r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 326898eb925368408f6f42ee173b9d89
b8b20ee34b7e7b139e7729b8e46a54ea25f54ac8
96c2c75f700ab55649882111713ca3cfb2eaf08e404c2bc245a641dc12ae168a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96C2C75F700AB55649882111713CA3CFB2EAF08E404C2BC245A641DC12AE168A"
Last-Modified: Wed, 04 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12045
Expires: Fri, 06 Jan 2023 15:00:09 GMT
Date: Fri, 06 Jan 2023 11:39:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ce8af3d72e7e9af609039abee59c8b87
8e1b16591fbc632df35f15e23da55ee86af31bc3
52edddbda4a3a3b778f61a491b21e6ea439e9d8024189e636b1f37b2dd7226fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52EDDDBDA4A3A3B778F61A491B21E6EA439E9D8024189E636B1F37B2DD7226FC"
Last-Modified: Wed, 04 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15076
Expires: Fri, 06 Jan 2023 15:50:40 GMT
Date: Fri, 06 Jan 2023 11:39:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 06 Jan 2023 10:48:00 GMT
content-type: application/json
age: 3084
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 600f7ba6e1a6fbbd176cd2df19b1e4d9
cdd72b25fd91ee980aba193b12e890096e4fe852
860214860947dfbe26099f018747154823b175fceb2821a390cc655da191a6d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "860214860947DFBE26099F018747154823B175FCEB2821A390CC655DA191A6D0"
Last-Modified: Thu, 05 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11656
Expires: Fri, 06 Jan 2023 14:53:40 GMT
Date: Fri, 06 Jan 2023 11:39:24 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8ZzOg1P/4vMKs2d/YIxeOhErJ9INQh1tnySwzCNig1rMi+agNXl5+inLcwfmd/iQpdm4jzVajV8dsaU+jX23wA==
x-amz-request-id: 0DMFNB6PTQB79SCT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 06 Jan 2023 10:59:58 GMT
age: 2366
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
23.36.79.43200 OK 12 kB URL HTTP/2 img1.wsimg.com/ux/fonts/uxfont/2.0/uxfont.woff2
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 12096, version 1.0\012- data
Hash 4810a19d6fb1d3244fc70cf4de1fafe7
d6e5165c861b57f74d97fb30dc1b3286dcc49c76
87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5
GET /ux/fonts/uxfont/2.0/uxfont.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Tue, 01 Oct 2019 21:51:42 GMT
accept-ranges: bytes
etag: "f46b9269a278d51:0"
content-length: 12096
cache-control: max-age=31536000
expires: Sat, 06 Jan 2024 11:39:24 GMT
date: Fri, 06 Jan 2023 11:39:24 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
23.36.79.43200 OK 27 kB URL HTTP/2 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Hash 1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:07 GMT
accept-ranges: bytes
etag: "ec1d1690b07ad31:0"
content-length: 26620
cache-control: max-age=31536000
expires: Sat, 06 Jan 2024 11:39:24 GMT
date: Fri, 06 Jan 2023 11:39:24 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
23.36.79.43200 OK 40 kB URL HTTP/2 img1.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 40132, version 1.66\012- data
Hash 162c9e176014c90e76618bd4b7a8a3f0
7fec64f1167b3086a533379a307f257eb777c129
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
GET /ux/fonts/gd-sage/1.0/gd-sage-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 04 Apr 2019 17:08:28 GMT
accept-ranges: bytes
etag: "36811569ebd41:0"
content-length: 40132
cache-control: max-age=31536000
expires: Sat, 06 Jan 2024 11:39:24 GMT
date: Fri, 06 Jan 2023 11:39:24 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 06 Jan 2023 11:39:24 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
23.36.79.43200 OK 26 kB URL HTTP/2 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Hash 5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Thu, 21 Dec 2017 23:08:05 GMT
accept-ranges: bytes
etag: "2a87a78eb07ad31:0"
content-length: 25832
cache-control: max-age=31536000
expires: Sat, 06 Jan 2024 11:39:24 GMT
date: Fri, 06 Jan 2023 11:39:24 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 06 Jan 2023 11:08:12 GMT
age: 1872
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 43c8442b7447debab97b0f6bc973e23a
38a5f1869cff7f6ddbfd3a24e57a3da7851ba3b0
4eb7adc914570287dde1317395d1d95b07271c8fe20b97a8928025c292c47dba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2126
Cache-Control: max-age=165769
Content-Type: application/ocsp-response
Date: Fri, 06 Jan 2023 11:39:25 GMT
Etag: "63b7e4a8-1d7"
Expires: Sun, 08 Jan 2023 09:42:14 GMT
