gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /news/mody_dlja_gta_4_eflc_mashiny/7-0-18 HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3089
Expires: Sat, 04 Feb 2023 05:40:46 GMT
Date: Sat, 04 Feb 2023 04:49:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10022
Expires: Sat, 04 Feb 2023 07:36:19 GMT
Date: Sat, 04 Feb 2023 04:49:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 04:43:35 GMT
content-type: application/json
age: 342
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8478
Expires: Sat, 04 Feb 2023 07:10:35 GMT
Date: Sat, 04 Feb 2023 04:49:17 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Z8YW5Len4DptuW6jaeWBqyFUU+uvLXGnNyzPIChi2NZHBQ/62tpcqInBZNUtor5R/84Z7Wj5xAA=
x-amz-request-id: D976T77VNEWZZFQA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 03:52:41 GMT
age: 3396
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 04:49:17 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 04:07:19 GMT
age: 2519
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
195.216.243.102200 OK 12 kB URL HTTP/1.1 gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (6749)
Hash 69fb5b80282752db101db7c859c27bc7
7badf60488885f759d978c3ff410eee9bee0cf6f
0f5a9adc5dd744a0be7c011a1db3ad4c6508476eb38a8580681967c820c406c3
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /news/mody_dlja_gta_4_eflc_mashiny/7-0-18 HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: 7gta4uCoz=; path=/; expires=Thu, 04-Feb-2021 04:49:20 GMT; Secure; HttpOnly; domain=.gta4.moy.su
7gta4uCoz=; path=/; expires=Thu, 04-Feb-2021 04:49:20 GMT; Secure; HttpOnly; domain=.gta4.moy.su
7gta4uzll=1675486160; path=/; expires=Sun, 04-Feb-2024 04:49:20 GMT; Secure; domain=.gta4.moy.su
ucvid=j9BTM1wAce; domain=moy.su; path=/; expires=Sun, 04-Feb-2024 04:49:20 GMT
7gta4pushi=1; path=/; expires=Sun, 05-Feb-2023 03:49:20 GMT; Secure
Pragma: no-cache
Vary: host
Last-Modified: Thu, 01 Jan 1970 00:00:16 GMT
Cache-Control: no-cache,no-store, private
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3402
Expires: Sat, 04 Feb 2023 05:46:00 GMT
Date: Sat, 04 Feb 2023 04:49:18 GMT
Connection: keep-alive
gta4.moy.su/?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x
195.216.243.102200 OK 1.2 kB URL HTTP/1.1 gta4.moy.su/?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x
IP 195.216.243.102:0
Hash 0f716af1d333e0afa19c739b43a6c902
a87e6278830d003fd9be744305914a631aa0ffaf
11617f80fefaf73ead17f9af11ac7128c375cdda3186b4f7304dfbda8a94cce2
Analyzer Verdict Alert fortinet Malware
GET /?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
gta4.moy.su/.s/src/base.min.css
195.216.243.102200 OK 6.2 kB URL HTTP/1.1 gta4.moy.su/.s/src/base.min.css
IP 195.216.243.102:0
File type ASCII text, with very long lines (24508), with no line terminators
Hash dd4ba2903316d6db69f617daf90784ce
8e6507274d9d719658129b3dd24af66d7fc6e4b3
6dd14bcbcbc05d7af92a78316a37519526eec0e21ad651d7a92d2ed5065ea90f
GET /.s/src/base.min.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Fri, 09 Dec 2022 12:35:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"63932b96-5fbc"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 621b586028d5acaf29b8777ca0872ce1
9d2a358576d0acab58e2eacf7765b686cee9181f
a7c99a5217e394c715679780ae1e3e60202653547212b0a4fd2efab0e1a01015
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gta4.moy.su/_st/my.css
195.216.243.102200 OK 3.7 kB IP 195.216.243.102:0
Hash afe8fe0477fe2d3dc547092679f91e80
bf5d80852c17d74675f2b682ebd0fe218547a2c3
8e402049aacbed21e9fb042dbd2e55bf9cb7a7ac17bd5731ea982579b028e796
GET /_st/my.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Mon, 24 Sep 2012 20:56:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5060c918-42ce"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
gta4.moy.su/.s/src/ulightbox/ulightbox.min.css
195.216.243.102200 OK 1.4 kB URL HTTP/1.1 gta4.moy.su/.s/src/ulightbox/ulightbox.min.css
IP 195.216.243.102:0
File type ASCII text, with very long lines (4552), with no line terminators
Hash 9c03edbcbefe3eea8902981444de96f7
ca39997a1765ab084fb7e6740858176b9385c4ca
8487aa6ee4bd261bdf1f5b681cf96d347cd980ed45183c5a2a9571db6c891a08
GET /.s/src/ulightbox/ulightbox.min.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-11c8"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
gta4.moy.su/?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg
195.216.243.102200 OK 811 B URL HTTP/1.1 gta4.moy.su/?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg
IP 195.216.243.102:0
Hash 4a33e7cd7558f3f5a86d0fc27aee8c90
50fc0ad44d3917690997ca278091e53d0d575362
d6304d22c2821d367e3697cb9fa4e6dbeb093b8634fccd35312664d30d72b330
Analyzer Verdict Alert fortinet Malware
GET /?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
gta4.moy.su/.s/src/social.css
195.216.243.102200 OK 610 B URL HTTP/1.1 gta4.moy.su/.s/src/social.css
IP 195.216.243.102:0
File type ASCII text, with very long lines (442)
Hash af855dcd18719bcf0da15a9029755af1
d74d0ed8d96f2ebe46a7671564bf80eea6865103
9add1a323772a7c09260b63a21732472cb0204105c1d2bee763ea1429f0e26e9
GET /.s/src/social.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Wed, 01 Dec 2021 11:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"61a758f3-9b8"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
gta4.moy.su/.s/src/ulightbox/ulightbox.min.js
195.216.243.102200 OK 7.6 kB URL HTTP/1.1 gta4.moy.su/.s/src/ulightbox/ulightbox.min.js
IP 195.216.243.102:0
File type ASCII text, with very long lines (22291), with no line terminators
Hash 3bb3aaa5262067cec461b32298975b05
4e11bfe49cd05fcdbd1e692fc87788da07e62161
61fa91bb508bfda7ee487ffaf0e38aa71cfab1ce78bb108d6c6140dc9b35ab22
Analyzer Verdict Alert fortinet Malware
GET /.s/src/ulightbox/ulightbox.min.js HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/javascript
