Overview

URL r3r.p.devgroup.su/
IP89.223.29.112
ASN
Location Russian Federation
Report completed2017-08-19 22:26:55 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-08-19 22:26:21 CEST 1 Client IP  89.223.29.112 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2017-08-19 22:26:22 CEST 1 Client IP  89.223.29.112 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2017-08-19 22:26:21 CEST 1 Client IP  89.223.29.112 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 89.223.29.112

Date UQ / IDS / BL URL IP
2017-11-23 09:08:17 +0100
0 - 5 - 0 everytag.p.devgroup.su/ 89.223.29.112
2017-11-23 09:02:20 +0100
0 - 7 - 0 r3r.p.devgroup.su/ 89.223.29.112
2017-11-23 08:59:10 +0100
0 - 3 - 0 mskbuh.p.devgroup.su/ 89.223.29.112
2017-11-23 08:56:06 +0100
0 - 3 - 0 eb.ru.p.devgroup.su/ 89.223.29.112
2017-11-23 08:53:11 +0100
0 - 7 - 0 nastya.p.devgroup.su/ 89.223.29.112
2017-11-23 03:06:55 +0100
0 - 6 - 0 p.devgroup.su/ 89.223.29.112
2017-11-23 02:08:03 +0100
0 - 5 - 0 r3r.p.devgroup.su/ 89.223.29.112
2017-11-23 02:05:54 +0100
0 - 3 - 0 mskbuh.p.devgroup.su/ 89.223.29.112
2017-11-23 02:01:49 +0100
0 - 5 - 0 nastya.p.devgroup.su/ 89.223.29.112
2017-11-23 01:55:45 +0100
0 - 1 - 0 km41.p.devgroup.su/ 89.223.29.112

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2017-11-23 17:21:02 +0100
0 - 0 - 1 yjelm.instagirlsonline.com/c/679efeecdc3b4d07? 52.211.95.198
2017-11-23 17:19:09 +0100
0 - 1 - 3 validex.fr/mpp/pall/customer_center/customer- (...) 164.132.235.17
2017-11-23 17:18:27 +0100
0 - 0 - 0 https://www.eventbrite.com/e/onlinelive-vikin (...) 34.195.82.122
2017-11-23 17:16:54 +0100
0 - 0 - 0 www.integodownload.com 13.33.244.63
2017-11-23 17:16:01 +0100
0 - 0 - 0 34.211.41.206 34.211.41.206
2017-11-23 17:14:37 +0100
0 - 0 - 0 https://www.eventbrite.com/e/livestreamingvik (...) 34.203.126.169
2017-11-23 17:14:31 +0100
0 - 0 - 29 mjcarroll.ie/nordmende-90cm-induction-hob.html 77.104.129.202
2017-11-23 17:08:37 +0100
0 - 0 - 0 shelljacket.us/quantcast.html?rand\=1511450608917 52.219.20.27
2017-11-23 17:06:44 +0100
0 - 0 - 1 www.cropcraftcreate.com/gallery/showimage.php (...) 37.60.254.44
2017-11-23 17:05:20 +0100
0 - 0 - 2 wcrypt.com/79LY6hwV/2013.08.17_-_Dildo_Girl_E (...) 185.81.128.70

No other reports on domain: .



JavaScript

Executed Scripts (29)


Executed Evals (0)


Executed Writes (4)

#1 JavaScript::Write (size: 168, repeated: 1) - SHA256: f53314a3fb25923942b19e84e9c220ccae9d2ed7e4fd6c24d3ce469e6ed9f7cd

                                        < body onload = "window.fwIframeId='fw-iframe6821778090';document.body.appendChild(document.createElement('script')).src ='https://feed.mikle.com/js/fw-widget.js?v=1.0';" >
                                    

#2 JavaScript::Write (size: 167, repeated: 1) - SHA256: b720833b0cd62bf4b34eb656a0ccf00443bc9500fdaa0a99ccef02bcba093cd7

