aaa.lotusib.ir Open in urlscan Pro
46.209.70.253  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://crmticket.sanayco.ir/ Page URL
2. https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response crmticket.sanayco.ir/	1 KB 621 B	994ms 127ms	Document text/html	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / PleskLin Resource Hash fe0e8ceb5d49b5ee542f2ddff052f6a03e7f55f78a78c5f9555cbdf350189308 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Sun, 14 Nov 2021 07:40:39 GMT content-type text/html last-modified Wed, 10 Nov 2021 06:08:01 GMT vary Accept-Encoding etag W/"618b61c1-45e" x-cache-status BYPASS x-powered-by PleskLin content-encoding br
GET H2	200	css fonts.googleapis.com/	6 KB 758 B	38ms 16ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:300,400,500&display=swap Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2eb3c6f7141618152e18ea9aa0065e841b51393c426c673ab4ba69aa948b8eff Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://crmticket.sanayco.ir/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc clear x-xss-protection 0 last-modified Sun, 14 Nov 2021 06:28:18 GMT server ESF date Sun, 14 Nov 2021 07:40:39 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 14 Nov 2021 07:40:39 GMT
GET H2	200	icon fonts.googleapis.com/	569 B 705 B	37ms 15ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/icon?family=Material+Icons Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0c5e1da94a728c7a8cc4363b44d961c94459111d362eef8cf7895a9c6234d17c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://crmticket.sanayco.ir/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc clear x-xss-protection 0 last-modified Sun, 14 Nov 2021 07:40:39 GMT server ESF date Sun, 14 Nov 2021 07:40:39 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 14 Nov 2021 07:40:39 GMT
GET H2	200	styles.87e2a7c4dd0d265a03d9.css crmticket.sanayco.ir/	419 KB 52 KB	286ms 284ms	Stylesheet text/css	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/styles.87e2a7c4dd0d265a03d9.css Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash c207e5bf3b2d32bf99187224ce8c4c74ad9f595f5cd32f8e914f6abd9ea1b3b3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://crmticket.sanayco.ir/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:39 GMT content-encoding br last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag W/"618b61c1-68d88" vary Accept-Encoding content-type text/css cache-control max-age=31536000, public
GET H2	200	runtime-es2015.c5fa8325f89fc516600b.js Show response crmticket.sanayco.ir/	1 KB 861 B	404ms 403ms	Script application/javascript	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/runtime-es2015.c5fa8325f89fc516600b.js Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash 6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8 Request headers Referer https://crmticket.sanayco.ir/ Origin https://crmticket.sanayco.ir Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:39 GMT content-encoding br last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag W/"618b61c1-5cd" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000, public
GET H2	200	polyfills-es2015.5b10b8fd823b6392f1fd.js Show response crmticket.sanayco.ir/	36 KB 12 KB	404ms 403ms	Script application/javascript	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/polyfills-es2015.5b10b8fd823b6392f1fd.js Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash cbc6e7c903c128a1e6bb6a7ecb6d2007b92327c1c8f7f0519eadec261da00074 Request headers Referer https://crmticket.sanayco.ir/ Origin https://crmticket.sanayco.ir Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:39 GMT content-encoding br last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag W/"618b61c1-90bd" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000, public
GET H2	200	scripts.e830bc4b1bbb9d40b314.js Show response crmticket.sanayco.ir/	90 KB 24 KB	404ms 403ms	Script application/javascript	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/scripts.e830bc4b1bbb9d40b314.js Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash 2e9d87717581e259bd6886b0ecd1f181706fd6c748ff5182d67c4ef7fd3e44e0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://crmticket.sanayco.ir/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:39 GMT content-encoding br last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag W/"618b61c1-169ee" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000, public