Last-Modified: Fri, 06 Jan 2023 09:06:48 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GL0wU1a8sskG1gqSyp0guA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bkWvt+s5nsW4mIueYvipG0vGbmQ=
portal.alri.tj/wp-includes/index_files/utilityheader.css
46.20.206.52200 OK 10 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/utilityheader.css
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5af50066b71c93aecc4658970a49018f
724463931f27c2cd844407d09ed3565649f2ee8f
dc15fcb1147f15eb64d13edde5e1d7b52d1c2064a25075dc0642808afd8465d0
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
GET /wp-includes/index_files/utilityheader.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:23 GMT
Content-Length: 10473
portal.alri.tj/wp-includes/index_files/polyfill.js
46.20.206.52200 OK 182 B URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/polyfill.js
IP 46.20.206.52:0
Hash 6b7f8e85fb1346fda2c1e59d77e92ba8
461d736444c0c3b9a6809b905371486b42f8e853
b383d9f34eb488bc226039331ffffd5510a05b7538de5548147dc2d5e05c7d93
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/polyfill.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:25 GMT
Content-Length: 182
portal.alri.tj/wp-includes/index_files/heartbeat.js
46.20.206.52200 OK 1.5 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/heartbeat.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (2577)
Hash 2f8fd474adbe4815282d788974c94319
3ea112fff5fcb9ba84d5ea8546686b42ab9ceb89
02ded1490d86402401a1ac8e686beb20f4bf53e9b7625eabf6904fdcca021878
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/heartbeat.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cccd50cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:26 GMT
Content-Length: 1495
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8206
Expires: Fri, 06 Jan 2023 13:56:12 GMT
Date: Fri, 06 Jan 2023 11:39:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8206
Expires: Fri, 06 Jan 2023 13:56:12 GMT
Date: Fri, 06 Jan 2023 11:39:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8206
Expires: Fri, 06 Jan 2023 13:56:12 GMT
Date: Fri, 06 Jan 2023 11:39:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1780bdca4138463723f65222d72004e2
c0acbd7a8cf08d7b675dd8a0cdb73d4ff4fbdb8b
92d022d0945f2e9ff1b27013792745c4ca2d65150693532049985efdf9022efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "92D022D0945F2E9FF1B27013792745C4CA2D65150693532049985EFDF9022EFA"
Last-Modified: Wed, 04 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8206
Expires: Fri, 06 Jan 2023 13:56:12 GMT
Date: Fri, 06 Jan 2023 11:39:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5808502d-e3d7-4ff0-885f-be3e4728a380.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5808502d-e3d7-4ff0-885f-be3e4728a380.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c43cd789c8a417cccb0fd1d0976b13f2
f7be1e65af4baa06da326d643a624fe46abe1ea2
863d781dc296cd5edb0f2630f4bb29533323917f455f512e7679e4afa0346323
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5808502d-e3d7-4ff0-885f-be3e4728a380.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4577
x-amzn-requestid: 5e67ddf8-53fd-4cad-b6b9-8202560bf598
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eSd60GXjoAMF41Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b74378-042659c73cd71e1004a14faa;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 21:39:04 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1lbzfXbU7LtEjnlHa7ZypSnkSumraYEkaMdWkfa-OjnSgNVB0VMsXw==
via: 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 21:46:48 GMT
age: 49958
etag: "f7be1e65af4baa06da326d643a624fe46abe1ea2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F727b2cef-2229-487d-9623-29ccec44ab1f.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F727b2cef-2229-487d-9623-29ccec44ab1f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d256d063b2698bb9d915589a2c79fbce
d7c083857e9512ad3ecb3bbaf285409926473ceb
d4e5f901f62fa98b525fc1ecbe187032fd2d0e112c6f1b9534b742b2d6c05b08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F727b2cef-2229-487d-9623-29ccec44ab1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5809
x-amzn-requestid: 16b4843e-ac69-402f-87e7-66c24984cecb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eSeJoHgwIAMFhdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b743d7-507b52112e0f1176182e5d99;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 21:40:39 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JGGMyfzW2uwEbY-V22ZCWjFegXRLY-wAlWxSjLCM6C1A5kjXa2DTGw==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 21:46:41 GMT