                                        < body onload = "window.fwIframeId='fw-iframe826479106';document.body.appendChild(document.createElement('script')).src ='https://feed.mikle.com/js/fw-widget.js?v=1.0';" >
                                    

#3 JavaScript::Write (size: 167, repeated: 1) - SHA256: 793594289eae82cafd579addb2dc46c92f7ddeca75fdb9999ec2a14048cbaf47

                                        < iframe id = "fw-iframe6821778090"
name = "fw-iframe6821778090"
height = "150"
width = "150"
class = "fw-iframe"
scrolling = "no"
frameborder = "0"
data - fw - params = "29340/" > < /iframe>
                                    

#4 JavaScript::Write (size: 165, repeated: 1) - SHA256: b37ec9dfbf464ad17743bfe70de332774d67702acd57921581d739524df0618f

                                        < iframe id = "fw-iframe826479106"
name = "fw-iframe826479106"
height = "150"
width = "150"
class = "fw-iframe"
scrolling = "no"
frameborder = "0"
data - fw - params = "29343/" > < /iframe>
                                    


HTTP Transactions (45)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:31 GMT
Content-Length: 21979
Connection: keep-alive
Link: <http://r3r.p.devgroup.su/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   21979
Md5:    57f5bd6a2ec7eaff575c208fe0ba1ca1
Sha1:   1b92fa3b11adc1d15b43bfa395484456ff09497f
Sha256: 14e7641a6bf0261cb70158ab92f015add633f283718cfbe54f18e7bf35f1cdc9

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=4.8.1 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 11845
Last-Modified: Tue, 13 Jun 2017 12:00:00 GMT
Connection: keep-alive
Etag: "593fd3c0-2e45"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C++ program text, with very long lines
Size:   11845
Md5:    8b90a6e26cce1c0a39bfa8b7e0fe909e
Sha1:   c610b59eb330be444b76e102f22f7c6c2eb4dc3f
Sha256: bcb42c4f5eb5b4c7ee08632af417513c6f6002fdf7d4b8d2dea6376f0cadd563
                                        
                                            GET /font-awesome/4.5.0/css/font-awesome.min.css?ver=2.0.5 HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         94.31.29.55
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 19 Aug 2017 20:26:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 23 Nov 2015 18:25:42 GMT
Etag: W/"4fbd15cb6047af93373f4f895639c8bf"
Server: NetDNA-cache/2.2
Expires: Tue, 14 Aug 2018 20:26:21 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6877
Md5:    dc48b06170c850f1865e4ccab33d7e11
Sha1:   1962ecf6e46ec173e9c8835e4f298dad6e6910fb
Sha256: c261582e1c1d920a94fccaff3dca1ffcc76d2253ae8deb18f15c1ce22ca77ce9
                                        
                                            GET /wp-content/plugins/notice-bar/css/ticker-style.css?ver=2.0.5 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 4803
Last-Modified: Fri, 11 Aug 2017 07:29:07 GMT
Connection: keep-alive
Etag: "598d5cc3-12c3"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C program text
Size:   4803
Md5:    e959b16d7d0744ecc6fb418a0ad56318
Sha1:   8b265fda09ba0e6a1a6c27d80480939e6bcf15da
Sha256: 99b151f822f1b9dfb91cded80caa11357d52d413d94e24ce95e5933b6e06f44c
                                        
                                            GET /wp-content/plugins/notice-bar/css/jquery.bxslider.css?ver=2.0.5 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 3641
Last-Modified: Fri, 11 Aug 2017 07:29:07 GMT
Connection: keep-alive
Etag: "598d5cc3-e39"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII English text
Size:   3641
Md5:    60901749986ba9b1b6793aa9b4d3db7a
Sha1:   ebce2b5ab7a39f6f9e36180a77e5b43b44d30bfb
Sha256: 66d19590c5f41f17a3f9ba4591de73f8a81acc6a19994e121d356cb0b854f917
                                        
