r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9165
Expires: Tue, 06 Sep 2022 15:07:24 GMT
Date: Tue, 06 Sep 2022 12:34:39 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 12:04:18 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NOmsaPTCgfqaOSpOuep2eVVgr6SGG2sEoVk5qWonxthIknsTmOPZPQ==
Age: 1821
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Zh0fy0CXbjLOy3TUbZuejqpEaodq_sH7uWX3npCCHp9u_F2DvDNZyA==
age: 40762
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 12:34:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/ms.js
162.214.71.43200 OK 12 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/ms.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (12487), with no line terminators
Hash b60b5817823dbedda03f7c717460c8b5
ec2e5b9431851d5c2f49392c7c8c9533957c8afd
81a5e095ee6ebe17230434d1522f47614dae9096c79fc75fa9685bcbda812380
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/ms.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:39 GMT
Content-Type: application/javascript
Content-Length: 12487
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2022 11:38:18 GMT
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 12:38:18 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DwEC4FU7U7izY3Ly1KZ8v6OPizC2zlpX1Ux3lJJ7cFtW9uJGVrHGxQ==
Age: 3381
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/Bootstrap.js
162.214.71.43200 OK 52 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/Bootstrap.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (579)
Hash a4d0defa64fd2fbab19024d4ceb71a67
0a234466acdf1a483c1008bbd1d03060804b1b6c
99820c5d0e52f2b5d3dba06a582fb0c0845c0f03192a9b5a65f43f7f6cea88a1
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/Bootstrap.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:39 GMT
Content-Type: application/javascript
Content-Length: 51749
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/require-951f856e.js
162.214.71.43200 OK 18 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/require-951f856e.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (17765)
Hash 937e18676bf630501b84d950975baf2c
2161953a77a4ed3843188e1a58dcdc2a14f3abdd
757450f70da7f796420fb8993990c043ea4120fe93d72aa55c460232ecdd1e77
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/require-951f856e.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:39 GMT
Content-Type: application/javascript
Content-Length: 17954
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6586
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 12:34:40 GMT
Last-Modified: Tue, 06 Sep 2022 10:44:54 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/jsll-4.js
162.214.71.43200 OK 53 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/jsll-4.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (52607), with no line terminators
Hash 298e99053435a010d516b0f2dcc47254
b703ca8b9c29a1edd533f33131ef9eed89821979
ab707f6d49ad796e97599151075e837ffd982758231ed889ccae95151557284d
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/jsll-4.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:39 GMT
Content-Type: application/javascript
Content-Length: 52607
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/home.js
162.214.71.43200 OK 43 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/home.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (32061)
Hash 10cc5320eaf37abd9c7d2d856364cc22
3839d2ac5610fe8adc2cb45460778e15d48a121b
669d4a1bd72957df86e0b57281b4580c48b17b946db75ffa02f16238bbac7fc6
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/home.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: application/javascript
Content-Length: 43063
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
162.214.71.43200 OK 498 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (29277), with CRLF line terminators
Size 498 kB (497739 bytes)
Hash a6025633c3bba47da9adbd60a52a10d3
5f98736d53a9f5ed5b3d06d471eb9edcdece8e31
ee6afc1f2c8572d5cfea4cef8ee0aa25bf49d19703a9ad036c06b3cac4fa1f61
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
openphish Microsoft OneDrive
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/aria-4cf8a7e2.js
162.214.71.43200 OK 47 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/aria-4cf8a7e2.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (32013)
Hash 4cf8a7e2fb3aed1e2370a54f12ba88cc
c9c815a210dc55220c36277906922527cf8d250b
977d596ae10ea77c6a86e0a6687ffb03a6a348685af7dd60370b611c426792f9
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/aria-4cf8a7e2.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: application/javascript
Content-Length: 46558
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/97-b6864d.css
162.214.71.43200 OK 128 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/97-b6864d.css
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (64528)
Size 128 kB (128536 bytes)
Hash 5eff32793df61d532c28cbd7fde4411d
23ca5993ec2c81255890e597df87ebb9d3ad21b1