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-5713"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
gta4.moy.su/.s/src/layer2.min.css
195.216.243.102200 OK 5.3 kB URL HTTP/1.1 gta4.moy.su/.s/src/layer2.min.css
IP 195.216.243.102:0
File type ASCII text, with very long lines (21998), with no line terminators
Hash 8ad1b4a847d6cde41b1b9f2416150509
b0f1c4c805f209ca8cdd7db20741419f734c858c
a7778af1ac2346805926eefdcb6d6ad029c11c78a3f2cc2128a2e1f61ba03c50
GET /.s/src/layer2.min.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Fri, 09 Dec 2022 12:35:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"63932b96-55ee"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
216.58.211.4200 OK 575 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
IP 216.58.211.4:0
File type ASCII text, with very long lines (905), with no line terminators
Hash bfe95592d0262272b7ae1fe7416ff1b2
69cb6cb1b242a4b2c0fe84c48ef558a7a04b6f31
ca632e7b89838460e49da36ccc425ae6963422bb215b56397210a0ae84d6fec8
GET /recaptcha/api.js?onload=reCallback&render=explicit&hl=ru HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 04 Feb 2023 04:49:18 GMT
date: Sat, 04 Feb 2023 04:49:18 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 575
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
gta4.moy.su/.s/t/882/10.gif
195.216.243.102200 OK 80 B URL HTTP/1.1 gta4.moy.su/.s/t/882/10.gif
IP 195.216.243.102:0
File type GIF image data, version 89a, 11 x 10\012- data
Hash 334e6a835617c126706ac3754403eb68
f7916246035d055af065f31b1dbec39ed1e1fb9a
cb8c13cb02c3bd8beefeccd2cc10d54270de65a457f7506723f972113554eae9
GET /.s/t/882/10.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 80
Last-Modified: Tue, 23 Feb 2016 13:19:08 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "56cc5c4c-50"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
s2.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.412912154791499
195.216.243.102200 OK 0 B URL HTTP/1.1 s2.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.412912154791499
IP 195.216.243.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.412912154791499 HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
gta4.moy.su/_nw/2/s96081741.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/2/s96081741.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s96081741.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s96081741.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/_nw/2/s00310405.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/2/s00310405.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s00310405.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s00310405.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/_nw/1/s84974119.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/1/s84974119.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s84974119.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s84974119.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/_nw/2/s69926273.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/2/s69926273.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s69926273.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s69926273.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/.s/img/cp/16.gif
195.216.243.102200 OK 203 B URL HTTP/1.1 gta4.moy.su/.s/img/cp/16.gif
IP 195.216.243.102:0
File type GIF image data, version 89a, 80 x 15\012- data
Hash 46ba5585cb028f695cec74b314a4deac
0c9269c5f1188685f681d4317a1c1b97b9ff82c8
30f7129000c8ec10e577e9f6fad69333ee305f4b40de9cf138547c007d6efdfa
GET /.s/img/cp/16.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 203
Last-Modified: Mon, 21 Nov 2022 12:37:39 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "637b7113-cb"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/img/ma/uid.gif
195.216.243.102200 OK 400 B URL HTTP/1.1 gta4.moy.su/.s/img/ma/uid.gif
IP 195.216.243.102:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash a032a355cf3f9e3e9c1bd8e54ef068f7
f34ecab3b7a9d57db9e26fe666e55cabac94edaf
369e1fbbd6a79ff1362bc00de6cc4789b6bd2c087d91811128c956ec2be4a9ce
GET /.s/img/ma/uid.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 400
Last-Modified: Mon, 21 Nov 2022 12:37:54 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "637b7122-190"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/1/s32298393.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/1/s32298393.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s32298393.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s32298393.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/_nw/2/s18180129.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/2/s18180129.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s18180129.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s18180129.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/ban/1.jpg
195.216.243.102200 OK 27 kB IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Hash b3beda35e71b12be24978290abb3c6cc
f57f5d31e2367185cb6adf1372e796f691823b40
c58b1c365d878e52718246a334fa1ef394dbb8024d1f20cfaddf87e9f24a3b7a
GET /ban/1.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26787
Last-Modified: Tue, 08 Mar 2011 14:10:48 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e8-68a3"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/src/jquery-1.12.4.min.js
195.216.243.102200 OK 34 kB URL HTTP/1.1 gta4.moy.su/.s/src/jquery-1.12.4.min.js
IP 195.216.243.102:0
File type ASCII text, with very long lines (32077)
Hash eed194bd33958fd0768352b877915a40
db7a4073a53efb53155652219d948940efe6baa7
9eaac8a63f3851efef83bd151a558f6c8d8e6bb75c7725625cf8892b6312aa06
Analyzer Verdict Alert fortinet Malware
GET /.s/src/jquery-1.12.4.min.js HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/javascript