age: 49965
etag: "d7c083857e9512ad3ecb3bbaf285409926473ceb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4210cd0d-e5ae-416b-b3b1-984a5c3f750c.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4210cd0d-e5ae-416b-b3b1-984a5c3f750c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7e96507584bce9f14a50123fb78a8102
c45249ddffb15b9e957af8f5203d7d06ddf32cf8
118f62631c92e42b135046647e828eb80a54405603f5b461320b483bce0c55ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4210cd0d-e5ae-416b-b3b1-984a5c3f750c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11746
x-amzn-requestid: 1df278ae-becc-4016-a2c4-b41d07badc43
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eRlHbGlWoAMF-Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b6e895-5ec70fd53a30bd8c340440b6;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 15:11:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L3MUqNupzj6DCPouwDuqyys95kzHkBEM3RDCVs06mh9ezzL9FMIcoA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 15:17:01 GMT
age: 73345
etag: "c45249ddffb15b9e957af8f5203d7d06ddf32cf8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21317de1-eb28-40df-9b2f-52c7e7d9a890.webp
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21317de1-eb28-40df-9b2f-52c7e7d9a890.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8838aa3f3695e0418a7b3206d448868
8d9b267ddd23df9ccc4090faa3c805b3bdee20b9
cf1dd2c5d212bcd9db1bc400d789eda6319b8777c2dd0844ef89729b468ca3d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21317de1-eb28-40df-9b2f-52c7e7d9a890.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6823
x-amzn-requestid: 53ddb60a-bb7d-4aa8-8ffe-c0ae75965ca8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eSeJRFhLoAMFlzQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b743d4-6d05214a6b210dc174440e79;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 21:40:36 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KtPYrZlC-Eo0eoe_qdj2fVQ0ArL1ikUafYXwNOhlaOljTzVLkKRl5A==
via: 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 21:46:50 GMT
etag: "8d9b267ddd23df9ccc4090faa3c805b3bdee20b9"
content-type: image/jpeg
age: 49956
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e832123ea0c92a446b5894e75efc86ae
bb438ca635b43819701067ef07a3d910ad29a0c7
e1b0c6cd873f304de15664f96af6b6914e13fbbfb3e2179ba43369e116446773
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f37a3ca-5b31-4876-bbcd-442c1f718b3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5578
x-amzn-requestid: 93353c3e-1b26-424c-b4c6-0d113703edd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFvpBFGvIAMFobw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b22c9f-1d07cff31ae39320693642f0;Sampled=0
x-amzn-remapped-date: Mon, 02 Jan 2023 01:00:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: skIlgzeKmjJ2Wsx2QeubgMvO7chgpPNZYqW4E_xhRgkCtDEhAfBp4w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 06 Jan 2023 07:33:22 GMT
age: 14764
etag: "bb438ca635b43819701067ef07a3d910ad29a0c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd28f69e6-ae09-4dc7-b1d9-271e486fa4ce.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd28f69e6-ae09-4dc7-b1d9-271e486fa4ce.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cb5c550b1ef40a5d473e27e7c2abbdd9
e90c4c32a3bb420d36d1ccede7bec5f0e6322287
598187a532b0bc79642b7eedf9da7278e884b900fc6586b9554f4986f6f37b94
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd28f69e6-ae09-4dc7-b1d9-271e486fa4ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4942
x-amzn-requestid: 5e1a2066-3cdd-4382-ae54-b8812b0178f4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eRieJFcVIAMFrNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b6e45a-1eb561645026c93a5c7e6c5c;Sampled=0
x-amzn-remapped-date: Thu, 05 Jan 2023 14:53:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RUrBDjE_-gQMygzB0fRpcXFKksaHO9flQxWZR_cAiWZOXKMXSFk3Lg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 05 Jan 2023 14:56:10 GMT
age: 74596
etag: "e90c4c32a3bb420d36d1ccede7bec5f0e6322287"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js
46.20.206.52200 OK 4.4 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (12690)
Hash a34cd21ef037c15c7be9ea56e482ede7
d80d138f9cea937a39847d1d5ea4122da3a0ca19
2cfd84a7e2f1ee23bd1acc5bb01ef7cdd9f81f2ca5b18faec8916aa53027f662
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendorsbrowser-deprecation-banner.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:26 GMT