2fbc031eb7dee1d36e21a66425569e307d1ae1b345d6220ca2d89f6f6b1b8719
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/97-b6864d.css HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:39 GMT
Content-Type: text/css
Content-Length: 128536
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/t.js
162.214.71.43200 OK 45 B URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/t.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with no line terminators
Hash 8f1b010ba5222208e3f02a699354978f
3bef1aa2e973237131cbe51bff3e9e8d43e4fa68
c9a4dd7b50eeb82a90457cb58ab085c427494828b3c8c8b5649c6c51b3c65175
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/t.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: application/javascript
Content-Length: 45
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/all.js
162.214.71.43200 OK 200 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/all.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (17732)
Size 200 kB (199988 bytes)
Hash 6f99870218e95383667d68d610285a5a
710b3d278349cd367a4e791e45b6cae69fce4b2e
a8c361f69d3e9c9c9df82c90bbe540ba3c1d94d369f45f9c21fc67f7178b8c7c
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/all.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:39 GMT
Content-Type: application/javascript
Content-Length: 199988
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/5f-c2d29a
162.214.71.43200 OK 80 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/5f-c2d29a
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (42744)
Hash 973d40454fd5d4647383405466cb8705
941bfad4f82458671a7a71a2be9e2866644813c1
7cac888d17ab8ff106c461c921ceb3f22f8878566f2ff1c1ae0435757c9319d0
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/5f-c2d29a HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Length: 79887
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5ETxZye/B8x2MF5ykB0Krg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: et0SEIHWqPKQLblviHapo9ACBq0=
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/homeappfonts-e1a2082a.js
162.214.71.43200 OK 192 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/homeappfonts-e1a2082a.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Size 192 kB (192529 bytes)
Hash e1a2082aa7b2c4df52259c49091e2ce1
3347cf0fa85aa0204ebf805ea2b508be7e2f08df
2ca170f7c96032875931f199c0cf8fb5320e232c3fbf8a1e160af6dc8c6b5ec1
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/homeappfonts-e1a2082a.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: application/javascript
Content-Length: 192529
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/2523150420.js
162.214.71.43200 OK 215 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/2523150420.js
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (723)
Size 215 kB (214901 bytes)
Hash 9fdbcb2121a05586cd75b91ecbdbaafb
b790a7c1658554b9723ef4c73ab5103b8b3c7721
56f0b51587818630c182dcc575c4ded7cd15243cffc3e66b6cd8425269c99590
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/2523150420.js HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: application/javascript
Content-Length: 214901
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/meversion
162.214.71.43200 OK 5.8 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/meversion
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (5803), with no line terminators
Hash 052bbfaf029be1184b901bd1c2e78479
1b3ec36afbb6070888985ea4fb5badabeb9f799d
9a6c02372f29b6e0997c8aabc5c332537c55df703593915dc28739e96587da7c
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/meversion HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Length: 5803
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/microsoft-gray.png
162.214.71.43200 OK 4.1 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/microsoft-gray.png
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/microsoft-gray.png HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/png
Content-Length: 4054
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
shopget24.com/images/sampledata/hack-run.png
104.219.248.46200 OK 0 B URL HTTP/1.1 shopget24.com/images/sampledata/hack-run.png
IP 104.219.248.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery Phishing website detected
GET /images/sampledata/hack-run.png HTTP/1.1
Host: shopget24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/
HTTP/1.1 200 OK
keep-alive: timeout=5, max=100
x-powered-by: PHP/7.2.34
content-type: image/png
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 12:34:40 GMT
content-length: 0
date: Tue, 06 Sep 2022 12:34:40 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/down.png
162.214.71.43200 OK 18 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/down.png
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 10 x 7, 8-bit/color RGBA, non-interlaced\012- data
Hash 6fbdb8b8c42605216c4bbb777b57d732
9b78f68c77d8d380f270f80b0859804e79c6006b
422f2e5068aa66cbebce50b5781d8efd92d2280b22118312d7e04f55d9c20959