Last-Modified: Thu, 01 Sep 2022 17:43:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef5b-17b8b"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
gta4.moy.su/stat/1675486160
195.216.243.102200 OK 421 B URL HTTP/1.1 gta4.moy.su/stat/1675486160
IP 195.216.243.102:0
File type GIF image data, version 87a, 88 x 31\012- data
Hash f1f5d6186ba72315a9b4d0fc9188f69c
c128d211008f42d80901726253d3b29aecc860df
0308e8434412797a34efce8d60bfdc9dd0b11345c07b98d33f00d0267c8886fa
Analyzer Verdict Alert fortinet Malware
GET /stat/1675486160 HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
push.services.mozilla.com/
52.26.115.190101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.26.115.190:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2LFPC0BxwIicU9uy/Zr4zQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eEVTzIE6f7rwKZ+3YeuwdUvIvF0=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8176ac8bbb8fa05f36bdfa163da09e0c
b936c84c5fa7e781b12a17952c82bca546ca0575
1aa7e39fd02514a4023036a8a100d7e7898ee220063ebfb41c509264c81ed727
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gta4.moy.su/.s/src/uwnd.min.js
195.216.243.102200 OK 57 kB URL HTTP/1.1 gta4.moy.su/.s/src/uwnd.min.js
IP 195.216.243.102:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 20adfead3a54ad11599adb1bab3d6fc6
23bb516448d5c643cb186ad9aec426388aa79dfd
b49b11429b509cf608a66bbcebc13cf63fa444b998c1a678d1bebfe33f7c2ff4
Analyzer Verdict Alert fortinet Malware
GET /.s/src/uwnd.min.js HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/javascript
Last-Modified: Mon, 25 Apr 2022 10:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"626678ba-3334b"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
gta4.moy.su/ban/3.jpg
195.216.243.102200 OK 27 kB IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Hash 28be1f0c4d0a5d2d88bc3b9efe942368
3f451ac52aba6e9cc7b776a51f0092d8e0537df9
eae8ef626369a9359cee054c3fbb04fc130942310f4a31cef0bab85984957ab0
GET /ban/3.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 27029
Last-Modified: Tue, 08 Mar 2011 14:10:37 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638dd-6995"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/2/s08378640.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/2/s08378640.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s08378640.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s08378640.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/ban/4.jpg
195.216.243.102200 OK 28 kB IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Hash 8a86b0b0f38f80aef5abd3bb7ee88853
99dd1edf17cd2ee8c1e93652ddb11d6cd4848866
0f726ad21bc8bef4d0928a34fd7bc02ae88c1e6496f99896ad9d28272a90685e
GET /ban/4.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 27820
Last-Modified: Tue, 08 Mar 2011 14:10:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e2-6cac"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
wmcasher.ru/img/partner/wmcahsercredit100100.gif
188.114.96.1200 OK 23 kB URL HTTP/1.1 wmcasher.ru/img/partner/wmcahsercredit100100.gif
IP 188.114.96.1:0
File type GIF image data, version 89a, 100 x 100\012- data
Hash 074c44bfe357b3fc4b349fa66d12bac4
1b9df23c94c33ed94438c2569383d5a88c32335e
ceb55c4db8ef46799761878bbd77e0784cacf09f82a74737baa93ff33f7e07b1
GET /img/partner/wmcahsercredit100100.gif HTTP/1.1
Host: wmcasher.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:18 GMT
Content-Type: image/gif
Content-Length: 23017
Connection: keep-alive
Last-Modified: Thu, 04 Aug 2011 09:31:01 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xW1AqcCklbxwRfmSSbFfLVirTHliyVAkjiEZw%2Bb%2BYFim2yop3YL5mKkJtmSnCbblQvJl%2FXtTon3cvQO2YY5FQ1Yaft3sVLqPMzBjRr0jAL4up7oeVswcM8BQVpZupQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76b59350b61-OSL
alt-svc: h2=":443"; ma=60
gta4.moy.su/_nw/2/s25656120.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/2/s25656120.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s25656120.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s25656120.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/_nw/1/s90786475.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/1/s90786475.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s90786475.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s90786475.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/_nw/1/s90605422.jpg
195.216.243.102301 Moved Permanently 178 B URL HTTP/1.1 gta4.moy.su/_nw/1/s90605422.jpg
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s90605422.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s90605422.jpg
X-Frame-Options: SAMEORIGIN
gta4.moy.su/ban/6.jpg
195.216.243.102200 OK 28 kB IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Hash 1d15741c01ecd36a87cdee9ad5765964
a884da0e3abf87b084fd53f1698a02d216df63ab
8021b6f7256089ab94d0bdcb1003996e38e98c37d5c87a7884f263d3625540cd
GET /ban/6.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 28227
Last-Modified: Tue, 08 Mar 2011 14:10:40 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e0-6e43"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/1/s32298393.jpg
195.216.243.102200 OK 22 kB URL HTTP/1.1 gta4.moy.su/_nw/1/s32298393.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x300, components 3\012- data
Hash 5876e17cdc22f969c94726c0d6b7d5e3
a2ae98301b0dcb9b26560ed43d8accc859037a4c
67874b2903cc4e42c3659c2b46011187bb3a3f3955f0d979db1b5d7b762ce944
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s32298393.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 21677
Last-Modified: Sun, 23 Jan 2011 09:40:03 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf773-54ad"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/ban/5.jpg