                                            GET /wp-content/plugins/notice-bar/css/frontend.css?ver=2.0.5 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 3778
Last-Modified: Fri, 11 Aug 2017 07:29:07 GMT
Connection: keep-alive
Etag: "598d5cc3-ec2"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C program text
Size:   3778
Md5:    3e1efe3dea1b475027413af7d9498daa
Sha1:   cccfceb722d043aa598f5c243978c475d4068d5d
Sha256: 393fe334243f4e91ce33bfde80b03dda41a3a624283eb4cce7e60de4711bea0f
                                        
                                            GET /wp-content/plugins/buddypress/bp-templates/bp-legacy/css/twentyseventeen.min.css?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 40372
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Connection: keep-alive
Etag: "598d575d-9db4"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   40372
Md5:    b2d95cbdd66e6b65b0bc9061b09712bf
Sha1:   73b79c7f0ed85280ae95c8486a8e6ecf143795b7
Sha256: fefd3de2d80bb2d6dd156aca41e0e07f58d97eb219ac4a60f9f593fd582426e0
                                        
                                            GET /wp-content/plugins/buddypress/bp-templates/bp-legacy/css/buddypress.min.css?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 37478
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Connection: keep-alive
Etag: "598d575d-9266"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   37478
Md5:    50298d2fd11a6add9ad88842cc0e2d5f
Sha1:   7f7d2c9f1a5646468f756ef14d8faa1c51a21050
Sha256: 228c7f831b9da21a99461ebf238040886c6db86fa4c4e862126533388135b132
                                        
                                            GET /wp-content/themes/twentyseventeen/style.css?ver=4.8.1 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 82584
Last-Modified: Tue, 13 Jun 2017 12:08:09 GMT
Connection: keep-alive
Etag: "593fd5a9-14298"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  UTF-8 Unicode C program text, with very long lines
Size:   82584
Md5:    beb9c40b30dd39b7386cf28368f62ee6
Sha1:   35176662ec0a8dbf3262d31e28dcec1444f3d2e9
Sha256: ae749882a3debfb6884a0d77c486b033ceef41e6a878b509be6fa1b6cbfb8caf

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 10056
Last-Modified: Tue, 23 May 2017 10:07:26 GMT
Connection: keep-alive
Etag: "592409de-2748"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII English text, with very long lines
Size:   10056
Md5:    7121994eec5320fbe6586463bf9651c2
Sha1:   90532aff6d4121954254cdf04994d834f7ec169b
Sha256: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
                                        
                                            GET /wp-content/plugins/buddypress/bp-core/js/widget-members.min.js?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 1214
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Connection: keep-alive
Etag: "598d575d-4be"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   1214
Md5:    50485c32a5ecbf9efeed5bf12981d9ee
Sha1:   c9a64a424d2dd002b21764ff054c5ae50ba80619
Sha256: 535df7aecbed2bae12e73a5588988e0a33cb30f7ffce1535fcdf055700e67f26
                                        
                                            GET /wp-content/plugins/buddypress/bp-core/js/confirm.min.js?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 111
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Etag: "74-55674f250b807-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   111
Md5:    93184edaee4d03fbe393a3cbe63d0578
Sha1:   8907f2a058aaebde2376b6946d59852f6e499d9d
Sha256: 8668a76413f74e5d0a7df0a7ee6af58a9c6b6da5f2cdf744169756fdfd014217
                                        
                                            GET /wp-content/plugins/buddypress/bp-core/js/jquery-query.min.js?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 130
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Etag: "77-55674f250b807-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   130
Md5:    a4e5cb9e2858932da33dc4ad4d6b4c8f
Sha1:   4fd70379d325251020cf527b1470dfe0696fa34b
Sha256: c667d7fad6e39cbf36755f0ab33a712ddbff52c29477f7305531824df19145ad
                                        