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/down.png HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/png
Content-Length: 18231
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/cart.png
162.214.71.43200 OK 18 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/cart.png
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 17 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash 1d1f4fde35f37268fc4e5f641daedb8d
cec17ff31c13f27ed4534e53533d663986a13462
dd295d5a450df4b8a896fda5de20fcbf5344f927bcecf5583465bef0d888f75a
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/cart.png HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/png
Content-Length: 18523
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/hero_devices.svg
162.214.71.43200 OK 19 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/hero_devices.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (19396), with no line terminators
Hash 60c41815934486795de07013ac38f1e4
1088e6de7783fe63ce5fec4ca7ae12c78f9d7da5
687738f7d943a2e5d33eab6a13ae98357a9fe9400f5991a69b08caa4b5e56bf6
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/hero_devices.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 19396
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_any_device.svg
162.214.71.43200 OK 2.5 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_any_device.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2517), with no line terminators
Hash a3f7f090884d7d57e84a385497ad2136
e4fc6920e861b1574421c3d8554359a99efa65bd
0eb11b8b06cfff42c15fd64bb74239354cfa81461564aa003345101d67bfdebd
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_any_device.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 2517
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_offline_access.svg
162.214.71.43200 OK 2.4 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_offline_access.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2389), with no line terminators
Hash 052ad463d416437a4e0863157bc65a42
70e715c7d8a41461c2d86e96e0ec3897b320a2ef
76185d054aca425130d7880b95c18d19248e4574a1b3af612ebf2af2a207241a
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_offline_access.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 2389
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
23.38.201.156301 Moved Permanently 0 B URL HTTP/1.1 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 23.38.201.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://masharif.com.sa
Connection: keep-alive
Referer: http://masharif.com.sa/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Cache-Control: max-age=111063
Expires: Wed, 07 Sep 2022 19:25:43 GMT
Date: Tue, 06 Sep 2022 12:34:40 GMT
Connection: keep-alive
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_safety.svg
162.214.71.43200 OK 2.5 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_safety.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2535), with no line terminators
Hash 179af3c846f45f8e77487e6abec75131
9f13aba76540745c1b4e0ff9e309622d0fe707d0
837b394c26a196d6c3b6b4e7a9a9dd1520a82e6d29ec514572ad01b5bb148955
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_safety.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 2535
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/sidekick_share.svg
162.214.71.43200 OK 16 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/sidekick_share.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (16470), with no line terminators
Hash fb44970a31037aeff8f7c75d082a1e5e
eb61f650eef1f5fe906b9c034def95210c29973c
18358aa54fce839170c866cd5b28b3e7671e5f81490d4eee29c40cd45e3448ef
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/sidekick_share.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 16470
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2017-10-20_20171025.003/onedrive-website-home-media/non-localizable/img/landing/footer_clouds.svg
23.36.76.187200 OK 5.3 kB URL HTTP/2 spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2017-10-20_20171025.003/onedrive-website-home-media/non-localizable/img/landing/footer_clouds.svg
IP 23.36.76.187:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5276), with no line terminators
Hash 9db50281f56a04ef2d1a2b957098fd77
9733d09897a20517f2f7e671715b03ee3182bb78
6f5e17ee5b92eff9916985c54cdcaf09d141e1634f8e18a470caa2122b4a7594
GET /files/onedrive-website-home-release-prod_ship-2017-10-20_20171025.003/onedrive-website-home-media/non-localizable/img/landing/footer_clouds.svg HTTP/1.1
Host: spoprod-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://masharif.com.sa/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 5276
content-type: image/svg+xml
last-modified: Thu, 26 Oct 2017 00:38:53 GMT
etag: 0x8D51C09EF5B30FC
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 68003343-501e-00a5-7a34-a7d057000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: public, max-age=28358872