GET H2	200	main-es2015.6526fccf27e1f6d0050b.js Show response crmticket.sanayco.ir/	1 MB 279 KB	404ms 403ms	Script application/javascript	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/main-es2015.6526fccf27e1f6d0050b.js Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash 32756fe5eb0f7ebff6ecb28d0f602f5f0b7869706e6eb9a1d1439f457c875297 Request headers Referer https://crmticket.sanayco.ir/ Origin https://crmticket.sanayco.ir Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:39 GMT content-encoding br last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag W/"618b61c1-143d8f" vary Accept-Encoding content-type application/javascript cache-control max-age=31536000, public
GET H2	200	iranyekanwebregular(fanum).e46ea675fa291d7425d9.woff2 crmticket.sanayco.ir/	24 KB 24 KB	216ms 215ms	Font font/woff2	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/iranyekanwebregular(fanum).e46ea675fa291d7425d9.woff2 Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/styles.87e2a7c4dd0d265a03d9.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash b9fe23094a1e9bcdc2ab5a5a10be45488dfdadec8623bc86cd183a4e55a04808 Request headers Referer https://crmticket.sanayco.ir/styles.87e2a7c4dd0d265a03d9.css Origin https://crmticket.sanayco.ir Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:40 GMT last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag "618b61c1-5f08" content-type font/woff2 cache-control max-age=31536000, public accept-ranges bytes content-length 24328
GET H2	200	Primary Request auth Show response aaa.lotusib.ir/auth/realms/oidc_realm/protocol/openid-connect/	3 KB 4 KB	413ms 132ms	Document text/html	46.209.70.253 RESPINA-AS
General Check archive.org Show headers Download Go to Full URL https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/main-es2015.6526fccf27e1f6d0050b.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.209.70.253 , Iran, Islamic Republic Of, ASN42337 (RESPINA-AS, IR), Reverse DNS Software / Resource Hash 08b6d5f998bab0eeccc6145eecabe93dd1e9f6a0c60b5716e3bd5b00ed5ba6f9 Security Headers Name Value Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none'; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://crmticket.sanayco.ir/ Response headers cache-control no-store, must-revalidate, max-age=0 x-xss-protection 1; mode=block x-frame-options SAMEORIGIN content-security-policy frame-src 'self'; frame-ancestors 'self'; object-src 'none'; date Sun, 14 Nov 2021 07:40:41 GMT x-robots-tag none strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff content-type text/html;charset=utf-8 content-length 2693 content-language en
GET H2	200	alfresco-logo.svg crmticket.sanayco.ir/assets/images/	17 KB 17 KB	149ms 149ms	Image image/svg+xml	185.192.112.107 POL
General Check archive.org Show headers Download Go to Show image Full URL https://crmticket.sanayco.ir/assets/images/alfresco-logo.svg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://crmticket.sanayco.ir/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:40 GMT last-modified Wed, 10 Nov 2021 06:07:56 GMT server nginx etag "618b61bc-4215" content-type image/svg+xml cache-control max-age=31536000, public accept-ranges bytes content-length 16917
GET H2	200	header-bg-lines.50537d308ee1a5035af9.png crmticket.sanayco.ir/	3 KB 3 KB	140ms 140ms	Image image/png	185.192.112.107 POL
General Check archive.org Show headers Download Go to Show image Full URL https://crmticket.sanayco.ir/header-bg-lines.50537d308ee1a5035af9.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://crmticket.sanayco.ir/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:40 GMT last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag "618b61c1-a4a" content-type image/png cache-control max-age=31536000, public accept-ranges bytes content-length 2634
GET H2	200	iranyekanwebbold(fanum).9be2c23624d9e98a7b71.woff2 crmticket.sanayco.ir/	24 KB 24 KB	140ms 140ms	Font font/woff2	185.192.112.107 POL