                                            GET /wp-content/plugins/buddypress/bp-core/js/vendor/jquery-cookie.min.js?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 1260
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Connection: keep-alive
Etag: "598d575d-4ec"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   1260
Md5:    d833fe9e588d95ca1898efa7b852aade
Sha1:   31ff1112da5b7a91cedc3cbb220391124cffa18c
Sha256: 62f2f3e642ef54a52909525af5a51cec84a1543d3899bee8d169095c2bc73287
                                        
                                            GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 97184
Last-Modified: Tue, 23 May 2017 10:07:26 GMT
Connection: keep-alive
Etag: "592409de-17ba0"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines
Size:   97184
Md5:    8610f03fe77640dee8c4cc924e060f12
Sha1:   076524186dbbdd4c41afbbd6b260d9e46a095811
Sha256: fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
                                        
                                            GET /wp-content/plugins/buddypress/bp-core/js/vendor/jquery-scroll-to.min.js?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 2189
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Connection: keep-alive
Etag: "598d575d-88d"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   2189
Md5:    7087ed48c1053946524a9f0d1ec80829
Sha1:   a4d953a8039e278f11b382636d5c422d2ee6c785
Sha256: 83db688184c9fbb0bc4cfd4a7228745ecfee70452f3357168ea3e3840a2f3524
                                        
                                            GET /avatar/4b47dca3a440540d5b86ddefafcd3bf4?s=50&r=g&d=mm HTTP/1.1 
Host: www.gravatar.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         192.0.73.2
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:21 GMT
Content-Length: 2163
Connection: keep-alive
Last-Modified: Wed, 16 Jul 2008 16:35:33 GMT
Link: <https://www.gravatar.com/avatar/4b47dca3a440540d5b86ddefafcd3bf4?s=50&r=g&d=mm>; rel="canonical"
Content-Disposition: inline; filename="4b47dca3a440540d5b86ddefafcd3bf4.jpeg"
Access-Control-Allow-Origin: *
X-nc: HIT arn 1
Accept-Ranges: bytes
Expires: Sat, 19 Aug 2017 20:31:21 GMT
Cache-Control: max-age=300
Source-Age: 497429


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   2163
Md5:    8ea79d4ce925349722a082222e321364
Sha1:   413e91428cf470276b5009b28a33db41eb7edb59
Sha256: 0d585bcc9c6e19fff18bfafe4f9424107cb307fd005d6c536d409f6516b51426
                                        
                                            GET /wp-content/plugins/notice-bar/js/jquery.ticker.js?ver=2.0.5 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 15990
Last-Modified: Fri, 11 Aug 2017 07:29:07 GMT
Connection: keep-alive
Etag: "598d5cc3-3e76"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C program text, with very long lines
Size:   15990
Md5:    29a321298278a92f1729f2fc497729ea
Sha1:   40499e13005659b3b9e3e757b9178cad719ba46a
Sha256: f2d90d1d52cd6ed57a3d75f8500de85b80fdf9b9a56b5910bb615ca178b16e64
                                        
                                            GET /wp-content/plugins/buddypress/bp-groups/js/widget-groups.min.js?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 1205
Last-Modified: Fri, 11 Aug 2017 07:06:05 GMT
Connection: keep-alive
Etag: "598d575d-4b5"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   1205
Md5:    dbad692f578a4551ca27b241cd2792be
Sha1:   06cc98dc51a95ac344a8a39667ef46dba78b72db
Sha256: fb1ba27ae04a3c017c79cc901ff0eac91a4b692ed1977eb74866a48b035b83fd
                                        