date: Tue, 06 Sep 2022 12:34:40 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
timing-allow-origin: *
X-Firefox-Spdy: h2
spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2017-10-20_20171025.003/onedrive-website-home-media/non-localizable/img/landing/hero_clouds.svg
23.36.76.187200 OK 2.5 kB URL HTTP/2 spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2017-10-20_20171025.003/onedrive-website-home-media/non-localizable/img/landing/hero_clouds.svg
IP 23.36.76.187:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2518), with no line terminators
Hash 34a43fe35f69e25b842a1c5a5e92d0f3
6c96ed4cb99aaa02d28b90b4d47081b62904f24d
eb51a597fd72d38d2fdd80d471ef69bbf68c1420dac1fbd4290e8fab654c8769
GET /files/onedrive-website-home-release-prod_ship-2017-10-20_20171025.003/onedrive-website-home-media/non-localizable/img/landing/hero_clouds.svg HTTP/1.1
Host: spoprod-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://masharif.com.sa/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 2518
content-type: image/svg+xml
last-modified: Thu, 26 Oct 2017 00:38:53 GMT
etag: 0x8D51C09EF43109F
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 80a2035b-601e-0038-6534-a722ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: public, max-age=28358904
date: Tue, 06 Sep 2022 12:34:40 GMT
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
timing-allow-origin: *
X-Firefox-Spdy: h2
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/sidekick_onedrive_office.svg
162.214.71.43200 OK 13 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/sidekick_onedrive_office.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (13074), with no line terminators
Hash 0f0a4922c3a47ee1a575df1aaf4c4345
ef7de3744387c09ce287db98c0e31cd7bb75b12d
5bdf897eea95a0fbfa2e33374b141e83dc1090d98bbaf62fc7a64cfde6af0175
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/sidekick_onedrive_office.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 13074
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.30.0/fonts/MWFMDL2.woff
23.32.24.53200 OK 13 kB URL HTTP/2 assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.30.0/fonts/MWFMDL2.woff
IP 23.32.24.53:0
File type Web Open Font Format, TrueType, length 12608, version 0.0\012- data
Hash 92e9219721669f593953c45f68ed4339
59589d0e17092d07f30360e835557b91c217398a
191943c6ee672201ec1c440930729f430e5863975bd8a17f4b0b182917441620
GET /cdnfiles/external/mwf/long/v1/v1.30.0/fonts/MWFMDL2.woff HTTP/1.1
Host: assets.onestore.ms
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://masharif.com.sa
Connection: keep-alive
Referer: http://masharif.com.sa/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 12608
content-type: binary/octet-stream
content-md5: kukhlyFmn1k5U8RfaO1DOQ==
last-modified: Wed, 04 Oct 2017 19:51:57 GMT
accept-ranges: bytes
etag: "0x8D50B615EF8CE51"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-lease-state: available
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff, nosniff, nosniff
cache-control: max-age=31536000
date: Tue, 06 Sep 2022 12:34:40 GMT
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
23.38.201.156200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 23.38.201.156:0
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://masharif.com.sa/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=127136
expires: Wed, 07 Sep 2022 23:53:36 GMT
date: Tue, 06 Sep 2022 12:34:40 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/cartcount.html
162.214.71.43200 OK 838 B URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/cartcount.html
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash ef47436334bb902c96d32c7a48334bb0
b0e8fff0fcf001b509a557113e721b232e60c493
1e445afff29f3e3056df30ce251e1dbb7a81f0355778c1c3309bf0c94956e753
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/cartcount.html HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376; optimizelyEndUserId=oeu1662467675175r0.9446911128912061; optimizelySegments=%7B%222494520540%22%3A%22ff%22%2C%222495980660%22%3A%22direct%22%2C%222517180188%22%3A%22false%22%2C%222528250207%22%3A%22none%22%7D; optimizelyBuckets=%7B%7D; optimizelyPendingLogEvents=%5B%22n%3Dhttp%253A%252F%252Fmasharif.com.sa%252Fwp-admin%252Fimages%252Fofiice%252F88307c2247bc244730bd2684e6c10c8b%252Flogin.php%26u%3Doeu1662467675175r0.9446911128912061%26wxhr%3Dtrue%26time%3D1662467675.194%26f%3D8330362432%2C8805575065%2C8425126308%2C8335995814%2C8466545129%2C8477980748%2C8515721197%2C8346960372%2C8583461077%2C8303325462%2C8576951991%2C8248284472%2C8459828858%2C8785089164%2C9116534307%26g%3D%22%5D
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: text/html
Content-Length: 838
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like.html
162.214.71.43200 OK 33 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like.html
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (18676), with CRLF line terminators