General Check archive.org Show headers Download Go to Full URL https://crmticket.sanayco.ir/iranyekanwebbold(fanum).9be2c23624d9e98a7b71.woff2 Requested by Host: crmticket.sanayco.ir URL: https://crmticket.sanayco.ir/styles.87e2a7c4dd0d265a03d9.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.192.112.107 , Iran, Islamic Republic Of, ASN60976 (POL, IR), Reverse DNS server6007.dnslake.com Software nginx / Resource Hash Request headers Referer https://crmticket.sanayco.ir/styles.87e2a7c4dd0d265a03d9.css Origin https://crmticket.sanayco.ir Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers pragma public date Sun, 14 Nov 2021 07:40:40 GMT last-modified Wed, 10 Nov 2021 06:08:01 GMT server nginx etag "618b61c1-5ef4" content-type font/woff2 cache-control max-age=31536000, public accept-ranges bytes content-length 24308
GET H2	200	login.css aaa.lotusib.ir/auth/resources/6.0.1/login/customTheme/css/	4 KB 4 KB	118ms 117ms	Stylesheet text/css	46.209.70.253 RESPINA-AS
General Check archive.org Show headers Download Go to Full URL https://aaa.lotusib.ir:12843/auth/resources/6.0.1/login/customTheme/css/login.css Requested by Host: aaa.lotusib.ir URL: https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.209.70.253 , Iran, Islamic Republic Of, ASN42337 (RESPINA-AS, IR), Reverse DNS Software / Resource Hash 6c0cbce605f9dbcb948f3b57a024155301c459f40c5d6fdd257276512966ee09 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 14 Nov 2021 07:40:41 GMT cache-control max-age=2592000 content-length 3923 content-type text/css;charset=UTF-8
GET H2	200	css fonts.googleapis.com/	1 KB 580 B	17ms 17ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=El+Messiri&display=swap Requested by Host: aaa.lotusib.ir URL: https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 704ac01df1a18d0b9ee1b18698cfb0bd7c60a004c214c998548f551bd1117e08 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaa.lotusib.ir:12843/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc clear x-xss-protection 0 last-modified Sun, 14 Nov 2021 07:40:41 GMT server ESF date Sun, 14 Nov 2021 07:40:41 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 14 Nov 2021 07:40:41 GMT
GET H2	200	alfresco-logo.svg aaa.lotusib.ir/auth/resources/6.0.1/login/customTheme/img/	17 KB 17 KB	239ms 239ms	Image image/svg+xml	46.209.70.253 RESPINA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://aaa.lotusib.ir:12843/auth/resources/6.0.1/login/customTheme/img/alfresco-logo.svg Requested by Host: aaa.lotusib.ir URL: https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.209.70.253 , Iran, Islamic Republic Of, ASN42337 (RESPINA-AS, IR), Reverse DNS Software / Resource Hash 8ba9c2d80a595e64fe8f06eaa48e9aaf23de1a41d58124ba7781bcfeb559dd12 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 14 Nov 2021 07:40:41 GMT cache-control max-age=2592000 content-type image/svg+xml
GET H2	200	eye-off.png aaa.lotusib.ir/auth/resources/6.0.1/login/customTheme/img/	692 B 754 B	239ms 239ms	Image image/png	46.209.70.253 RESPINA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://aaa.lotusib.ir:12843/auth/resources/6.0.1/login/customTheme/img/eye-off.png Requested by Host: aaa.lotusib.ir URL: https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.209.70.253 , Iran, Islamic Republic Of, ASN42337 (RESPINA-AS, IR), Reverse DNS Software / Resource Hash 7dc486b5cbcdbc8a822dae39d59009f2c5258d1d8b61ed51d16adb7410b325a6 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 14 Nov 2021 07:40:41 GMT cache-control max-age=2592000 content-length 692 content-type image/png
GET H2	200	background.jpg aaa.lotusib.ir/auth/resources/6.0.1/login/customTheme/img/	2 MB 2 MB	129ms 129ms	Image image/jpeg	46.209.70.253 RESPINA-AS
General Check archive.org Show headers Download Go to Show image Full URL https://aaa.lotusib.ir:12843/auth/resources/6.0.1/login/customTheme/img/background.jpg Requested by Host: aaa.lotusib.ir URL: https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 46.209.70.253 , Iran, Islamic Republic Of, ASN42337 (RESPINA-AS, IR), Reverse DNS Software / Resource Hash 1752feb65df34455b02b45247f916559c513375a67fa43ca6b53acd6f6edce8b Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaa.lotusib.ir:12843/auth/realms/oidc_realm/protocol/openid-connect/auth?client_id=meapp&redirect_uri=https%3A%2F%2Fcrmticket.sanayco.ir%2F&state=10388eed-7c48-4602-8c88-e8a4320668a2&response_mode=fragment&response_type=code&scope=openid&nonce=397ea470-f2b0-41ba-9e59-0c8adca10b92 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Sun, 14 Nov 2021 07:40:41 GMT cache-control max-age=2592000 content-type image/jpeg
