Report - gta4.moy.su/news/mody_dlja_gta_4_eflc

Report Overview

Submitted URL
gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
IP
195.216.243.102
ASN
#57724 Ddos-guard Ltd
Submitted
2023-02-04 04:49:29
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
14
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.1 kB	4.2 kB	142.250.74.131
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	402 B	1.1 kB	216.58.211.4
ct.mediaboom.site	667838	2021-11-27T09:31:25Z	2023-03-13T05:57:41Z	377 B	375 B	199.115.116.43
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	71 kB	34.120.237.76
dominantroute.com	unknown	2022-10-19T12:20:59Z	2023-03-13T08:17:18Z	396 B	141 kB	193.200.64.20
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	4.4 kB	12 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
wmcasher.ru	unknown	2014-10-12T14:33:59Z	2023-02-19T18:20:56Z	289 B	24 kB	188.114.96.1
rot.spotsniper.ru	unknown	2017-01-30T12:09:40Z	2023-03-13T05:57:41Z	728 B	716 B	31.172.81.160
counter.yadro.ru	7275	2014-09-09T20:41:17Z	2023-03-13T07:26:53Z	2.5 kB	1.7 kB	88.212.201.204
s2.ucoz.net	unknown	2017-02-08T12:36:23Z	2023-01-12T00:15:05Z	1.6 kB	8.4 kB	195.216.243.102
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.26.115.190
www.sairoscredit.ru	unknown	2012-11-09T16:49:00Z	2023-01-12T00:15:05Z	400 B	394 B	195.69.187.54
themes.googleusercontent.com	9661	2012-05-24T09:24:02Z	2023-03-13T07:59:39Z	488 B	61 kB	142.250.74.97
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	433 B	169 kB	142.250.74.99
gta4.moy.su	unknown	2015-03-15T14:58:53Z	2023-02-04T04:06:50Z	25 kB	934 kB	195.216.243.102
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	1.4 kB	7.6 kB	104.18.20.226
sairoscredit.ru	unknown	2012-11-09T16:49:00Z	2023-01-12T00:15:19Z	396 B	492 B	195.69.187.54

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-04 04:49:51	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:51	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:51	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:51	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-02-04 04:49:52	medium	Client IP	195.216.243.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	Malware
2023-02-04	medium	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	Malware
2023-02-04	medium	gta4.moy.su/?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x	Malware
2023-02-04	medium	gta4.moy.su/?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg	Malware
2023-02-04	medium	gta4.moy.su/.s/src/ulightbox/ulightbox.min.js	Malware
2023-02-04	medium	gta4.moy.su/.s/src/jquery-1.12.4.min.js	Malware
2023-02-04	medium	gta4.moy.su/stat/1675486160	Malware
2023-02-04	medium	gta4.moy.su/.s/src/uwnd.min.js	Malware
2023-02-04	medium	gta4.moy.su/.s/img/icon/social/vk.svg	Malware
2023-02-04	medium	gta4.moy.su/.s/img/icon/social/fb.svg	Malware
2023-02-04	medium	gta4.moy.su/.s/img/icon/social/ok.svg	Malware
2023-02-04	medium	gta4.moy.su/.s/img/icon/social/ya.svg	Malware
2023-02-04	medium	gta4.moy.su/.s/img/icon/social/gp.svg	Malware
2023-02-04	medium	gta4.moy.su/?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	rot.spotsniper.ru/?src=ujs6	1 B	2023-03-07	2024-04-19
Pretty URL rot.spotsniper.ru/?src=ujs6 IP 31.172.81.160 ASN #44066 diva-e Datacenters GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:53 Last Seen2024-04-19 11:01:30 Times Seen21095 Hash 7215ee9c7d9dc229d2921a40e899ec5f b858cb282617fb0956d960215c8e84d1ccf909c6 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 Loading...

	gta4.moy.su/?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x	1.2 kB	2023-03-13	2023-03-13
Pretty URL gta4.moy.su/?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:23:02 Last Seen2023-03-13 16:23:02 Times Seen1 Hash 0f716af1d333e0afa19c739b43a6c902 a87e6278830d003fd9be744305914a631aa0ffaf 11617f80fefaf73ead17f9af11ac7128c375cdda3186b4f7304dfbda8a94cce2 Loading...