Hash 0b17982bd192326b7db2b61058b5a412
b43e40aa9ebde5ca095a2ddd38cb9f398806ac9e
05962a7a642a32d8e45768d5684cb016d7823e7eaec4e902317e2f3c493ac5e9
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like.html HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376; optimizelyEndUserId=oeu1662467675175r0.9446911128912061; optimizelySegments=%7B%222494520540%22%3A%22ff%22%2C%222495980660%22%3A%22direct%22%2C%222517180188%22%3A%22false%22%2C%222528250207%22%3A%22none%22%7D; optimizelyBuckets=%7B%7D; optimizelyPendingLogEvents=%5B%22n%3Dhttp%253A%252F%252Fmasharif.com.sa%252Fwp-admin%252Fimages%252Fofiice%252F88307c2247bc244730bd2684e6c10c8b%252Flogin.php%26u%3Doeu1662467675175r0.9446911128912061%26wxhr%3Dtrue%26time%3D1662467675.194%26f%3D8330362432%2C8805575065%2C8425126308%2C8335995814%2C8466545129%2C8477980748%2C8515721197%2C8346960372%2C8583461077%2C8303325462%2C8576951991%2C8248284472%2C8459828858%2C8785089164%2C9116534307%26g%3D%22%5D
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: text/html
Content-Length: 33005
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/ping.html
162.214.71.43200 OK 609 B URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/ping.html
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (350), with CRLF line terminators
Hash 8964bd11daea1f0c4e7c8a49fe9c63bb
b4e1fe9c2bb7a248e48f5ecf3d7d1ef66a90323d
23d8fe8904523b881d463bb16ec8b45a54cca066f8eeaa0da6ac8268bade13dc
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/ping.html HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376; optimizelyEndUserId=oeu1662467675175r0.9446911128912061; optimizelySegments=%7B%222494520540%22%3A%22ff%22%2C%222495980660%22%3A%22direct%22%2C%222517180188%22%3A%22false%22%2C%222528250207%22%3A%22none%22%7D; optimizelyBuckets=%7B%7D; optimizelyPendingLogEvents=%5B%22n%3Dhttp%253A%252F%252Fmasharif.com.sa%252Fwp-admin%252Fimages%252Fofiice%252F88307c2247bc244730bd2684e6c10c8b%252Flogin.php%26u%3Doeu1662467675175r0.9446911128912061%26wxhr%3Dtrue%26time%3D1662467675.194%26f%3D8330362432%2C8805575065%2C8425126308%2C8335995814%2C8466545129%2C8477980748%2C8515721197%2C8346960372%2C8583461077%2C8303325462%2C8576951991%2C8248284472%2C8459828858%2C8785089164%2C9116534307%26g%3D%22%5D
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: text/html
Content-Length: 609
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4829
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 12:34:40 GMT
Last-Modified: Tue, 06 Sep 2022 11:14:11 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/hsBwMj6iLmk.html
162.214.71.43200 OK 43 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/hsBwMj6iLmk.html
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5796), with CRLF line terminators
Hash 472f4b7b19b9dcc20cbbc7ea75ba3ecd
6e85a812a547857114e949f30f24077c7ed8b860
1bdb4b5661ac011cc9750b7528dc12907b542d2bebad2816e5334da88cef89ef
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/hsBwMj6iLmk.html HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376; optimizelyEndUserId=oeu1662467675175r0.9446911128912061; optimizelySegments=%7B%222494520540%22%3A%22ff%22%2C%222495980660%22%3A%22direct%22%2C%222517180188%22%3A%22false%22%2C%222528250207%22%3A%22none%22%7D; optimizelyBuckets=%7B%7D; optimizelyPendingLogEvents=%5B%22n%3Dhttp%253A%252F%252Fmasharif.com.sa%252Fwp-admin%252Fimages%252Fofiice%252F88307c2247bc244730bd2684e6c10c8b%252Flogin.php%26u%3Doeu1662467675175r0.9446911128912061%26wxhr%3Dtrue%26time%3D1662467675.194%26f%3D8330362432%2C8805575065%2C8425126308%2C8335995814%2C8466545129%2C8477980748%2C8515721197%2C8346960372%2C8583461077%2C8303325462%2C8576951991%2C8248284472%2C8459828858%2C8785089164%2C9116534307%26g%3D%22%5D
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: text/html
Content-Length: 42750
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/o365small.png
162.214.71.43200 OK 20 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/o365small.png
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 300 x 104, 8-bit/color RGBA, non-interlaced\012- data
Hash ab0b7040e2a5da13457862ffbfe441e8
af96bb3b42c8a76c8dcde646d6608295f17fbdaf
6db52e5d3351733ddaf898f85cca549020174b5635303c3702319d7b62d76b33
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/o365small.png HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/png
Content-Length: 19682
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/email-iconsmall.png
162.214.71.43200 OK 18 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/email-iconsmall.png
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 232 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ae0a8b17cf7208eb683fd6d41ef7984
e5286753203ee1dee183c93a761ae60c40194d60
0f3fda9e7854ab4e6744c9327649571657fe260c96aa754ff42298e64a31f73c
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/email-iconsmall.png HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/png
Content-Length: 18157