195.216.243.102200 OK 26 kB IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Hash 2387d83cc09f1c0ba7bc083c7d8ebd6c
6a9595c1e32b9e38219f13c05171b88036c4c591
7570a3f9658b515509e23c2dbc43508240c26e1debc77044d035805f6b91d4db
GET /ban/5.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26089
Last-Modified: Tue, 08 Mar 2011 14:10:46 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e6-65e9"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/2/s96081741.jpg
195.216.243.102200 OK 29 kB URL HTTP/1.1 gta4.moy.su/_nw/2/s96081741.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x400, components 3\012- data
Hash 0365b8a491c6819b9c1e500ebceb060f
84f54a1956fe36306eedce12720c68bb2597bf06
5c09860189e346fa9ed2a2804718f73ce23d61137972c696bd0fd21771c4ccb1
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s96081741.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 29003
Last-Modified: Wed, 09 Feb 2011 07:15:36 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d523f18-714b"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/img/00.jpg
195.216.243.102200 OK 215 kB IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2008:11:18 18:37:08], baseline, precision 8, 1024x768, components 1\012- data
Size 215 kB (215207 bytes)
Hash 09e048e88a64c6175ddfb0bb184dba57
e86aad9fd16759a7bd178477339d03883968f4c8
3b9e5426d9ae04154fa71034d70dfc9261377fae3fbb76ec3362463cc0b93fe0
GET /img/00.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 215207
Last-Modified: Sun, 13 Feb 2011 23:58:44 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587034-348a7"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/2/s00310405.jpg
195.216.243.102200 OK 23 kB URL HTTP/1.1 gta4.moy.su/_nw/2/s00310405.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x380, components 3\012- data
Hash d132e2e8afd8fa8e11e45f09e7fef960
d797b5eaa2813ee3e004b712a7bd1a4621484056
7d1a82e26fe4ce1b3f8cab8c72528f4da953142688da588995b730bd7a736e0c
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s00310405.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 23127
Last-Modified: Wed, 09 Feb 2011 07:47:36 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d524698-5a57"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/1/s90786475.jpg
195.216.243.102200 OK 26 kB URL HTTP/1.1 gta4.moy.su/_nw/1/s90786475.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x385, components 3\012- data
Hash a2ead9fa3194d99c5e74c6b996a7f4af
72f6bad04c1bfbfec0114d3d974645c8bff4894c
6cf1cd701997e2e637cf7a82eb7003a1da3f7977acdc86c90bbd56ce358099e4
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s90786475.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 25980
Last-Modified: Sun, 23 Jan 2011 09:18:50 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf27a-657c"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/1/s90605422.jpg
195.216.243.102200 OK 17 kB URL HTTP/1.1 gta4.moy.su/_nw/1/s90605422.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x237, components 3\012- data
Hash a2f2bc61160f7bf4ce02720e272c74d1
29556bb87b8634fd1da4bd3b8b59cdca02ac10bb
a4f04a43bf32e19edafb6c9b57658d3f82f67df5ec6e84e8a6aa20005cd58947
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s90605422.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 16729
Last-Modified: Sun, 23 Jan 2011 09:29:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf502-4159"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/2/s08378640.jpg
195.216.243.102200 OK 25 kB URL HTTP/1.1 gta4.moy.su/_nw/2/s08378640.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x385, components 3\012- data
Hash 934be15ddba6640223376acf17c883dd
569531afadf522edf1ce52456dc74312349d99e2
7895ac2bcf97125fb9030b2cb6b074aae83d1731dfa8e3c5db39075f0cb98727
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s08378640.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 25423
Last-Modified: Sun, 23 Jan 2011 11:03:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3c0b19-634f"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/2/s18180129.jpg
195.216.243.102200 OK 19 kB URL HTTP/1.1 gta4.moy.su/_nw/2/s18180129.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x282, components 3\012- data
Hash cba6872ebc19672afecbe6b6778ed863
a059083793714027158709b606a4d48418eb8e59
a386e23d45e612433e79cbda0cb7826b833212b2be3906c2c553743d25fbf26f
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s18180129.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 19332
Last-Modified: Sun, 23 Jan 2011 09:53:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bfa90-4b84"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/img/icon/social/vk.svg
195.216.243.102200 OK 772 B URL HTTP/1.1 gta4.moy.su/.s/img/icon/social/vk.svg
IP 195.216.243.102:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 7c4eb8cae0b565c023c4406add5f8041
079ce5d3277df672b57a73476a28d0bf0b1c1fe2
05a3f8587400860aa87bb18c9a9cd5b22a45ca4fc4a37a7922d29e48549b2fc9
Analyzer Verdict Alert fortinet Malware
GET /.s/img/icon/social/vk.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 772
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-304"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/img/icon/social/fb.svg
195.216.243.102200 OK 611 B URL HTTP/1.1 gta4.moy.su/.s/img/icon/social/fb.svg
IP 195.216.243.102:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash d178cc46dcbcf2b6f19445674fe3fe58
26f9747489d9e796926f7bbe11817c420afda3af
a9265d79c9ff74d4deeab5dce9643ed838018a6b4346605e002867858534f4bf
Analyzer Verdict Alert fortinet Malware
GET /.s/img/icon/social/fb.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 611
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-263"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/2/s69926273.jpg
195.216.243.102200 OK 24 kB URL HTTP/1.1 gta4.moy.su/_nw/2/s69926273.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x349, components 3\012- data
