Overview

URLportal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz
IP 46.20.206.52 (Tajikistan)
ASN#24722 LLC Babilon-T
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-25 12:25:02 UTC
StatusLoading report..
IDS alerts0
Blocklist alert11
urlquery alerts No alerts detected
Tags None

Domain Summary (9)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-25 06:03:02 UTC 34.102.187.140
img1.wsimg.com (9) 9893 2012-06-20 14:42:31 UTC 2020-04-15 04:54:15 UTC 23.36.79.16
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 100.20.30.105
r3.o.lencr.org (6) 344 No data No data 23.36.77.32
portal.alri.tj (14) 0 2021-05-24 09:15:08 UTC 2022-11-25 04:02:34 UTC 46.20.206.52 Unknown ranking
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-25 05:51:47 UTC 34.117.237.239
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 portal.alri.tj/wp-includes/index_files/polyfill.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/heartbeat.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/vendorsbrowser-deprecation-banner.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/utilityheader.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/tti.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/vendor.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/vendorsheader-cart.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/uxcore2.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/login-panel.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/splitio.js Phishing
2022-11-25 2 portal.alri.tj/wp-includes/index_files/tcc.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 46.20.206.52
Date UQ / IDS / BL URL IP
2023-02-01 07:50:35 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:38 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:30 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:26 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:54:29 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52


Last 5 reports on ASN: LLC Babilon-T
Date UQ / IDS / BL URL IP
2023-02-01 07:50:35 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:38 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:30 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:26 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:54:29 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52


Last 5 reports on domain: alri.tj
Date UQ / IDS / BL URL IP
2023-02-01 07:50:35 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:38 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:30 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:55:26 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-29 13:54:29 +0000 0 - 1 - 0 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-28 12:45:37 +0000 29 - 1 - 11 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-28 12:45:26 +0000 29 - 1 - 11 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-28 10:09:20 +0000 29 - 1 - 11 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-28 08:32:34 +0000 29 - 1 - 11 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52
2023-01-28 04:09:33 +0000 27 - 1 - 11 portal.alri.tj/wp-includes/login.php?cmd=logi (...) 46.20.206.52

JavaScript

Executed Scripts (15)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (42)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3143
Expires: Fri, 25 Nov 2022 13:17:13 GMT
Date: Fri, 25 Nov 2022 12:24:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5224
Cache-Control: max-age=171208
Date: Fri, 25 Nov 2022 12:24:50 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:58:18 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 12:19:06 GMT
cache-control: public,max-age=3600
age: 344
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/7.3.1, ASP.NET
Date: Fri, 25 Nov 2022 12:24:49 GMT
Content-Length: 26182


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (27098), with CRLF line terminators
Size:   26182
Md5:    1df639c8783038f88804971d40438d3c
Sha1:   f60f6331acc79d354755ffc893256ccc7513cac9
Sha256: 925ea716248668935ff736c9b743d66d3b4c259f32b70a77a522ea2846bf0626
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11414
Expires: Fri, 25 Nov 2022 15:35:04 GMT
Date: Fri, 25 Nov 2022 12:24:50 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: larp3dxMV6MzEiRKlZ4eHNw3BHMI44a+svBhZJPogZgP1atigAHq6/Cxr/CFyRKdkRLbA92b5iY=
x-amz-request-id: 36XJTH7YFCFD5TYP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 11:43:49 GMT
age: 2462
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 12:24:51 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: application/font-woff2
                                        
last-modified: Thu, 21 Dec 2017 23:08:05 GMT
accept-ranges: bytes
etag: "2a87a78eb07ad31:0"
content-length: 25832
cache-control: max-age=31536000
expires: Sat, 25 Nov 2023 12:24:51 GMT
date: Fri, 25 Nov 2022 12:24:51 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Size:   25832
Md5:    5e657b0e761b49a877c1a5feca42b9ce
Sha1:   4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
Sha256: a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
                                        