                                            GET /wp-content/plugins/buddypress/bp-templates/bp-legacy/js/buddypress.min.js?ver=2.9.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 34028
Last-Modified: Fri, 11 Aug 2017 07:06:04 GMT
Connection: keep-alive
Etag: "598d575c-84ec"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   34028
Md5:    0094e891afd87e22d2db430febde9765
Sha1:   d5c3b041b8db404edd8d8981e1f8d497061e761a
Sha256: 5fc491d52e29cb2b0bc721efc9f21d8bff781decc498cc8f7e951aefaf3c8d57
                                        
                                            GET /wp-content/plugins/notice-bar/js/jquery.bxslider.min.js?ver=2.0.5 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 19359
Last-Modified: Fri, 11 Aug 2017 07:29:07 GMT
Connection: keep-alive
Etag: "598d5cc3-4b9f"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII English text, with very long lines
Size:   19359
Md5:    697d69a48e5356f7106e38c09f7f19e0
Sha1:   b57160771fa597a5b56c5b12756c693e4829be07
Sha256: bb9e7dc822c6b7b95a6329932885c72ff2caf74b243fc1c40aca0e858123b83e
                                        
                                            GET /wp-content/plugins/notice-bar/js/nb-frontend.js?ver=2.0.5 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 3217
Last-Modified: Fri, 11 Aug 2017 07:29:07 GMT
Connection: keep-alive
Etag: "598d5cc3-c91"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C++ program text
Size:   3217
Md5:    0b5d445a1f8514b01d18d91b5d7f6827
Sha1:   d8bcb63a7f9369ef8ed0c2fe6499b31a617b5101
Sha256: 499c9e46f805e75665ee7da05f8d99f4180298359e66758dadf1fb7d97a59d46
                                        
                                            GET /wp-content/themes/twentyseventeen/assets/js/skip-link-focus-fix.js?ver=1.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 416
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Tue, 13 Jun 2017 12:08:09 GMT
Etag: "2ab-551d649f6b7df-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   416
Md5:    e6f53264ebf762f651ef3c426aba7d7a
Sha1:   c94c31f4cdc7976febd8b722771d433fcd460d87
Sha256: e5dab0bbdb24e72cded213dba7acb5e41a11e2a317279a046e402d1146512404
                                        
                                            GET /wp-content/themes/twentyseventeen/assets/js/jquery.scrollTo.js?ver=2.1.2 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 5836
Last-Modified: Tue, 13 Jun 2017 12:08:09 GMT
Connection: keep-alive
Etag: "593fd5a9-16cc"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C++ program text
Size:   5836
Md5:    16fb1664ddebf663a909c51d40ad7914
Sha1:   2308baa783d4f9ba97f18ace350b7033dcc3c2d3
Sha256: d6a2ec240f8adc5052cb9df96a33199c65de4c58457de2aca485120f70e53c89
                                        
                                            GET /wp-content/themes/twentyseventeen/assets/js/navigation.js?ver=1.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 3754
Last-Modified: Tue, 13 Jun 2017 12:08:09 GMT
Connection: keep-alive
Etag: "593fd5a9-eaa"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C program text
Size:   3754
Md5:    a1b6700f33c6b26416732e62b04e173d
Sha1:   6b7ad6755ad1ebbaffdc03d742d260a1e5758669
Sha256: b5dc8a0ea6886f4daba8c6e6b722071a21796725c2c59ea0ce264d0d7019de52

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /wp-content/themes/twentyseventeen/assets/js/global.js?ver=1.0 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 7682
Last-Modified: Tue, 13 Jun 2017 12:08:09 GMT
Connection: keep-alive
Etag: "593fd5a9-1e02"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII C program text
Size:   7682
Md5:    33e2c8ad1905b996e9026b408c2a6c6e
Sha1:   5a546b551e295aa9fb4396683da38ba73789e3b7
Sha256: df64e42095343505664a1d694617e4eec445c3e808f16467184a2f5b606c0b3a
                                        