Hash 6373a6d7f63a26ea42a534885069c1a8
9a1a07f3851ea3604c2726ac032ad43df7768d09
b0ff37ae600a286996f2377e1735c2a1b421afd61d9817442ca92cd02d64a825
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s69926273.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 23566
Last-Modified: Wed, 09 Feb 2011 06:58:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d523b22-5c0e"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/img/icon/social/ok.svg
195.216.243.102200 OK 1.9 kB URL HTTP/1.1 gta4.moy.su/.s/img/icon/social/ok.svg
IP 195.216.243.102:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 08bbc2fa9b08463b0d061041d62b408e
370c53ccc3edd296cd35fb9e3de20dabfdae78d9
e1369586f1d82834ecc0ccab2f5f1a6f7565f2c715243d956bd7eb1404c8fba9
Analyzer Verdict Alert fortinet Malware
GET /.s/img/icon/social/ok.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 1858
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-742"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/img/14.png
195.216.243.102200 OK 3.8 kB IP 195.216.243.102:0
File type PNG image data, 1200 x 21, 8-bit colormap, non-interlaced\012- data
Hash 30d76136b350f4da2a3851affa4857b4
3754c75af6dd737e38d162588a1b897cdbe29fb7
53a7eeb5714b1e4980eaf4defc747d897c24898254d805f34816febb4b008091
GET /img/14.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 3787
Last-Modified: Sun, 13 Feb 2011 23:58:46 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587036-ecb"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/img/1.png
195.216.243.102200 OK 3.9 kB IP 195.216.243.102:0
File type PNG image data, 1200 x 38, 8-bit colormap, non-interlaced\012- data
Hash 41b6d1c1491732e950c88fd4948fd09e
134a8703a740043c1e4e162a071320ec3544f9a1
f1a45b41d8717f89404ea3d2387ea8aaf921aedae1acc209ea95afa03e5bbc31
GET /img/1.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 3946
Last-Modified: Sun, 13 Feb 2011 23:58:44 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587034-f6a"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/img/100.png
195.216.243.102200 OK 3.0 kB IP 195.216.243.102:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash aa874d38228be0f1c6cc5b5d1a8ce1ab
c5a7b6f273aa646640d74f8deb410b3008edb396
d12853b0d3ebcb4c9c55146ec2e61a9704bddd77bd6663e5e32ee1c94a54a80c
GET /img/100.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 2960
Last-Modified: Sun, 13 Feb 2011 23:58:45 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587035-b90"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/img/6.png
195.216.243.102200 OK 10 kB IP 195.216.243.102:0
File type PNG image data, 200 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 667b49f1eed4dbda2dcddaf1da0bbc11
437737cb2c4801906d62030c293b29d8d3a23e36
6ecad5e6220a2551ef0d94f89bf3773c56f116eaa757588993c0670a6d581dc6
GET /img/6.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 10218
Last-Modified: Sun, 13 Feb 2011 23:58:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d58703d-27ea"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/t/882/16.gif
195.216.243.102200 OK 122 B URL HTTP/1.1 gta4.moy.su/.s/t/882/16.gif
IP 195.216.243.102:0
File type GIF image data, version 89a, 5 x 20\012- data
Hash e908656b16e032ef4a32171be76a36fd
d5aad933183b391a294563c06dbdeee7d6091ca6
5086607173b563e49d9c59e6b512eee9f69580af995786f31491812996638e53
GET /.s/t/882/16.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 122
Last-Modified: Tue, 23 Feb 2016 13:19:08 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "56cc5c4c-7a"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 292eed04923896349bd9a8073fbaf670
764c2427e77b7fadd6ce5e946d3e4403657a652e
16bcd5e999638930d91e50a4ffde5bdf8580f348e1bce5bc37e179da65fa4ab2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16BCD5E999638930D91E50A4FFDE5BDF8580F348E1BCE5BC37E179DA65FA4AB2"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Sat, 04 Feb 2023 10:48:40 GMT
Date: Sat, 04 Feb 2023 04:49:18 GMT
Connection: keep-alive
gta4.moy.su/.s/img/icon/social/ya.svg
195.216.243.102200 OK 660 B URL HTTP/1.1 gta4.moy.su/.s/img/icon/social/ya.svg
IP 195.216.243.102:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 7676c3eee5bd955efe08fd05367a443b
595e4e8dbf5ff472606434d0f45806d088de4c0c
b72d3f61ac56b4aa27bad5769589705004aff1f0ad341785ca72dc46ba16de5b
Analyzer Verdict Alert fortinet Malware
GET /.s/img/icon/social/ya.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 660
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-294"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/img/icon/social/gp.svg
195.216.243.102200 OK 550 B URL HTTP/1.1 gta4.moy.su/.s/img/icon/social/gp.svg
IP 195.216.243.102:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (534), with no line terminators
Hash 10d296226de121de55180e5b1b7d9d49
5980293f4f290734d09459d068a8c3996e43fe40
a657a4d5d05c6cd9b9f881ab6941e71f725c7eb451c9f37ceb514e45fdfd441d
Analyzer Verdict Alert fortinet Malware
GET /.s/img/icon/social/gp.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 550
Last-Modified: Fri, 01 Feb 2019 12:57:26 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c544236-226"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/ban/2.jpg
195.216.243.102200 OK 48 B IP 195.216.243.102:0
File type GIF image data, version 89a, 5 x 5\012- data
Hash 9750eb0573078058e4687dcba2794e89
e12a68b54a9eb1373083c1c35e020ec1b1561c16
b429a2de9dc7b091cb845285fab32e6004b12b5fbdcd66e43e9d34cba5b9e0a3
GET /ban/2.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26347
Last-Modified: Tue, 08 Mar 2011 14:10:44 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e4-66eb"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/img/3.jpg
195.216.243.102200 OK 162 kB IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 1200x166, components 3\012- data