                                            GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: application/font-woff2
                                        
last-modified: Thu, 21 Dec 2017 23:08:07 GMT
accept-ranges: bytes
etag: "ec1d1690b07ad31:0"
content-length: 26620
cache-control: max-age=31536000
expires: Sat, 25 Nov 2023 12:24:51 GMT
date: Fri, 25 Nov 2022 12:24:51 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Size:   26620
Md5:    1a72b2c4f5f947f55af7ff106cb51a85
Sha1:   a359cd12931ff947baf7783e6aad174d1f83aa98
Sha256: 4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
                                        
                                            GET /ux/fonts/gd-sage/1.0/gd-sage-bold.woff2 HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: application/font-woff2
                                        
last-modified: Thu, 04 Apr 2019 17:08:28 GMT
accept-ranges: bytes
etag: "36811569ebd41:0"
content-length: 40132
cache-control: max-age=31536000
expires: Sat, 25 Nov 2023 12:24:51 GMT
date: Fri, 25 Nov 2022 12:24:51 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), CFF, length 40132, version 1.66\012- data
Size:   40132
Md5:    162c9e176014c90e76618bd4b7a8a3f0
Sha1:   7fec64f1167b3086a533379a307f257eb777c129
Sha256: 89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
                                        
                                            GET /wp-includes/index_files/polyfill.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT
Content-Length: 182


--- Additional Info ---
Magic:  ASCII text
Size:   182
Md5:    6b7f8e85fb1346fda2c1e59d77e92ba8
Sha1:   461d736444c0c3b9a6809b905371486b42f8e853
Sha256: b383d9f34eb488bc226039331ffffd5510a05b7538de5548147dc2d5e05c7d93

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/index_files/heartbeat.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cccd50cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT
Content-Length: 1495


--- Additional Info ---
Magic:  ASCII text, with very long lines (2577)
Size:   1495
Md5:    2f8fd474adbe4815282d788974c94319
Sha1:   3ea112fff5fcb9ba84d5ea8546686b42ab9ceb89
Sha256: 02ded1490d86402401a1ac8e686beb20f4bf53e9b7625eabf6904fdcca021878

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ux/fonts/uxfont/2.0/uxfont.woff2 HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: application/font-woff2
                                        
last-modified: Fri, 30 Aug 2019 20:19:50 GMT
accept-ranges: bytes
etag: "0b76f46705fd51:0"
content-length: 12096
cache-control: max-age=31536000
expires: Sat, 25 Nov 2023 12:24:51 GMT
date: Fri, 25 Nov 2022 12:24:51 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12096, version 1.0\012- data
Size:   12096
Md5:    4810a19d6fb1d3244fc70cf4de1fafe7
Sha1:   d6e5165c861b57f74d97fb30dc1b3286dcc49c76
Sha256: 87c0f2934654d71243acb7e4fe45c610dc93eef0ccf6e1d5de01c1ef7f06daf5
                                        
                                            GET /wp-includes/index_files/vendorsbrowser-deprecation-banner.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT
Content-Length: 5229


--- Additional Info ---
Magic:  ASCII text, with very long lines (12690)
Size:   5229
Md5:    f7316524f7f3103b383adf3b8a74943d
Sha1:   2f9578bf4031150dfb4c3f340b7f1918dd3cae0f
Sha256: b2142069329002d79684e4290e6c674a2b45e5156d093c328e0feb46696afaec

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 12:11:11 GMT
cache-control: public,max-age=3600
age: 820
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4960
Cache-Control: max-age=165880
Date: Fri, 25 Nov 2022 12:24:51 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:29:31 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /wp-includes/index_files/utilityheader.css HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT
Content-Length: 15959