Content-Length: 4380
portal.alri.tj/wp-includes/index_files/utilityheader.js
46.20.206.52200 OK 41 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/utilityheader.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Hash 3c13e50e6cde6fe7c5954e3e14d361fa
88f51c5a72131432443b68a7483fdb2c4be0ad53
c9e31bbf33960779196f8cede97d956a6887b6d7828eaf9226a06ad0db6f1fe6
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/utilityheader.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:26 GMT
Content-Length: 41080
portal.alri.tj/wp-includes/index_files/vendor.js
46.20.206.52200 OK 62 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendor.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9c8025a4e11d26122f597a0bfdc4e979
d3bb644131d3eafb931e9a62898f3fc212063488
ff0957e05769a89e8c3e680580729152419ef453594b59d7467cb14488bbe93c
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendor.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:25 GMT
Content-Length: 62134
portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
46.20.206.52200 OK 26 kB URL HTTP/1.1 portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
IP 46.20.206.52:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (27098), with CRLF line terminators
Hash 1df639c8783038f88804971d40438d3c
f60f6331acc79d354755ffc893256ccc7513cac9
925ea716248668935ff736c9b743d66d3b4c259f32b70a77a522ea2846bf0626
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
NIDS Severity Alert suricata high ET PHISHING Generic Phishkit Activity (GET)
GET /wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ== HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.3.1, ASP.NET
Date: Fri, 06 Jan 2023 11:39:23 GMT
Content-Length: 26182
portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js
46.20.206.52200 OK 14 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (55940)
Hash 4721a7b85fd33709b63b5d4f0ee3e8c2
129f424399dd1a25897e12e77a996279b20a7e7f
934384d99f90f649c1d1bf4a9ec04c40f761f8255b513f0a3a043911560f3209
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/vendorsheader-cart.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:27 GMT
Content-Length: 13786
portal.alri.tj/wp-includes/index_files/tti.js
46.20.206.52200 OK 6.3 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/tti.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (17769)
Hash 32940a89d3481c94523f33c62adbab78
3faf21d15604b4d54dca3f06e3f1524c3d1b2987
53ecec34c813bd29efccfeb9ac91ec7aa61ca24697d12e1f00afdce038a60814
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/tti.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:27 GMT
Content-Length: 6287
portal.alri.tj/wp-includes/index_files/tcc.js
46.20.206.52200 OK 26 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/tcc.js
IP 46.20.206.52:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c5ecbdd265654f9303efe80e0130adc7
d4eec7bc899360324b999832661177bb872ed6f9
b22938a75a39eb2e127752a609271cda84c4581955289dce1da72ddf213db3a1
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/tcc.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:25 GMT
Content-Length: 25931
portal.alri.tj/wp-includes/index_files/uxcore2.css
46.20.206.52200 OK 36 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/uxcore2.css
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 1e8752866af62bef73c8eea0f413dd24
3a768285fffe8da79a9cee7982e6d7d28f201a49
67bc6064af7ac2fe317dd66371db05fb7ee1afcb296756529c4513e082ed3047
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
GET /wp-includes/index_files/uxcore2.css HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:23 GMT
Content-Length: 36322
portal.alri.tj/wp-includes/index_files/uxcore2.js
46.20.206.52200 OK 58 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/uxcore2.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash b0fb4831b9d584f58ac1e890011d61ad
9f6137a1ef2e99ac6ed46adf0ecff9b658fd920a
16512ae7171ad86228f5048eb3185a6f26b41c81208c295b116b6c1986fba9cc
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/uxcore2.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:25 GMT
Content-Length: 57551
portal.alri.tj/wp-includes/index_files/splitio.js
46.20.206.52200 OK 57 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/splitio.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (65504), with no line terminators
Hash 96a94623e8f33f9dd6b5c4c705683f3c