Size 162 kB (162327 bytes)
Hash 9ff8330795e4b78547bd397e642cb906
61eeafed54063f0045911e652ff18a8918676218
cdb50c1ca12875404668d61667d0e52f56ca90abad6d212d10538afded0e6833
GET /img/3.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 162327
Last-Modified: Sun, 13 Feb 2011 23:58:49 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587039-27a17"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/.s/t/882/8.gif
195.216.243.102200 OK 1.7 kB URL HTTP/1.1 gta4.moy.su/.s/t/882/8.gif
IP 195.216.243.102:0
File type GIF image data, version 89a, 527 x 23\012- data
Hash 33a3d7e7230d2a7e73669f8a212c4de4
cb802e0026f748424d7697807e74c4cb269e6a1a
6cbdab1c63ef4e6306319c889bdbf5efb417f7c9f15111138a2a0f5c82d58b89
GET /.s/t/882/8.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 1650
Last-Modified: Tue, 23 Feb 2016 13:19:08 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "56cc5c4c-672"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/_nw/1/s84974119.jpg
195.216.243.102200 OK 26 kB URL HTTP/1.1 gta4.moy.su/_nw/1/s84974119.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x385, components 3\012- data
Hash fbcfc312da46e8344f88ee724b7763d8
8c3ff70001b23e790aca05d072a04e7acc145624
dfa3ae01a7dc91ad1a109acd0753f11e1ca59383d5f093f4177fe4eab339604b
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/1/s84974119.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26229
Last-Modified: Sun, 23 Jan 2011 09:22:56 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf370-6675"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
gta4.moy.su/?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo
195.216.243.102200 OK 798 B URL HTTP/1.1 gta4.moy.su/?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo
IP 195.216.243.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 1ea80a2d3084ba93b3531bb9b0e712e6
d5245d8493b358618a2845c5f7dc1fa09f7a7af3
1802bf8ffc0aa155ee5f3ae4ba4817913d7b5d3fffe8999097bbdad800b0e0df
Analyzer Verdict Alert fortinet Malware
GET /?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Content-Encoding: gzip
www.sairoscredit.ru/res/upload/banner/GIF3_1.gif
195.69.187.54301 Moved Permanently 169 B URL HTTP/1.1 www.sairoscredit.ru/res/upload/banner/GIF3_1.gif
IP 195.69.187.54:0
ASN #60455 abc Ucranian-franch Joint Venture
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9527755784f5014d2c94dcabdf6ae892
941126eba6b0b049b4a09fb846ebd943e894e068
5b111ef9f2dbaf8e8870567dc8e2302efe2b0feb9d4ba62ce74c1039ab663523
GET /res/upload/banner/GIF3_1.gif HTTP/1.1
Host: www.sairoscredit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.2
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://sairoscredit.ru/res/upload/banner/GIF3_1.gif
gta4.moy.su/_nw/2/s25656120.jpg
195.216.243.102200 OK 27 kB URL HTTP/1.1 gta4.moy.su/_nw/2/s25656120.jpg
IP 195.216.243.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x408, components 3\012- data
Hash c4e90b896bba4a1ed26669c56524ae81
2c0ad90856219a8e7a0f62824af31a959211c791
74fd07151dfbe0fad3be8227e1d4d60ec10d26668ca71a2ddc6b1e52ef867bbc
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /_nw/2/s25656120.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 27178
Last-Modified: Sun, 23 Jan 2011 10:59:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3c0a2d-6a2a"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
s2.ucoz.net/adv/dummy/000/css/style.css
195.216.243.102200 OK 1.6 kB URL HTTP/1.1 s2.ucoz.net/adv/dummy/000/css/style.css
IP 195.216.243.102:0
Hash 50406c447ccad47ca9e5d53eff612ffb
16e3921585135a87a1066689c9c67a312d96c92d
01a0732bba96fb38be885a1d233fecf52e32c7e07e48cd05f6f07a3690ea304c
GET /adv/dummy/000/css/style.css HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Mar 2019 14:28:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5c9a3704-19eb"
Content-Encoding: gzip
s2.ucoz.net/adv/dummy/000/img/ucoz-logo.png
195.216.243.102200 OK 4.6 kB URL HTTP/1.1 s2.ucoz.net/adv/dummy/000/img/ucoz-logo.png
IP 195.216.243.102:0
File type PNG image data, 136 x 136, 8-bit/color RGBA, non-interlaced\012- data
Hash 14d37a3409afc2c450c62b97bc8019da
43fc12bf16a292d6d10b17ab7d1e37785288858c
fc4f998c5fcacc6cf161f1bedf46ec55e56273670ecce8b59e947b68d3c5bdb2
GET /adv/dummy/000/img/ucoz-logo.png HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 4585
Last-Modified: Tue, 26 Mar 2019 14:28:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a3704-11e9"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f32763d17ee930a84421656330650bd1
688473a7c570a6e84406eef1927df94bfccd1870
33f1a840a87b8ef5136065f9be370aa640573ab68d82e8a822d48bbd2eb837c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff
142.250.74.97200 OK 60 kB URL HTTP/2 themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff
IP 142.250.74.97:0
File type Web Open Font Format, TrueType, length 60332, version 1.1\012- data
Hash 0d6d6ae28614efe13ec053eaeef473c1
20cd1c419ba0763bb4bbb1435bc0aed00452af2e
5dfdd878d2d6bdd50f37fde1800a044753dd00bac3c3a30a35f999b422a48ee1
GET /static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gta4.moy.su
Connection: keep-alive
Referer: https://s2.ucoz.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
timing-allow-origin: *
content-length: 60332
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 15:43:54 GMT
expires: Thu, 01 Feb 2024 15:43:54 GMT
cache-control: public, max-age=31536000
age: 219925
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f32763d17ee930a84421656330650bd1
688473a7c570a6e84406eef1927df94bfccd1870
33f1a840a87b8ef5136065f9be370aa640573ab68d82e8a822d48bbd2eb837c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5c76765db19803e47b8e55555d07c127
f56f64baf69d020097ae18e7207795f418004b58
