTE0
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sat, 28 Jan 2023 10:09:11 GMT
img1.wsimg.com/ux/favicon/android-icon-192x192.png
200 OK 3.9 kB URL HTTP/2 img1.wsimg.com/ux/favicon/android-icon-192x192.png
IP
ASN #20940 Akamai International B.V.
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash fcf2e3f67a6d5f477a77363355ca6131
365e6dec6683632d742993a1bffd1a8826459774
75687db078ab91e868922b75c8152cd2e0633be4ef46e21e7b86450458766cc7
GET /ux/favicon/android-icon-192x192.png HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Mon, 13 Jan 2020 21:50:05 GMT
accept-ranges: bytes
etag: "8024356a5bcad51:0"
content-length: 3875
cache-control: max-age=31536000
expires: Sun, 28 Jan 2024 10:09:12 GMT
date: Sat, 28 Jan 2023 10:09:12 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/favicon/favicon-16x16.png
200 OK 413 B URL HTTP/2 img1.wsimg.com/ux/favicon/favicon-16x16.png
IP
ASN #20940 Akamai International B.V.
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 94a6664142d63ad2f714d0f3f128765e
09405c1486c94454382ecd68f70c60b88f780c61
64c7b90ea55b261ab14794c3cdf43de94460001476abdc563e79c55e1c83bc4d
GET /ux/favicon/favicon-16x16.png HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 14 Jan 2020 16:15:08 GMT
accept-ranges: bytes
etag: "fcda62caf5cad51:0"
content-length: 413
mpulse_origin_time: 401
mpulse_cdn_cache: MISS
cache-control: max-age=31536000
expires: Sun, 28 Jan 2024 10:09:12 GMT
date: Sat, 28 Jan 2023 10:09:12 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js
200 OK 6.3 kB URL HTTP/2 img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (17769)
Hash a6cc9752a2019e0395a80869ded57529
0698f5f504cbef454fb3c9fc5027b8d38f14c14c
618553560f09815c349038dce26a0eee4db74aad5078ce4ae267fde303aee17d
GET /wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: iYcMG2E9RHA5oNr/benJ9bNR9T74ICLB8AFrYSPBqYNb7aGiyvzzBqV3I3DZT1GworGCnk3yopI=
x-amz-request-id: D1FN6NMWTM73NKMN
last-modified: Fri, 08 Nov 2019 23:54:02 GMT
etag: "ee768b37adbe1f761458e24514bec4b1"
x-amz-server-side-encryption: AES256
x-amz-version-id: B3EGsm1LpWxPXmGYQbjAOuKrVNPUh8a2
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
content-length: 6288
cache-control: max-age=31536000
expires: Sun, 28 Jan 2024 10:09:12 GMT
date: Sat, 28 Jan 2023 10:09:12 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
46.20.206.52
34.117.237.239
23.36.79.43