	gta4.moy.su/?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg	811 B	2023-03-07	2023-03-29
Pretty URL gta4.moy.su/?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2023-03-29 21:31:56 Times Seen41 Hash 4a33e7cd7558f3f5a86d0fc27aee8c90 50fc0ad44d3917690997ca278091e53d0d575362 d6304d22c2821d367e3697cb9fa4e6dbeb093b8634fccd35312664d30d72b330 Loading...

	gta4.moy.su/.s/src/jquery-1.12.4.min.js	97 kB	2023-03-07	2024-04-19
Pretty URL gta4.moy.su/.s/src/jquery-1.12.4.min.js IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-19 12:27:30 Times Seen118531 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 15:15:09 Times Seen36961212 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru	905 B	2023-03-13	2023-03-13
Pretty URL www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:42:41 Last Seen2023-03-13 20:24:56 Times Seen1 Hash 84518fa08eadd1fc3985ebbda11e48f8 b8c98abf29351b2f2d799ce810ec531805943cfa c213d185a70674f2afcdbe21da51a0d79217c6b4f5bd0458060d930fea80d80b Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	143 B	2023-03-11	2023-03-26
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:58:34 Last Seen2023-03-26 13:46:27 Times Seen3 Hash b3f328cd4c7a60ff9f130374a5326415 7e82f6ef02a4c26ce779191313b0c831b8279cf1 9448de56f4ff0d076edb02335eb7768a8230b55f8c8b8890fe7c323d2e9b2680 Loading...

	gta4.moy.su/.s/src/ulightbox/ulightbox.min.js	22 kB	2023-03-07	2024-01-27
Pretty URL gta4.moy.su/.s/src/ulightbox/ulightbox.min.js IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2024-01-27 00:58:17 Times Seen13 Hash 15034a8dbe3e2923bfccb8b7521379de f864a37e5bfe9b2ff516bedaf6f59ab7e5387c89 eb2476907f027bd6dcf4f61cecffcd85dd4aaf66ee6615d32fba5359615edad7 Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	319 B	2023-03-07	2023-04-05
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-04-05 02:07:30 Times Seen91 Hash 3b4f4ff3893180cb906d3fa740bb5b93 44aedaacef51eeb63c93827bbec6a0dc96132d61 59f57c47e99cc24e24adbcd2855e26f0569c53727530906e07f051f648dfd4b4 Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	2.3 kB	2023-03-13	2023-03-13
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:23:02 Last Seen2023-03-13 16:23:02 Times Seen1 Hash 9a1b06367ac5843c63ca9f559b7f0441 162461d8c969fbd823393ca748a20b96c7961ac3 f95bbe990e0f362a1692b6e541074b5ae7b23a9a9ab0911fd7793eb9d332cb1e Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	461 B	2023-03-08	2023-09-13
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:47:59 Last Seen2023-09-13 11:32:31 Times Seen4 Hash a4d609cbf8d4cfbeacf095dcb64d6e98 306c3b818d064b419b1e88b4666900462cbed509 0d6ddad778c696c26772b953e23d59927c46884000e3083d88226c7f4355135f Loading...

	www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js	448 kB	2023-03-13	2023-03-13
Pretty URL www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:42:41 Last Seen2023-03-13 20:49:51 Times Seen1 Hash ec1c29d6c645f0a5fa2c45dd668a6ea0 3bf9beaa2cbbc86de3d7b7799e03c607d05f3106 ea77e24865253eb87f46066261e2c6a1b74b06b80e005f0e7a1b30fcaa96c037 Loading...