4b306b25755a2eda4cd50c82ca0c348a76a474c5b509c7b2b5bdedff7f9949cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B306B25755A2EDA4CD50C82CA0C348A76A474C5B509C7B2B5BDEDFF7F9949CF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4881
Expires: Sat, 04 Feb 2023 06:10:40 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cbff38ff2fedd197ce23aab62520ebe5
5a615a636fe04ddf563a6cc5dc4bae400e525c83
69bef33937d0b49a5e448d9bf35dc0c7d45f4c59aacb89527adc4e1875d783bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "69BEF33937D0B49A5E448D9BF35DC0C7D45F4C59AACB89527ADC4E1875D783BC"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16969
Expires: Sat, 04 Feb 2023 09:32:08 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive
rot.spotsniper.ru/?src=ujs6&s_subid=btn
31.172.81.160200 OK 1 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6&s_subid=btn
IP 31.172.81.160:0
ASN #44066 diva-e Datacenters GmbH
File type very short file (no magic)
Hash 7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
GET /?src=ujs6&s_subid=btn HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/javascript
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
rot.spotsniper.ru/?src=ujs6
31.172.81.160200 OK 1 B URL HTTP/1.1 rot.spotsniper.ru/?src=ujs6
IP 31.172.81.160:0
ASN #44066 diva-e Datacenters GmbH
File type very short file (no magic)
Hash 7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
GET /?src=ujs6 HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/javascript
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
gta4.moy.su/favicon.ico
195.216.243.102200 OK 2.2 kB IP 195.216.243.102:0
File type MS Windows icon resource - 1 icon, 32x32\012- data
Hash 8aa669baf3c25a970854c528605da2a0
aaa9c295c6a8ecec8427a36a8ec33243bdba4c12
288c5053b5af4930a7f0391743b53ccee86572a3b113f57e8a345381f0d42b60
GET /favicon.ico HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/x-icon
Content-Length: 2238
Last-Modified: Sun, 08 Feb 2009 03:14:28 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "498e4e14-8be"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s2.ucoz.net/adv/dummy/000/img/bg.gif
195.216.243.102200 OK 1.3 kB URL HTTP/1.1 s2.ucoz.net/adv/dummy/000/img/bg.gif
IP 195.216.243.102:0
File type GIF image data, version 89a, 485 x 3\012- data
Hash b19967d808ed7c42b41316d6c8474f55
18d80748bd4041b13a3373a429281ec65347a0e2
16c9962c4ecd52efc16d9d639d52fc60b9e427b6e454190d162f1aa1d220ad50
GET /adv/dummy/000/img/bg.gif HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s2.ucoz.net/adv/dummy/000/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 1268
Last-Modified: Tue, 26 Mar 2019 14:28:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a3704-4f4"
Accept-Ranges: bytes
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ff983b506-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ff8c40b41-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ff9e50b3d-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ffcb61bfa-OSL
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js
142.250.74.99200 OK 168 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (883)
Size 168 kB (168061 bytes)
Hash f6d3eb07c9239a65a97434694a46172b
2e8e3d2457fa992e86420d8bef03f3a973cc04ef
1a91214b383755fc1c15bae863f911320804c422ebfb9c4aecf0fb0abef7cbe6
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gta4.moy.su
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 168061
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 21:24:45 GMT
expires: Sat, 03 Feb 2024 21:24:45 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
age: 26674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192572
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192572
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;ucoznet?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192572 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192930
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192930
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;clickgate08?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192930 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192573
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192573
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192573 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;s1280*1024*24;uhttps%3A//gta4.moy.su/%3FS%255EM51%25218vrt7jpcdxJ5VX4MRAJu%255Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%253Bj0BTDXghwoo;1675486193305
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;s1280*1024*24;uhttps%3A//gta4.moy.su/%3FS%255EM51%25218vrt7jpcdxJ5VX4MRAJu%255Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%253Bj0BTDXghwoo;1675486193305
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;ucoz_topline_worldwide?rhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;s1280*1024*24;uhttps%3A//gta4.moy.su/%3FS%255EM51%25218vrt7jpcdxJ5VX4MRAJu%255Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%253Bj0BTDXghwoo;1675486193305 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
sairoscredit.ru/res/upload/banner/GIF3_1.gif
195.69.187.54404 Not Found 86 B URL HTTP/1.1 sairoscredit.ru/res/upload/banner/GIF3_1.gif
IP 195.69.187.54:0
ASN #60455 abc Ucranian-franch Joint Venture
File type ASCII text, with no line terminators
Hash 4c534bfea8dbc5c6b6e6f23ec3f561a9
736099e8f2738aab0d2ca7f14911285ab3175d14
8f354848a7bfb33c0e944aa5c5756540f8e2c73ce6fcb51c14cf9a269c3a2df6
GET /res/upload/banner/GIF3_1.gif HTTP/1.1
Host: sairoscredit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gta4.moy.su/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Server: nginx/1.20.2
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: CoreCMS
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c9dfd3434200a45f2bed9b51b8f2f487; path=/; HttpOnly