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   15959
Md5:    5147b071ece677709e8e508eb9de2633
Sha1:   54749ba62ef1773bf39610aacf86b738e187d685
Sha256: 470dd45f4f174e44d1b57c9ef6f9db3a6fe2c657a887ac9feedd1b29d64ba506
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 93XrONUu+jeY+d8SboDiLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         100.20.30.105
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sLuHvzp6Ds/GUtWW9nmO0rCXxRw=

                                        
                                            GET /wp-includes/index_files/utilityheader.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT
Content-Length: 55809


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Size:   55809
Md5:    92e06357de9f7a76cf52d67859358eed
Sha1:   df37d567259fd61b52d1ff1436424b0f5f3eb34c
Sha256: 849b6f88ab8fae199c372fbfa739bd8f2db8b79d1f0bcfb959dff69ad7c19930

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/index_files/tti.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:52 GMT
Content-Length: 7661


--- Additional Info ---
Magic:  ASCII text, with very long lines (17769)
Size:   7661
Md5:    241198855ad46b19c1ac550c2d402fb7
Sha1:   2d0269484b478cd2669e57ed04eaa78b4d0d64ac
Sha256: 01bec00d342153a0455fe6f03d596817f97bea9c1b28d81aa7ae085fe5d8a6d5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/index_files/vendor.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   80420
Md5:    1f6ecbce2b7453826da45043cc0e5380
Sha1:   ebe06523c31b0d69f109c5dda1390698beb16a8a
Sha256: 8e3cecb2d9b1cee6821e5f9757108ce6235aba1a798bef4503cc37fa2d23db3a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/index_files/uxcore2.css HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT
Content-Length: 51539


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size:   51539
Md5:    f27faeeacb3053c93da2e5dfe87af3eb
Sha1:   bf1bb059aab56d8ac4681fdae646c9230733432c
Sha256: dfefe14de6163c4ab7b29e55732ce3aae5f17717a51c0de9216172947c4e6a35
                                        
                                            GET /wp-includes/index_files/vendorsheader-cart.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:52 GMT
Content-Length: 17781


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (55940)
Size:   17781
Md5:    a25d9ce66ced104aca1e908d25b8d3cc
Sha1:   4b2466a4e1d82959fc475562fa5495dc65701aba
Sha256: bc52e2dd183dab4332dd832c76a454adb6c6a807ecca7176ce4fa945b06788a2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 12:24:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 12:24:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 12:24:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8827
Expires: Fri, 25 Nov 2022 14:52:00 GMT
Date: Fri, 25 Nov 2022 12:24:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q53jN1uOtSdeThbk2_0UF6Rl3g4_-_TW7uK1_6Z5oDwSTSRk8XRjyQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:08 GMT
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
age: 53385
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8006
Md5:    8b6ee13d43732f7c764a49500d092865
Sha1:   5d15fd672e968d59b541e4d5d0d01cd5e69f4075
Sha256: fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 02:07:28 GMT
age: 37045
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:47:08 GMT
age: 52665
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9e23502-5ace-42f4-a990-42412dc7e04e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6385
x-amzn-requestid: 4c2a84f7-f038-4f5a-86c2-5c8ce1a48c6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cI5NVFMAoAMFn7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63803bee-45c6411c2430e2375f530dd8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 03:52:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fj82i9qJmEiUy2DOkkowq8WRyzupMwNyQqu110sJ3o72HEW4yb7bjQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 07:22:46 GMT
age: 18127
etag: "9b8aafcda0e22edcc16d3048f4b88659d3b42419"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6385
Md5:    f6292a2988fb4505d0098553b8e99ddc
Sha1:   9b8aafcda0e22edcc16d3048f4b88659d3b42419
Sha256: 16b7b473229c5e519ab81b385c50277424f3f3b2a5d7647035e84ba58e44f3be
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fac98a873-8b46-43f5-9ac0-fc1cc1a0cd81.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11249
x-amzn-requestid: 8f679d7f-2ea5-4e47-b78d-79af59435a62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFPHYHkAIAMFpBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec562-26108a785e910dc3355d58f1;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 01:14:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NKwpIdw2RZNZNh69AF5GNvunA_QfRGClvzcRP3zYwn7c8BLBlt097g==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 08:37:15 GMT
age: 13658
etag: "85d3baad9217af2b5d75c019d2ef95dbb919a788"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11249
Md5:    481c033b9ffd030ff0de6e35cf788b47
Sha1:   85d3baad9217af2b5d75c019d2ef95dbb919a788
Sha256: 02443c7869914c2b29892deb0c645395bcf4e8379da3cf20974614ff9c92893b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe021fc4e-f76c-4fe9-9470-b59452c93459.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11401
x-amzn-requestid: 3bc374eb-7d70-4b95-94a7-2ad06cae4726
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCtHcmoAMFxgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-333793987245ff9e741b9aed;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K4A6bdVv0gauO3YWTEPWMS6fhuB9CZ6o5dUL-O6G5-NzqOGQRzQLUw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:30:31 GMT
age: 50062
etag: "4b131a189db1b615e2519a28cad83d78297ab67f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11401
Md5:    eb94ecb5881a7e49d964e4287d11e7a4
Sha1:   4b131a189db1b615e2519a28cad83d78297ab67f
Sha256: f3693e29eb7b72361093434142e3f18969c1a0b02350fab430fa29c7c127bd1a
                                        