GET H2	200	K2FhfZBRmr9vQ1pHEey6GIGo8_pv3myYjuXwe55njDw.woff2 fonts.gstatic.com/s/elmessiri/v10/	13 KB 13 KB	31ms 9ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/elmessiri/v10/K2FhfZBRmr9vQ1pHEey6GIGo8_pv3myYjuXwe55njDw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=El+Messiri&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash aea87bb56b5e262e31addca04d0f1522faf0b66364ae980c4ce6ea1d99ea280e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://aaa.lotusib.ir:12843 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 01:15:29 GMT x-content-type-options nosniff age 282312 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc clear content-length 13344 x-xss-protection 0 last-modified Thu, 16 Sep 2021 18:18:20 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Fri, 11 Nov 2022 01:15:29 GMT
GET H2	200	K2FhfZBRmr9vQ1pHEey6GIGo8_pv3myYjuXwe55ijDz-oQ.woff2 fonts.gstatic.com/s/elmessiri/v10/	10 KB 10 KB	29ms 7ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/elmessiri/v10/K2FhfZBRmr9vQ1pHEey6GIGo8_pv3myYjuXwe55ijDz-oQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=El+Messiri&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f1aacb6dcae19c4548ddc7720d8356025d9aacb4faa125219e74e4297b2ac78b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://aaa.lotusib.ir:12843 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 11 Nov 2021 13:32:10 GMT x-content-type-options nosniff age 238111 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc clear content-length 9992 x-xss-protection 0 last-modified Thu, 16 Sep 2021 18:14:54 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Fri, 11 Nov 2022 13:32:10 GMT

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| togglePassword

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			aaa.lotusib.ir/auth/realms/oidc_realm/	1969-12-31 23:59:59	Name: AUTH_SESSION_ID Value: 2dd6b634-8a0d-4200-bfb9-567c57bd29d5.pl-crmsrv
			aaa.lotusib.ir/auth/realms/oidc_realm/	1969-12-31 23:59:59	Name: KC_RESTART Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxNDQyNzE3Mi1iMThjLTQzZmUtOTg2MS0xN2FkNjA0NTY5OTAifQ.eyJjaWQiOiJtZWFwcCIsInB0eSI6Im9wZW5pZC1jb25uZWN0IiwicnVyaSI6Imh0dHBzOi8vY3JtdGlja2V0LnNhbmF5Y28uaXIvIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQiLCJpc3MiOiJodHRwczovL2FhYS5sb3R1c2liLmlyOjEyODQzL2F1dGgvcmVhbG1zL29pZGNfcmVhbG0iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6InBsYWluIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9jcm10aWNrZXQuc2FuYXljby5pci8iLCJzdGF0ZSI6IjEwMzg4ZWVkLTdjNDgtNDYwMi04Yzg4LWU4YTQzMjA2NjhhMiIsIm5vbmNlIjoiMzk3ZWE0NzAtZjJiMC00MWJhLTllNTktMGM4YWRjYTEwYjkyIiwicmVzcG9uc2VfbW9kZSI6ImZyYWdtZW50In19.PwECb4B1JRW4kUiMn8wrOrOEGNZXkKbqNNs3g_QOARg

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aaa.lotusib.ir
crmticket.sanayco.ir
fonts.googleapis.com
fonts.gstatic.com
185.192.112.107
2a00:1450:4001:808::2003
2a00:1450:4001:813::200a
46.209.70.253
08b6d5f998bab0eeccc6145eecabe93dd1e9f6a0c60b5716e3bd5b00ed5ba6f9
0c5e1da94a728c7a8cc4363b44d961c94459111d362eef8cf7895a9c6234d17c
1752feb65df34455b02b45247f916559c513375a67fa43ca6b53acd6f6edce8b
2e9d87717581e259bd6886b0ecd1f181706fd6c748ff5182d67c4ef7fd3e44e0
2eb3c6f7141618152e18ea9aa0065e841b51393c426c673ab4ba69aa948b8eff
32756fe5eb0f7ebff6ecb28d0f602f5f0b7869706e6eb9a1d1439f457c875297
6c0cbce605f9dbcb948f3b57a024155301c459f40c5d6fdd257276512966ee09
6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8
704ac01df1a18d0b9ee1b18698cfb0bd7c60a004c214c998548f551bd1117e08
7dc486b5cbcdbc8a822dae39d59009f2c5258d1d8b61ed51d16adb7410b325a6
8ba9c2d80a595e64fe8f06eaa48e9aaf23de1a41d58124ba7781bcfeb559dd12
aea87bb56b5e262e31addca04d0f1522faf0b66364ae980c4ce6ea1d99ea280e
b9fe23094a1e9bcdc2ab5a5a10be45488dfdadec8623bc86cd183a4e55a04808
c207e5bf3b2d32bf99187224ce8c4c74ad9f595f5cd32f8e914f6abd9ea1b3b3
cbc6e7c903c128a1e6bb6a7ecb6d2007b92327c1c8f7f0519eadec261da00074
f1aacb6dcae19c4548ddc7720d8356025d9aacb4faa125219e74e4297b2ac78b
fe0e8ceb5d49b5ee542f2ddff052f6a03e7f55f78a78c5f9555cbdf350189308