	dominantroute.com/bens/vinos.js?23433&u=null&a=0.8613778089825537	140 kB	2023-03-13	2023-03-13
Pretty URL dominantroute.com/bens/vinos.js?23433&u=null&a=0.8613778089825537 IP 193.200.64.20 ASN #6681 Rozetka Sp. z o.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:23:02 Last Seen2023-03-13 16:23:02 Times Seen1 Hash fe31641943ccddfac9d5150d379c1bad 28fcf8cf8bd375059b392cd33a67bfe9a58c636e 39b59d8e3d2c64aea3714167afc52b56516dd14e5c4ddc91b25dff422acec312 Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	1.1 kB	2023-03-08	2023-03-26
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:47:59 Last Seen2023-03-26 13:46:27 Times Seen3 Hash 0bae846d020f9fecb1c44e7128dbcea1 b19092d98fd3534897e470783f5c21c79df2e131 41302761dfe83313e06bf094cf0cc8de5216b6da195664d7f97657ef61e3f051 Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	270 B	2023-03-08	2023-03-26
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:47:59 Last Seen2023-03-26 13:46:27 Times Seen3 Hash dc598a4538cc4fd50b429bd13c71d37d a3cdf8b2078ed5d65bbf9bef62a0dafe5f8ee1c1 81a85c828b604642fd1304150f831a78ca5898e14facbe9045025fa7bc9f8a78 Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	269 B	2023-03-08	2023-03-26
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:47:59 Last Seen2023-03-26 13:46:27 Times Seen3 Hash 6be9901b71edf956759d62ee795fd515 21b792ff864b650ed27022471db03bf54a17f056 9eebff68aae10e3ab5f77c706ee464354e433f789b02ef6d1fcc17381c13cdf3 Loading...

	gta4.moy.su/?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo	224 B	2023-03-07	2023-08-12
Pretty URL gta4.moy.su/?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:44 Last Seen2023-08-12 16:21:50 Times Seen82 Hash 72c97871e6f2bb7dac08250a88927425 547b31569435e2df436c9b108a4500962c7a82a6 ffc2812d6882ba202a26172aab29455538f0a8540cc4b9ee0bb39b5b15224d0b Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	209 B	2023-03-07	2024-04-14
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2024-04-14 22:39:54 Times Seen931 Hash ebe6bc0803293713c0cd5ccbb6858263 f7e12e4099d0b1539e6424fb35bed336f953239d de6c089a2079a7e9d7740a581839e60f99fc2b345f909a63fb8edce6e90dca4a Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	217 B	2023-03-07	2024-04-14
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2024-04-14 22:39:54 Times Seen927 Hash 643968481bd70d1b90acb3623acc1cbf a48c24f35825a4f9a22bb98e54b972ab914d0da6 1cc7811671da38d961a9ab7caf93a642e6b64d30f56cfe7e94370f25f190df2c Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	834 B	2023-03-07	2023-03-17
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2023-03-17 12:26:11 Times Seen1 Hash ec76061dc582f7bc36902e0a765a303f 1c671f99bf12c9cac6e8de037f41d1f5eff6583c d67ba6ac6078a8e2d78e6ce8b166eaab791d844a52083e320f864bf07eb234cb Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	2.1 kB	2023-03-08	2023-03-14
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:02:48 Last Seen2023-03-14 17:06:02 Times Seen1 Hash 25fb041931c4f28e1e3f6394dc238eee b967921376ca13ab206e63cb15db485a6ace9007 e6d9088b5b97c8f66850b591c5895832c9c854971393718e7b344732f3641900 Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	829 B	2023-03-13	2023-03-13
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:23:02 Last Seen2023-03-13 16:23:02 Times Seen1 Hash 272ea0891c2dca0ff5696de8b144e79d a103d261b95354f94354f15d4841b7a5b9437fab 4aa43c7de7aae7f42b730bde934994b4950d8c93f931400fbd86961e4d1b4f34 Loading...

	gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18	190 B	2023-03-13	2023-03-26
Pretty URL gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18 IP 195.216.243.102 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:23:02 Last Seen2023-03-26 05:48:11 Times Seen2 Hash da865c2350901382bc26a0dddaa6bbee 62d8f575c331e09946a67b83cb28d8579cfaad56 24cf243b992cded8abfd9abae828487ae88a1104122295c5b220e81d408d1c41 Loading...

		Size	First Seen	Last Seen
	#1 Write - 8b0fe86547ea1099fa2f32bd4c526c44	152 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 01:33:44 Last Seen2024-04-14 22:39:55 Times Seen1060 Hash 8b0fe86547ea1099fa2f32bd4c526c44 c180eadc55e8f386b0df85d043c4e682fb52ffb8 6887ab5beb82890d571c8f7c9d474bde94d3912e2b59247bab0fe77d408a026a Loading...