                                            GET /wp-includes/index_files/uxcore2.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "c3f457cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size:   79164
Md5:    716650a905d43164c293ac88ea2898ce
Sha1:   b9a66269e8b6033d2ed023b99784b62c7148a345
Sha256: 02140602c7bc258f701ff83036dff5991c0ef7449aa2d296c88a63befa45af41

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/index_files/login-panel.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:52 GMT


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (44600), with NEL line terminators
Size:   159698
Md5:    a4f0e30653b0423f5141d242540f103b
Sha1:   081e391ce64eec16d6454e63f882eb2163fbea0d
Sha256: 99b47339bbd6cd4fcc5b7e1bb2add0dacbd605af94f6fee846be44916f829c08

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/index_files/splitio.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Transfer-Encoding: chunked
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "cf2e53cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:52 GMT


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65504), with no line terminators
Size:   72871
Md5:    7eb9b2b5613d4e36258ae24128046ae1
Sha1:   b255ecaad1f8b740c7708caa097a63a5afe10ec1
Sha256: 2bfae3b42f995c6382dd2d2577206b9b9453fed2ac409006eead6a06a67b6cdf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/index_files/tcc.js HTTP/1.1 
Host: portal.alri.tj
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://portal.alri.tj/wp-includes/login.php?cmd=login_submit&id=ntc2otixmzgzntc2otixmzgz&session=ntc2otixmzgzntc2otixmzgz

search
                                         46.20.206.52
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 23:10:04 GMT
Accept-Ranges: bytes
ETag: "639255cfd7b8d81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Fri, 25 Nov 2022 12:24:51 GMT
Content-Length: 35422


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   35422
Md5:    672180e44a56107a517319808d5d24e5
Sha1:   9f133425890eb8a8d9978001f6d4f4ff1db6f9d9
Sha256: a359fa952057eeb2d7a000816784e036a4eec5f569297790c2d19883f4a4de78

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ux/favicon/android-icon-192x192.png HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Mon, 13 Jan 2020 21:50:05 GMT
accept-ranges: bytes
etag: "8024356a5bcad51:0"
content-length: 3875
cache-control: max-age=31536000
expires: Sat, 25 Nov 2023 12:24:54 GMT
date: Fri, 25 Nov 2022 12:24:54 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size:   3875
Md5:    fcf2e3f67a6d5f477a77363355ca6131
Sha1:   365e6dec6683632d742993a1bffd1a8826459774
Sha256: 75687db078ab91e868922b75c8152cd2e0633be4ef46e21e7b86450458766cc7
                                        