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_smart_scan.svg
162.214.71.43200 OK 2.5 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_smart_scan.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2490), with no line terminators
Hash 58019e19a0c72f40b7fda5a49eff0dcd
1560ade8742246c04cb79c5d71a6cf0d1d409d43
d8facd92e7e60c399a3649e942141a00b386ad10de59f0e6b6907bd8c39acca8
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_smart_scan.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 2490
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_expiring_links.svg
162.214.71.43200 OK 8.0 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_expiring_links.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (7980), with no line terminators
Hash f5f0a169bc53c03f8dfe3e471718ac99
01ef1aba5b4163b9593ceed8bb37ef775793eae8
330aeca5b9099c192e78e5decdf750076f712fdf2769997c636bfbf7f0d5fc98
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_expiring_links.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:41 GMT
Content-Type: image/svg+xml
Content-Length: 7980
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_files_on_demand.svg
162.214.71.43200 OK 1.5 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_files_on_demand.svg
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1456), with no line terminators
Hash e5e7c3c64ae5fae65acd245196ebe0f5
46282ba6c18c0fc47660f2fd465016883578addf
a91c0a6fc348dba16e1e74d512322aa75e2b31df7ba4544b9d0140e11b5bf646
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/feature_files_on_demand.svg HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:41 GMT
Content-Type: image/svg+xml
Content-Length: 1456
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like_data/lH1ibRl5GKq.png
162.214.71.43200 OK 222 B URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like_data/lH1ibRl5GKq.png
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 16 x 16, 4-bit colormap, non-interlaced\012- data
Hash 2ec226e3dcb9a8e77a8e8c11740587c9
3eeef1fffe964e01ca04216633d515b782671437
4c66cf58bddf9101dd5e3d83235728a64c8e7ef7032c4bcbbcc91b8aa7dcac18
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like_data/lH1ibRl5GKq.png HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like.html
Connection: keep-alive
Cookie: MC0=1662467674376; optimizelyEndUserId=oeu1662467675175r0.9446911128912061; optimizelySegments=%7B%222494520540%22%3A%22ff%22%2C%222495980660%22%3A%22direct%22%2C%222517180188%22%3A%22false%22%2C%222528250207%22%3A%22none%22%7D; optimizelyBuckets=%7B%7D; optimizelyPendingLogEvents=%5B%22n%3Dhttp%253A%252F%252Fmasharif.com.sa%252Fwp-admin%252Fimages%252Fofiice%252F88307c2247bc244730bd2684e6c10c8b%252Flogin.php%26u%3Doeu1662467675175r0.9446911128912061%26wxhr%3Dtrue%26time%3D1662467675.194%26f%3D8330362432%2C8805575065%2C8425126308%2C8335995814%2C8466545129%2C8477980748%2C8515721197%2C8346960372%2C8583461077%2C8303325462%2C8576951991%2C8248284472%2C8459828858%2C8785089164%2C9116534307%26g%3D%22%5D
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:41 GMT
Content-Type: image/png
Content-Length: 222
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like_data/cDyyloiRSzM.png
162.214.71.43200 OK 195 B URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like_data/cDyyloiRSzM.png
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 16 x 16, 4-bit colormap, non-interlaced\012- data
Hash 391985588c74ba39bd0db701b45f7ad9
0002b67c5754d685a0eb3f51c1ab077db7cdeb3c
4e5950ee18c014ae0193d3ff8ed7a2e05fe35fa26ea1adc47eaeaa4c77cdccad
Analyzer Verdict Alert urlquery Phishing - Microsoft Services
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like_data/cDyyloiRSzM.png HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/like.html
Connection: keep-alive
Cookie: MC0=1662467674376; optimizelyEndUserId=oeu1662467675175r0.9446911128912061; optimizelySegments=%7B%222494520540%22%3A%22ff%22%2C%222495980660%22%3A%22direct%22%2C%222517180188%22%3A%22false%22%2C%222528250207%22%3A%22none%22%7D; optimizelyBuckets=%7B%7D; optimizelyPendingLogEvents=%5B%22n%3Dhttp%253A%252F%252Fmasharif.com.sa%252Fwp-admin%252Fimages%252Fofiice%252F88307c2247bc244730bd2684e6c10c8b%252Flogin.php%26u%3Doeu1662467675175r0.9446911128912061%26wxhr%3Dtrue%26time%3D1662467675.194%26f%3D8330362432%2C8805575065%2C8425126308%2C8335995814%2C8466545129%2C8477980748%2C8515721197%2C8346960372%2C8583461077%2C8303325462%2C8576951991%2C8248284472%2C8459828858%2C8785089164%2C9116534307%26g%3D%22%5D
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:41 GMT
Content-Type: image/png
Content-Length: 195
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
www.facebook.com/rsrc.php/v3ipwU4/yg/l/en_US/USatHJCaH3G.js
31.13.72.36404 Not Found 0 B URL HTTP/2 www.facebook.com/rsrc.php/v3ipwU4/yg/l/en_US/USatHJCaH3G.js
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rsrc.php/v3ipwU4/yg/l/en_US/USatHJCaH3G.js HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://masharif.com.sa