HTTP Transactions (111)

URL IP Response Size

gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /news/mody_dlja_gta_4_eflc_mashiny/7-0-18 HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3089
Expires: Sat, 04 Feb 2023 05:40:46 GMT
Date: Sat, 04 Feb 2023 04:49:17 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10022
Expires: Sat, 04 Feb 2023 07:36:19 GMT
Date: Sat, 04 Feb 2023 04:49:17 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 04:43:35 GMT
content-type: application/json
age: 342
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8478
Expires: Sat, 04 Feb 2023 07:10:35 GMT
Date: Sat, 04 Feb 2023 04:49:17 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Z8YW5Len4DptuW6jaeWBqyFUU+uvLXGnNyzPIChi2NZHBQ/62tpcqInBZNUtor5R/84Z7Wj5xAA=
x-amz-request-id: D976T77VNEWZZFQA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 03:52:41 GMT
age: 3396
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 04:49:17 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 04:07:19 GMT
age: 2519
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18

195.216.243.102

200 OK

12 kB

URL HTTP/1.1
gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (6749)
Size
12 kB (12295 bytes)
Hash
69fb5b80282752db101db7c859c27bc7
7badf60488885f759d978c3ff410eee9bee0cf6f
0f5a9adc5dd744a0be7c011a1db3ad4c6508476eb38a8580681967c820c406c3

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /news/mody_dlja_gta_4_eflc_mashiny/7-0-18 HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: 7gta4uCoz=; path=/; expires=Thu, 04-Feb-2021 04:49:20 GMT; Secure; HttpOnly; domain=.gta4.moy.su
7gta4uCoz=; path=/; expires=Thu, 04-Feb-2021 04:49:20 GMT; Secure; HttpOnly; domain=.gta4.moy.su
7gta4uzll=1675486160; path=/; expires=Sun, 04-Feb-2024 04:49:20 GMT; Secure; domain=.gta4.moy.su
ucvid=j9BTM1wAce; domain=moy.su; path=/; expires=Sun, 04-Feb-2024 04:49:20 GMT
7gta4pushi=1; path=/; expires=Sun, 05-Feb-2023 03:49:20 GMT; Secure
Pragma: no-cache
Vary: host
Last-Modified: Thu, 01 Jan 1970 00:00:16 GMT
Cache-Control: no-cache,no-store, private
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3402
Expires: Sat, 04 Feb 2023 05:46:00 GMT
Date: Sat, 04 Feb 2023 04:49:18 GMT
Connection: keep-alive

gta4.moy.su/?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x

195.216.243.102

200 OK

1.2 kB

URL HTTP/1.1
gta4.moy.su/?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
1.2 kB (1150 bytes)
Hash
0f716af1d333e0afa19c739b43a6c902
a87e6278830d003fd9be744305914a631aa0ffaf
11617f80fefaf73ead17f9af11ac7128c375cdda3186b4f7304dfbda8a94cce2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?atZtKzHJJbKShPczgEU0l4JwXM7A6V%217%5EZvtwm%5Ech9h0XJ%5E8hsPWbv3SaC6nx1Bt0uJrG%5EK5cMRL5mRQawDlI9JTKeXZLPdsALKuhJVNP%5EZdu%5Ej%5EQ03nKf%212kZByx%5ESxm5WXQSA%5EgACcdFwkNpjEMchrGlqRIfEGFYFlzE%5E4IGwgf7%219Z5%3BE%5ER2mQX8HdwqQ%3BLOu5vqhbTpSc4%21x HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache

gta4.moy.su/.s/src/base.min.css

195.216.243.102

200 OK

6.2 kB

URL HTTP/1.1
gta4.moy.su/.s/src/base.min.css
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (24508), with no line terminators
Size
6.2 kB (6161 bytes)
Hash
dd4ba2903316d6db69f617daf90784ce
8e6507274d9d719658129b3dd24af66d7fc6e4b3
6dd14bcbcbc05d7af92a78316a37519526eec0e21ad651d7a92d2ed5065ea90f

HTTP Headers

GET /.s/src/base.min.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Fri, 09 Dec 2022 12:35:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"63932b96-5fbc"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
621b586028d5acaf29b8777ca0872ce1
9d2a358576d0acab58e2eacf7765b686cee9181f
a7c99a5217e394c715679780ae1e3e60202653547212b0a4fd2efab0e1a01015

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gta4.moy.su/_st/my.css

195.216.243.102

200 OK

3.7 kB

URL HTTP/1.1
gta4.moy.su/_st/my.css
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
3.7 kB (3740 bytes)
Hash
afe8fe0477fe2d3dc547092679f91e80
bf5d80852c17d74675f2b682ebd0fe218547a2c3
8e402049aacbed21e9fb042dbd2e55bf9cb7a7ac17bd5731ea982579b028e796