                                            GET /ux/favicon/favicon-16x16.png HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Tue, 14 Jan 2020 16:15:08 GMT
accept-ranges: bytes
etag: "fcda62caf5cad51:0"
content-length: 413
mpulse_origin_time: 401
mpulse_cdn_cache: MISS
cache-control: max-age=31536000
expires: Sat, 25 Nov 2023 12:24:54 GMT
date: Fri, 25 Nov 2022 12:24:54 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   413
Md5:    94a6664142d63ad2f714d0f3f128765e
Sha1:   09405c1486c94454382ecd68f70c60b88f780c61
Sha256: 64c7b90ea55b261ab14794c3cdf43de94460001476abdc563e79c55e1c83bc4d
                                        
                                            GET /ux/fonts/sherpa/1.0/gdsherpa-bold.woff2 HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/

search
                                         23.36.79.16
HTTP/1.1 200 OK
Content-Type: application/font-woff2
                                        
Last-Modified: Thu, 21 Dec 2017 23:08:05 GMT
Accept-Ranges: bytes
ETag: "2a87a78eb07ad31:0"
Content-Length: 25832
Cache-Control: max-age=31536000
Expires: Sat, 25 Nov 2023 12:24:54 GMT
Date: Fri, 25 Nov 2022 12:24:54 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 25832, version 1.2949\012- data
Size:   25832
Md5:    5e657b0e761b49a877c1a5feca42b9ce
Sha1:   4d7dbfc4fefbd62eeb9a762b599a8293d048c4e2
Sha256: a976c28db56ea7a1e01ccb2b67f9ad923a0cfae8e0be17d0037b29ebb0e6c270
                                        
                                            GET /ux/fonts/sherpa/1.0/gdsherpa-regular.woff2 HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://portal.alri.tj
Connection: keep-alive
Referer: http://portal.alri.tj/

search
                                         23.36.79.16
HTTP/1.1 200 OK
Content-Type: application/font-woff2
                                        
Last-Modified: Thu, 21 Dec 2017 23:08:07 GMT
Accept-Ranges: bytes
ETag: "ec1d1690b07ad31:0"
Content-Length: 26620
Cache-Control: max-age=31536000
Expires: Sat, 25 Nov 2023 12:24:54 GMT
Date: Fri, 25 Nov 2022 12:24:54 GMT
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 26620, version 1.2949\012- data
Size:   26620
Md5:    1a72b2c4f5f947f55af7ff106cb51a85
Sha1:   a359cd12931ff947baf7783e6aad174d1f83aa98
Sha256: 4e729cb03aae3843f08d49b187de566cce586da0b384787cc304dbe43a713b70
                                        
                                            GET /wrhs/ee768b37adbe1f761458e24514bec4b1/tti.min.js HTTP/1.1 
Host: img1.wsimg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://portal.alri.tj/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.16
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: iYcMG2E9RHA5oNr/benJ9bNR9T74ICLB8AFrYSPBqYNb7aGiyvzzBqV3I3DZT1GworGCnk3yopI=
x-amz-request-id: D1FN6NMWTM73NKMN
last-modified: Fri, 08 Nov 2019 23:54:02 GMT
etag: "ee768b37adbe1f761458e24514bec4b1"
x-amz-server-side-encryption: AES256
x-amz-version-id: B3EGsm1LpWxPXmGYQbjAOuKrVNPUh8a2
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=31536000
expires: Sat, 25 Nov 2023 12:24:55 GMT
date: Fri, 25 Nov 2022 12:24:55 GMT
content-length: 6288
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17769)
Size:   6288
Md5:    a6cc9752a2019e0395a80869ded57529
Sha1:   0698f5f504cbef454fb3c9fc5027b8d38f14c14c
Sha256: 618553560f09815c349038dce26a0eee4db74aad5078ce4ae267fde303aee17d