                                            GET /wp-includes/js/wp-embed.min.js?ver=4.8.1 HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 1398
Last-Modified: Tue, 23 May 2017 10:07:26 GMT
Connection: keep-alive
Etag: "592409de-576"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   1398
Md5:    5a03f97cc479b9f5d7efdaccec31bc17
Sha1:   54518be91b7c5d4b139e032d23ffae568cc7e9fd
Sha256: dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 19 Aug 2017 20:26:22 GMT
Expires: Wed, 23 Aug 2017 20:26:22 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    2abdc5b9a58540c8193d6e2b13cf94ae
Sha1:   58d8847f46652b22fe682e7d8e21d42dbfbfd645
Sha256: 36a8878b0019e212ad584284852aa4fa53ce0b3f64a7faab1c6936cf3f521b49
                                        
                                            GET /wp-content/uploads/2016/01/LOGO_RO_SRR-e1453614322254.jpg HTTP/1.1 
Host: r3r-srr.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 19426
Last-Modified: Thu, 14 Apr 2016 13:07:33 GMT
Connection: keep-alive
Etag: "570f9615-4be2"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   19426
Md5:    556295fdfd1664990c829e336b5b7679
Sha1:   b204ff5ba4c3bbe6bd95dd826167946b08a8f88f
Sha256: 5392fb22fa4b8991e48756ef51f244787f2682efe199d9b483c1367c3a1a7034
                                        
                                            GET /wp-content/uploads/group-avatars/1/5924310972cfc-bpthumb.jpg HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 1592
Last-Modified: Tue, 23 May 2017 12:54:33 GMT
Connection: keep-alive
Etag: "59243109-638"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   1592
Md5:    c2749eeaace80d689e9c39008b65e2a0
Sha1:   4b153f9d390b0a028cfc21544ab0558de4289481
Sha256: c9e1f6546f21e96f96e96c336b711dade94e5d382befdafec60b2f59b9bfe808
                                        
                                            GET /wp-content/uploads/avatars/2/59242e6a4602c-bpthumb.jpg HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 1569
Last-Modified: Tue, 23 May 2017 12:43:22 GMT
Connection: keep-alive
Etag: "59242e6a-621"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   1569
Md5:    11c4b6f331b7609da2c431d9cfb14145
Sha1:   2c367217ff268ec90cf07d11e6f1887b3a9881b6
Sha256: 51a7f6a745ff94849ad5f95462293ce6cd72bd659bd5d7f01a3d63fee85f6aa8
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1390
Content-Transfer-Encoding: binary
Cache-Control: max-age=476568, public, no-transform, must-revalidate
Last-Modified: Fri, 18 Aug 2017 08:46:46 GMT
Expires: Fri, 25 Aug 2017 08:46:46 GMT
Date: Sat, 19 Aug 2017 20:26:22 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1390
Md5:    af8e5f74a9946a5d4554b61d0dcde695
Sha1:   07539a0dd7431eae5e52bee64259d304af2d961b
Sha256: d86a67f9c4a7643ecc90154a355e1ab6e796e76b1a9f0979fdf230bd01f5affd
                                        
                                            GET /wp-content/uploads/2017/06/cropped-1.jpg HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 132297
Last-Modified: Wed, 14 Jun 2017 06:56:34 GMT
Connection: keep-alive
Etag: "5940de22-204c9"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, comment: "CREATOR: gd-jpeg v1.0 (using IJ"
Size:   132297
Md5:    ce698726702fbf4c96ee54aaceeb7fdd
Sha1:   1d6341b188280673dd33c83cfbd7edb18e7fa685
Sha256: ea817008c64f23066f5e3db548f11f3e3c06becd175304c658605d4f54cec2f2
                                        
                                            GET /wp-content/uploads/2017/05/Pisma-iz-prowincii.jpg HTTP/1.1 
Host: r3r-srr.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:32 GMT
Content-Length: 57891
Last-Modified: Tue, 30 May 2017 03:23:33 GMT
Connection: keep-alive
Etag: "592ce5b5-e223"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   57891
Md5:    8047708f5b48913c6cceb7d75aa005d8
Sha1:   f6d72691a6b09466a850068004bbf3f0eebeb227
Sha256: b1066faf00bf3e1e52d50b6cc96c104b63f43f2668be41ecd63e4d95d9d99334
                                        