HTTP Headers

GET /_st/my.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Mon, 24 Sep 2012 20:56:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5060c918-42ce"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

gta4.moy.su/.s/src/ulightbox/ulightbox.min.css

195.216.243.102

200 OK

1.4 kB

URL HTTP/1.1
gta4.moy.su/.s/src/ulightbox/ulightbox.min.css
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (4552), with no line terminators
Size
1.4 kB (1359 bytes)
Hash
9c03edbcbefe3eea8902981444de96f7
ca39997a1765ab084fb7e6740858176b9385c4ca
8487aa6ee4bd261bdf1f5b681cf96d347cd980ed45183c5a2a9571db6c891a08

HTTP Headers

GET /.s/src/ulightbox/ulightbox.min.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-11c8"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

gta4.moy.su/?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg

195.216.243.102

200 OK

811 B

URL HTTP/1.1
gta4.moy.su/?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
811 B (811 bytes)
Hash
4a33e7cd7558f3f5a86d0fc27aee8c90
50fc0ad44d3917690997ca278091e53d0d575362
d6304d22c2821d367e3697cb9fa4e6dbeb093b8634fccd35312664d30d72b330

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?Ae3p7zsNpDUiYBC%3BIhY71ARFsjkWC5t1VDdVc1Y0fFvjzfyWfAYIqq2Cd0W9Pg%3BvvkFpEbVKaygxWlOR4DnbWOH7mRCHS%219L%21UUypzQURvh8b2AC%3B%5E6UNBXTpqAO5C3p5GdctUSxSjDgsSdIFpeB7iaTHK2S8YLtj8z7Iw9HLS2hH4pserMURWp70dmOsmPqJZv381SbpdAB0vpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache

gta4.moy.su/.s/src/social.css

195.216.243.102

200 OK

610 B

URL HTTP/1.1
gta4.moy.su/.s/src/social.css
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (442)
Size
610 B (610 bytes)
Hash
af855dcd18719bcf0da15a9029755af1
d74d0ed8d96f2ebe46a7671564bf80eea6865103
9add1a323772a7c09260b63a21732472cb0204105c1d2bee763ea1429f0e26e9

HTTP Headers

GET /.s/src/social.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Wed, 01 Dec 2021 11:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"61a758f3-9b8"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

gta4.moy.su/.s/src/ulightbox/ulightbox.min.js

195.216.243.102

200 OK

7.6 kB

URL HTTP/1.1
gta4.moy.su/.s/src/ulightbox/ulightbox.min.js
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (22291), with no line terminators
Size
7.6 kB (7632 bytes)
Hash
3bb3aaa5262067cec461b32298975b05
4e11bfe49cd05fcdbd1e692fc87788da07e62161
61fa91bb508bfda7ee487ffaf0e38aa71cfab1ce78bb108d6c6140dc9b35ab22

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/src/ulightbox/ulightbox.min.js HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/javascript
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-5713"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

gta4.moy.su/.s/src/layer2.min.css

195.216.243.102

200 OK

5.3 kB

URL HTTP/1.1
gta4.moy.su/.s/src/layer2.min.css
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (21998), with no line terminators
Size
5.3 kB (5279 bytes)
Hash
8ad1b4a847d6cde41b1b9f2416150509
b0f1c4c805f209ca8cdd7db20741419f734c858c
a7778af1ac2346805926eefdcb6d6ad029c11c78a3f2cc2128a2e1f61ba03c50

HTTP Headers

GET /.s/src/layer2.min.css HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Fri, 09 Dec 2022 12:35:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"63932b96-55ee"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru

216.58.211.4

200 OK

575 B

URL HTTP/2
www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (905), with no line terminators
Size
575 B (575 bytes)
Hash
bfe95592d0262272b7ae1fe7416ff1b2
69cb6cb1b242a4b2c0fe84c48ef558a7a04b6f31
ca632e7b89838460e49da36ccc425ae6963422bb215b56397210a0ae84d6fec8