1f63f7dd0a9ba68312509135f057c14da4eeb3f8
3f4ee27ffbe3c4724c21d7a4d21cb259eecd7907f6dce190648ecfe59de34423
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/splitio.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:27 GMT
Content-Length: 56791
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
23.36.79.43200 OK 27 kB URL HTTP/1.1 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-regular.woff2
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Hash 1a72b2c4f5f947f55af7ff106cb51a85
a359cd12931ff947baf7783e6aad174d1f83aa98
4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:07 GMT
Accept-Ranges: bytes
ETag: "ec1d1690b07ad31:0"
Content-Length: 26620
Cache-Control: max-age=31536000
Expires: Sat, 06 Jan 2024 11:39:30 GMT
Date: Fri, 06 Jan 2023 11:39:30 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
23.36.79.43200 OK 26 kB URL HTTP/1.1 img1.wsimg.com/ux/fonts/sherpa/1.0/gdsherpa-bold.woff2
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Hash 5e657b0e761b49a877c1a5feca42b9ce
4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
HTTP/1.1 200 OK
Content-Type: application/font-woff2
Last-Modified: Thu, 21 Dec 2017 23:08:05 GMT
Accept-Ranges: bytes
ETag: "2a87a78eb07ad31:0"
Content-Length: 25832
Cache-Control: max-age=31536000
Expires: Sat, 06 Jan 2024 11:39:30 GMT
Date: Fri, 06 Jan 2023 11:39:30 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
portal.alri.tj/wp-includes/index_files/login-panel.js
46.20.206.52200 OK 121 kB URL HTTP/1.1 portal.alri.tj/wp-includes/index_files/login-panel.js
IP 46.20.206.52:0
File type Unicode text, UTF-8 text, with very long lines (44600), with NEL line terminators
Size 121 kB (121341 bytes)
Hash b8f48b5a2a6a4281766ad378c866ebac
3325b3bcd00923b1a8f9be0e3a80a93d985e49f0
f317a6a3f19e93be3eea75bb10ce7814983de96519cb11755ffdd36862c5a056
Analyzer Verdict Alert urlquery phishing Phishing - GoDaddy
urlquery phishing Phishing - GoDaddy
fortinet Phishing
GET /wp-includes/index_files/login-panel.js HTTP/1.1
Host: portal.alri.tj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==&session=MTcyNjQ5Njg2NQ==MTcyNjQ5Njg2NQ==
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "0ae21cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 06 Jan 2023 11:39:27 GMT
Content-Length: 121341
img1.wsimg.com/ux/favicon/android-icon-192x192.png
23.36.79.43200 OK 3.9 kB URL HTTP/2 img1.wsimg.com/ux/favicon/android-icon-192x192.png
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash fcf2e3f67a6d5f477a77363355ca6131
365e6dec6683632d742993a1bffd1a8826459774
75687db078ab91e868922b75c8152cd2e0633be4ef46e21e7b86450458766cc7
GET /ux/favicon/android-icon-192x192.png HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Mon, 13 Jan 2020 21:50:05 GMT
accept-ranges: bytes
etag: "8024356a5bcad51:0"
content-length: 3875
cache-control: max-age=31536000
expires: Sat, 06 Jan 2024 11:39:30 GMT
date: Fri, 06 Jan 2023 11:39:30 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js
23.36.79.43200 OK 6.3 kB URL HTTP/2 img1.wsimg.com/wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (17769)
Hash a6cc9752a2019e0395a80869ded57529
0698f5f504cbef454fb3c9fc5027b8d38f14c14c
618553560f09815c349038dce26a0eee4db74aad5078ce4ae267fde303aee17d
GET /wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: iYcMG2E9RHA5oNr/benJ9bNR9T74ICLB8AFrYSPBqYNb7aGiyvzzBqV3I3DZT1GworGCnk3yopI=
x-amz-request-id: D1FN6NMWTM73NKMN
last-modified: Fri, 08 Nov 2019 23:54:02 GMT
etag: "ee768b37adbe1f761458e24514bec4b1"
x-amz-server-side-encryption: AES256
x-amz-version-id: B3EGsm1LpWxPXmGYQbjAOuKrVNPUh8a2
accept-ranges: bytes
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
content-length: 6288
cache-control: max-age=31536000
expires: Sat, 06 Jan 2024 11:39:30 GMT
date: Fri, 06 Jan 2023 11:39:30 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2
img1.wsimg.com/auth/v1/static/2808/img/favicon.ico
23.36.79.43404 Not Found 153 B URL HTTP/2 img1.wsimg.com/auth/v1/static/2808/img/favicon.ico
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ac5ea41aae137cead073d37a7bb732bc
85bde4b57e1f38bd7ff0e6cf4b6ac5f626a5fbae
fcdc802dabd14bed15efb9235ee0decac4adb6908dca03eeba74e2bf8f4eb5a7
GET /auth/v1/static/2808/img/favicon.ico HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
content-length: 153
pragma: no-cache
cache-control: max-age=31536000
expires: Sat, 06 Jan 2024 11:39:30 GMT
date: Fri, 06 Jan 2023 11:39:30 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2