                                            GET /css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sat, 19 Aug 2017 20:26:22 GMT
Date: Sat, 19 Aug 2017 20:26:22 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   521
Md5:    63366d68e2564c64eef4a317fcb18ee1
Sha1:   e470eb3b258cddf814df17b6eafbbf5d7bc1efbe
Sha256: bfed11b1aa37565a4fe71d39a0c55153e5e697e598328aaeee3ac03b415569b3
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.31.75.124
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 19 Aug 2017 20:26:22 GMT
Content-Length: 1517
Connection: keep-alive
Set-Cookie: __cfduid=d5c48dde4a3095182d7ea558cd91852c11503174382; expires=Sun, 19-Aug-18 20:26:22 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sat, 19 Aug 2017 19:59:29 GMT
Expires: Wed, 23 Aug 2017 19:59:29 GMT
Etag: "2638fbc27730babe2ea9d5ea0ebbccd0cd32680d"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 390fd8f2f38342bb-OSL


--- Additional Info ---
Magic:  data
Size:   1517
Md5:    12f304814acb2692809621eb7886ff90
Sha1:   2638fbc27730babe2ea9d5ea0ebbccd0cd32680d
Sha256: 02d554d31189d77236cd8a8b178c23fead2a2b681ba372e10106029c2259f5cc
                                        
                                            GET /js/fw-loader.js HTTP/1.1 
Host: feed.mikle.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         107.21.10.148
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 19 Aug 2017 20:26:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 17 Aug 2017 21:03:01 GMT
Etag: W/"59960485-59b"
X-XSS-Protection: 0
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   712
Md5:    c50a792bc3298c648d5c7e6c1a6b7ba0
Sha1:   9c329f7a37d3ef35c8b14574d8500f15f9c823c6
Sha256: a539993511e508d49ac2fb409b0a294376a62e379fa117ad327014fa80186372
                                        
                                            GET /js/fw-widget.js?v=1.0 HTTP/1.1 
Host: feed.mikle.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         107.21.10.148
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
Date: Sat, 19 Aug 2017 20:26:23 GMT
Content-Length: 448
Connection: keep-alive
Server: nginx
Last-Modified: Mon, 19 Jun 2017 08:42:21 GMT
Etag: "59478e6d-1c0"
X-XSS-Protection: 0
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   448
Md5:    1e25be04f049ff404905c1f0877be334
Sha1:   bb448fc66534b403c9b50a96a71f3ac6aa34ef7b
Sha256: e83e33bd69046f3cdfc86bad0756491e9903f2984c77232a7375b266f20a969e
                                        
                                            GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff?v=4.5.0 HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css?ver=2.0.5
Origin: http://r3r.p.devgroup.su

                                         
                                         94.31.29.55
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Sat, 19 Aug 2017 20:26:23 GMT
Content-Length: 83588
Connection: keep-alive
Last-Modified: Mon, 23 Nov 2015 18:25:43 GMT
Etag: "a35720c2fed2c7f043bc7e4ffb45e073"
Server: NetDNA-cache/2.2
Expires: Tue, 14 Aug 2018 20:26:23 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Accept-Ranges: bytes


--- Additional Info ---
Magic:  data
Size:   83588
Md5:    a35720c2fed2c7f043bc7e4ffb45e073
Sha1:   4a313eb93b959cc4154c684b915b0a31ddb68d84
Sha256: c812ddc9e475d3e65d68a6b3b589ce598a2a5babb7afc55477d59215c4a38a40
                                        