Connection: keep-alive
Referer: http://masharif.com.sa/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
x-fatal-request: www.facebook.com
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
timing-allow-origin: *
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-xss-protection: 0
content-type: text/html; charset="utf-8"
x-fb-debug: lZ8C55Is9yQchcDvh+s9kCHVg3Zh/YYf8UK8FewtxaxDJuyuuY9MU+O6d8lsEL8G9LXskROOZE5fZBb1vB7/tw==
content-length: 0
date: Tue, 06 Sep 2022 12:34:41 GMT
priority: u=3,i
X-Firefox-Spdy: h2
nexus.ensighten.com/msftoffice/prod/serverComponent.php?r=2256.4237115427577&ClientID=761&PageID=http%3A%2F%2Fmasharif.com.sa%2Fwp-admin%2Fimages%2Fofiice%2F88307c2247bc244730bd2684e6c10c8b%2Flogin.php
54.230.111.14200 OK 60 B URL HTTP/1.1 nexus.ensighten.com/msftoffice/prod/serverComponent.php?r=2256.4237115427577&ClientID=761&PageID=http%3A%2F%2Fmasharif.com.sa%2Fwp-admin%2Fimages%2Fofiice%2F88307c2247bc244730bd2684e6c10c8b%2Flogin.php
IP 54.230.111.14:0
Hash dc3d06df7033df417cfbe813fb8ef6a3
2abb698cfd18f5ec6b43db6ecf2c526c4901779a
ad68c8c7e80948313b864c7f1f78556234fe7d5fc778337a7bf0db2efd0c7468
GET /msftoffice/prod/serverComponent.php?r=2256.4237115427577&ClientID=761&PageID=http%3A%2F%2Fmasharif.com.sa%2Fwp-admin%2Fimages%2Fofiice%2F88307c2247bc244730bd2684e6c10c8b%2Flogin.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 60
Connection: keep-alive
Server: nginx
Date: Tue, 06 Sep 2022 12:34:41 GMT
Last-Modified: Thu, 05 Apr 2012 12:15:43 GMT
ETag: "4f7d8cef-3c"
Expires: Tue, 06 Sep 2022 12:34:40 GMT
Cache-Control: no-cache, no-store
Accept-Ranges: bytes
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PHIrbVECF-KjDCsFXHkdWtiaI9l1BbYJmRneKBIDF27UhTuYlrlxbA==
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/favicon.ico
162.214.71.43200 OK 7.9 kB URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/favicon.ico
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Hash 1195bfe885af7c60b352a3b3bef7e42c
f7f843b3aee1833bc1251b9e0f39edb04f104af2
361de6ae8b67c64b4c14d0852f24f499162ce8bfc7d441dee68bf04a12263a6b
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/favicon.ico HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376; optimizelyEndUserId=oeu1662467675175r0.9446911128912061; optimizelySegments=%7B%222494520540%22%3A%22ff%22%2C%222495980660%22%3A%22direct%22%2C%222517180188%22%3A%22false%22%2C%222528250207%22%3A%22none%22%7D; optimizelyBuckets=%7B%7D; optimizelyPendingLogEvents=%5B%22n%3Dhttp%253A%252F%252Fmasharif.com.sa%252Fwp-admin%252Fimages%252Fofiice%252F88307c2247bc244730bd2684e6c10c8b%252Flogin.php%26u%3Doeu1662467675175r0.9446911128912061%26wxhr%3Dtrue%26time%3D1662467675.194%26f%3D8330362432%2C8805575065%2C8425126308%2C8335995814%2C8466545129%2C8477980748%2C8515721197%2C8346960372%2C8583461077%2C8303325462%2C8576951991%2C8248284472%2C8459828858%2C8785089164%2C9116534307%26g%3D%22%5D
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2022 12:34:41 GMT
Content-Type: image/x-icon
Content-Length: 7886
Connection: keep-alive
Last-Modified: Fri, 15 Apr 2022 20:34:10 GMT
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4528
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 12:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4528
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 12:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4528
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 12:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4528
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 12:34:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GSRJIWisH465dPqbKyPj1iZk1jAu3RGrgwj1CX3X8A397zv9Nt0cHA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 08:35:06 GMT
age: 14375
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa58df54c-7833-44ce-9519-a44b50319614.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa58df54c-7833-44ce-9519-a44b50319614.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a87857b93f99eab3118aae97a1c9d22
3aea6a5aaf5ccda356d7e0941b33a7c2e2b13e80
97ce11c0e0efe83d6568f173f9235160157c52b4ab4299823d508c072f113ddc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa58df54c-7833-44ce-9519-a44b50319614.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5775
x-amzn-requestid: dc0a6d9c-5aec-44a3-be54-69cec17f9de1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYfxE0noAMFz0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166dfe-6c8ec4b03fc761d81c988132;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: z3WamVQsZqAoYnfPZ0rgyYXGzs1jsv56D1oF4Wzva-H-T8a-xPU8mg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:00:00 GMT
age: 52481
etag: "3aea6a5aaf5ccda356d7e0941b33a7c2e2b13e80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec466c0d472e43c11d36bf6fce068205
720d3624a76d060b8e2699e9aa7a320e3efd4878
5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 04:31:02 GMT
age: 29019