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7ae0bfeb9d9d293bf8ecb124bccc45ea
ebde4c68eac108de41a74a75e1567048b60cdcdc
c49a2e28fc333dcae2aef8c81eb10cd0744314ac6e17991f77992908eb42ff98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C49A2E28FC333DCAE2AEF8C81EB10CD0744314AC6E17991F77992908EB42FF98"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7988
Expires: Sat, 04 Feb 2023 07:02:27 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive
ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr
199.115.116.43302 Found 0 B URL HTTP/1.1 ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr
IP 199.115.116.43:0
ASN #30633 LEASEWEB-USA-WDC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?ce=gi4tqn3fmu5ha3ddf4ztmmjr HTTP/1.1
Host: ct.mediaboom.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
date: Sat, 04 Feb 2023 04:49:19 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675486159.5808643; expires=Tue, 01-Feb-2033 04:49:19 GMT; Max-Age=315360000
location: http://ww16.ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr&sub1=20230204-1549-1913-afed-40214b91145d
content-length: 0
content-type: text/html; charset=UTF-8
connection: close
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 23938
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8bee4ee9542d0c7a9cc8402d60e7cca2
95b8debca975255d2a0a60c5c6dde74040bd2f88
a6c63af682c3d4b11e5af0aa6b72921b8acf72626fb765a60e96d491d2a04c70
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8148
x-amzn-requestid: a4cf6e4a-df1f-48c3-ae73-009f5becf3ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEtHTroAMFwGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8084-3ae929a84d43c3ea0336fcd8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: adu72wkRyshUviu2Qpk8rLCyN1kh46LIVQw7K4atunuEHQuFf62VXw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:12:49 GMT
age: 23790
etag: "95b8debca975255d2a0a60c5c6dde74040bd2f88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd573e5ee-5860-4f00-9316-68ffbc966d73.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd573e5ee-5860-4f00-9316-68ffbc966d73.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bd5f43772dbf673858972c77e1e630d4
94c0a24c5d47a636e45a3694c694815091aee213
0b6c34a934eab27c326dab6c8b90e78e710a948ac7c4bf13ba907b5cda738c3e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd573e5ee-5860-4f00-9316-68ffbc966d73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7692
x-amzn-requestid: 4a8d5bcb-b1a0-4015-9fb1-c00f613de8e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEEH5JoAMF0Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8080-703ca5a95c06465c080a1c7d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z04SY01AfS5-CIziSRsJ5Sg117g_tPumLgllrBpj6afnbJH3Ne1sTw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:31 GMT
etag: "94c0a24c5d47a636e45a3694c694815091aee213"
content-type: image/jpeg
age: 23928
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 22723
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 25342
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549d8f22-b421-4fad-867d-64232284ffaf.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549d8f22-b421-4fad-867d-64232284ffaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9409d3b4b0f8f973d9acab2b744d8dd0
15431d807c3fe818a9b363f1c725c1860e939799
ddde1e1c8faef040370396ccda3a5090e64b63a1bddbe642c128d66849c1caa4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549d8f22-b421-4fad-867d-64232284ffaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8148
x-amzn-requestid: a9d4782b-b24e-4b72-9994-b9efa680c2fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEOHxIoAMFvUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8081-1d17982c4fe45adf0704f4c4;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VkajXQ1KEbO3T3sVDkH6XLx7pKr5cnHC2QOsR1EvKa7-8WPQrVFbXw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "15431d807c3fe818a9b363f1c725c1860e939799"
content-type: image/jpeg
age: 23938
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a803ab4e3d208f5f2f423789c4e2b979
15708b6218150e5f9d2970f2b3dd057f481ebb62
8b3c8774e9bba02ab66d2f2fc6a195a0e407f16e5a1b968c8eaa5b9d88628702
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B3C8774E9BBA02AB66D2F2FC6A195A0E407F16E5A1B968C8EAA5B9D88628702"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3551
Expires: Sat, 04 Feb 2023 05:48:32 GMT
Date: Sat, 04 Feb 2023 04:49:21 GMT
Connection: keep-alive
counter.yadro.ru/hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486195576
88.212.201.204200 OK 43 B URL HTTP/1.1 counter.yadro.ru/hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486195576
IP 88.212.201.204:0
ASN #39134 United Network LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486195576 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:21 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
dominantroute.com/bens/vinos.js?23433&u=null&a=0.8613778089825537
193.200.64.20200 OK 140 kB URL HTTP/1.1 dominantroute.com/bens/vinos.js?23433&u=null&a=0.8613778089825537
IP 193.200.64.20:0
ASN #6681 Rozetka Sp. z o.o.
File type ASCII text, with very long lines (727)
Size 140 kB (140300 bytes)
Hash fe31641943ccddfac9d5150d379c1bad
28fcf8cf8bd375059b392cd33a67bfe9a58c636e
39b59d8e3d2c64aea3714167afc52b56516dd14e5c4ddc91b25dff422acec312
GET /bens/vinos.js?23433&u=null&a=0.8613778089825537 HTTP/1.1
Host: dominantroute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:21 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa TIA"
Set-Cookie: uuid=16754858291532635802; expires=Mon, 03-Feb-2025 04:49:21 GMT; Max-Age=63072000; path=/; samesite=None; domain=.dominantroute.com; secure
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 23913
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2