                                            GET /widget/v2/29340/ HTTP/1.1 
Host: feed.mikle.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         107.21.10.148
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Sat, 19 Aug 2017 20:26:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Origin, Authorization, Accept, X-Requested-With
Access-Control-Allow-Credentials: true
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1006
Md5:    8e32b21efb5b6180bf9c96e41c6d10cc
Sha1:   824641dccfa81ec172d8d251e7a32b0b6237e139
Sha256: f2cd5545d947758a91847df14c5e1be0fac8e6879711eec8af09ac6b7f48d62c
                                        
                                            GET /widget/v2/29343/ HTTP/1.1 
Host: feed.mikle.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://r3r.p.devgroup.su/

                                         
                                         107.21.10.148
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Date: Sat, 19 Aug 2017 20:26:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: Origin, Authorization, Accept, X-Requested-With
Access-Control-Allow-Credentials: true
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1007
Md5:    7e3b1d76dce51d09aad03ca152b3687b
Sha1:   8b70bde03003c79e52e01694947e8c339491d9fe
Sha256: e89c9d38aab7f520d8ff74341a6ae299277fe720cb54321b924918ae2213b564
                                        
                                            GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://feed.mikle.com/widget/v2/29340/

                                         
                                         172.217.22.170
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 33951
Date: Thu, 03 Aug 2017 20:23:33 GMT
Expires: Fri, 03 Aug 2018 20:23:33 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1382570


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   33951
Md5:    f910e11b991e28dd9447cdeed05f118f
Sha1:   5915198862cc9bcea54b79768f3c53de0ebe49fe
Sha256: d36598c872d64695dd8619db0eb545ddc046c2aabcff24dc41af5d784c318b09
                                        
                                            GET /images/squares.svg HTTP/1.1 
Host: feed.mikle.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://feed.mikle.com/widget/v2/29340/

                                         
                                         107.21.10.148
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Sat, 19 Aug 2017 20:26:23 GMT
Content-Length: 707
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 16 Mar 2017 06:05:22 GMT
Etag: "58ca2b22-2c3"
X-XSS-Protection: 0
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   707
Md5:    8fce5e63c4dd4f0ab140f78a37a436ae
Sha1:   d59c99b90f3c22da829ba85db7dc58e05aec683b
Sha256: 2c7f78291ae70d6b87b58b10e145614685e4e32bcc38b60ca31d77124472857d
                                        
                                            GET /images/squares.svg HTTP/1.1 
Host: feed.mikle.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://feed.mikle.com/widget/v2/29343/
Range: bytes=0-
If-Range: "58ca2b22-2c3"

                                         
                                         107.21.10.148
HTTP/1.1 206 Partial Content
Content-Type: image/svg+xml
                                        
Date: Sat, 19 Aug 2017 20:26:24 GMT
Content-Length: 707
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 16 Mar 2017 06:05:22 GMT
Etag: "58ca2b22-2c3"
X-XSS-Protection: 0
Content-Range: bytes 0-706/707


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   707
Md5:    8fce5e63c4dd4f0ab140f78a37a436ae
Sha1:   d59c99b90f3c22da829ba85db7dc58e05aec683b
Sha256: 2c7f78291ae70d6b87b58b10e145614685e4e32bcc38b60ca31d77124472857d
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: r3r.p.devgroup.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         89.223.29.112
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: nginx
Date: Sat, 19 Aug 2017 20:26:34 GMT
Content-Length: 113459
Last-Modified: Tue, 23 May 2017 09:59:21 GMT
Connection: keep-alive
Etag: "592407f9-1bb33"
X-Powered-By: PleskLin
Accept-Ranges: bytes


--- Additional Info ---
Magic:  MS Windows icon resource - 7 icons, 256-colors
Size:   113459
Md5:    1db747255c64a30f9236e9d929e986ca
Sha1:   384023452346aa087d40c93c23ca2f5e32ff1b1f
Sha256: 88baf40feb43463a8f6aa6543e88bdbe33f0db9a317486e786eee1e5c76a9544