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 983e705542fa78b4d5c876e0c1eada7e
5fc951e5236edd282d4975853ca35dab2e55fb17
fa6e478fc213f6cb6c9f33c96c51105262c857bfe313b3d310755be30b1feeb3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6656
x-amzn-requestid: 2703eaf4-1a5a-41a6-859b-47255865efb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAX-3F2ZIAMFpLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d2b-6df026de5a9230ed429d08c1;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FIIvB2jeQ_PBDzi8XRN0jnNxze3OwDbz8TBaIcadRvmQd2EFhCwX7Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:44:33 GMT
age: 53408
etag: "5fc951e5236edd282d4975853ca35dab2e55fb17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 19b452d6541a6028e7d3f90529477077
1c16eb50bc2490b4ebff6775ef611fdcb282f9f9
f4763a0f464067991c2c484c384df4fe791d7df6e3d6ad15650a954db537249f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10694
x-amzn-requestid: c3d2f71c-927d-41f6-93ab-bf041374a9f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWsgHQOIAMFvSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b1c-5d2efd595cdf300972f4fb79;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eikhT8BkN5e163S6QriQybdyPNTKDTf3BCsHifNwfBJfrWv7LqgL8Q==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:06:45 GMT
age: 52076
etag: "1c16eb50bc2490b4ebff6775ef611fdcb282f9f9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c4b2d6a516e93799b54fe2bbd6630f86
b5a7380f294876dd308c7fde294f36a425c1be01
7463878d8967ff31d7ce20d5a4408c23ad59123032a990c21a47df0881edcb86
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5377
x-amzn-requestid: 2adc68e8-1889-4233-8ac4-e2a8d44ccbdd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X_4XzF1FoAMF3AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63163a98-5918897d7de556f75bbfab34;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 18:06:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DpNb6dBygeDbRbFWIkeXYVddcgxlSVuq4y73JvG315Xp-wkwiDhZyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 18:06:16 GMT
age: 66505
etag: "b5a7380f294876dd308c7fde294f36a425c1be01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.microsoft.com/store/buy/cartcount
23.38.201.156301 Moved Permanently 0 B URL HTTP/1.1 www.microsoft.com/store/buy/cartcount
IP 23.38.201.156:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /store/buy/cartcount HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://www.microsoft.com/store/buy/cartcount
Cache-Control: max-age=73049
Expires: Wed, 07 Sep 2022 08:52:10 GMT
Date: Tue, 06 Sep 2022 12:34:41 GMT
Connection: keep-alive
TLS_version: UNKNOWN
X-RTag: Str
www.microsoft.com/store/buy/cartcount
23.38.201.156200 OK 489 B URL HTTP/2 www.microsoft.com/store/buy/cartcount
IP 23.38.201.156:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash bcdd127d7988dcedf4b2866d037bd952
5536e8863fabbf3c651c19e5b42d7a51bf5b2b9b
f9c56fb14488610fc4ee470e86f54bd1e9609907a3cb2bec2cc42cd78cb00679
GET /store/buy/cartcount HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://masharif.com.sa/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
x-activity-id: 4539b09e-2774-4193-afe6-fced4550e990
ms-cv: mKfzixZ+DkG0djq6.0
x-appversion: 1.0.8261.38029
x-az: {did:9a8cd53207774949b337f7edab013e9f, rid: 25, sn: storeexp-neu-prod, dt: 2022-08-27T22:17:38.4024414Z, bt: 2022-08-14T21:07:38.0000000Z}
ms-operation-id: 6f32386b98b97c4a9f5f60286a24f6ee
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 489
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 125
cache-control: max-age=25542
expires: Tue, 06 Sep 2022 19:40:23 GMT
date: Tue, 06 Sep 2022 12:34:41 GMT
vary: Accept-Encoding
tls_version: tls1.3
strict-transport-security: max-age=31536000
x-rtag: Str
set-cookie: ak_bmsc=E3AFD379B99125367249A8BC5C4544F8~000000000000000000000000000000~YAAQJ08kF+zLW/OCAQAAia7LEhGBDeuXp409inh5c/RPW8AgKf8OGgI69F7CSehnMgOdD1hvcslWtgr4a/KGjWsFrY0ojGJ+7JE+j4tHdk5AEaZL21zPJ0Qir0YE90IytSIyWdcYSv94xeWiqZ6C64YUkj/H2RbcngRawnMDqY/TpajR3GvqUbaXZ9pwaw2hbi/tDJWTNv/S6/YBBVddT0hPRtDv6MGeJ169oHxymfxiX/o6YyA6o+rN7+XwiDQ0icMsvreqjA/8yjfcOVzWpYWdiNs1xj2sppCOI8DgCRA3pn0Zo1ZGg8G0ZQBq5qIY2c/8Ky7c88o5R7rFD0RWPm2tTdaYdwBctP05A9Pt1Rwl/iGxoNgrb+eN4iNN8dr9uEBUj6rIpNHhAcsK; Domain=.microsoft.com; Path=/; Expires=Tue, 06 Sep 2022 14:34:41 GMT; Max-Age=7200; HttpOnly
X-Firefox-Spdy: h2
masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/px.html
162.214.71.43404 Not Found 0 B URL HTTP/1.1 masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/px.html
IP 162.214.71.43:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/signin_files/px.html HTTP/1.1
Host: masharif.com.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://masharif.com.sa/wp-admin/images/ofiice/88307c2247bc244730bd2684e6c10c8b/login.php
Cookie: MC0=1662467674376
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 06 Sep 2022 12:34:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0