HTTP Headers

GET /recaptcha/api.js?onload=reCallback&render=explicit&hl=ru HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Sat, 04 Feb 2023 04:49:18 GMT
date: Sat, 04 Feb 2023 04:49:18 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 575
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

gta4.moy.su/.s/t/882/10.gif

195.216.243.102

200 OK

80 B

URL HTTP/1.1
gta4.moy.su/.s/t/882/10.gif
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 11 x 10\012- data
Size
80 B (80 bytes)
Hash
334e6a835617c126706ac3754403eb68
f7916246035d055af065f31b1dbec39ed1e1fb9a
cb8c13cb02c3bd8beefeccd2cc10d54270de65a457f7506723f972113554eae9

HTTP Headers

GET /.s/t/882/10.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 80
Last-Modified: Tue, 23 Feb 2016 13:19:08 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "56cc5c4c-50"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

s2.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.412912154791499

195.216.243.102

200 OK

0 B

URL HTTP/1.1
s2.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.412912154791499
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.412912154791499 HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15

gta4.moy.su/_nw/2/s96081741.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/2/s96081741.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s96081741.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s96081741.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/_nw/2/s00310405.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/2/s00310405.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s00310405.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s00310405.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/_nw/1/s84974119.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/1/s84974119.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s84974119.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s84974119.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/_nw/2/s69926273.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/2/s69926273.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s69926273.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s69926273.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/.s/img/cp/16.gif

195.216.243.102

200 OK

203 B

URL HTTP/1.1
gta4.moy.su/.s/img/cp/16.gif
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 80 x 15\012- data
Size
203 B (203 bytes)
Hash
46ba5585cb028f695cec74b314a4deac
0c9269c5f1188685f681d4317a1c1b97b9ff82c8
30f7129000c8ec10e577e9f6fad69333ee305f4b40de9cf138547c007d6efdfa

HTTP Headers

GET /.s/img/cp/16.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 203
Last-Modified: Mon, 21 Nov 2022 12:37:39 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "637b7113-cb"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/img/ma/uid.gif

195.216.243.102

200 OK

400 B

URL HTTP/1.1
gta4.moy.su/.s/img/ma/uid.gif
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 16 x 16\012- data
Size
400 B (400 bytes)
Hash
a032a355cf3f9e3e9c1bd8e54ef068f7
f34ecab3b7a9d57db9e26fe666e55cabac94edaf
369e1fbbd6a79ff1362bc00de6cc4789b6bd2c087d91811128c956ec2be4a9ce

HTTP Headers

GET /.s/img/ma/uid.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 400
Last-Modified: Mon, 21 Nov 2022 12:37:54 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "637b7122-190"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/1/s32298393.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/1/s32298393.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s32298393.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s32298393.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/_nw/2/s18180129.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/2/s18180129.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s18180129.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s18180129.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/ban/1.jpg

195.216.243.102

200 OK

27 kB

URL HTTP/1.1
gta4.moy.su/ban/1.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Size
27 kB (26787 bytes)
Hash
b3beda35e71b12be24978290abb3c6cc
f57f5d31e2367185cb6adf1372e796f691823b40
c58b1c365d878e52718246a334fa1ef394dbb8024d1f20cfaddf87e9f24a3b7a

HTTP Headers

GET /ban/1.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26787
Last-Modified: Tue, 08 Mar 2011 14:10:48 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e8-68a3"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/src/jquery-1.12.4.min.js

195.216.243.102

200 OK

34 kB

URL HTTP/1.1
gta4.moy.su/.s/src/jquery-1.12.4.min.js
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (32077)
Size
34 kB (33793 bytes)
Hash
eed194bd33958fd0768352b877915a40
db7a4073a53efb53155652219d948940efe6baa7
9eaac8a63f3851efef83bd151a558f6c8d8e6bb75c7725625cf8892b6312aa06

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/src/jquery-1.12.4.min.js HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/javascript
Last-Modified: Thu, 01 Sep 2022 17:43:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef5b-17b8b"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

gta4.moy.su/stat/1675486160

195.216.243.102

200 OK

421 B

URL HTTP/1.1
gta4.moy.su/stat/1675486160
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 87a, 88 x 31\012- data
Size
421 B (421 bytes)
Hash
f1f5d6186ba72315a9b4d0fc9188f69c
c128d211008f42d80901726253d3b29aecc860df
0308e8434412797a34efce8d60bfdc9dd0b11345c07b98d33f00d0267c8886fa

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /stat/1675486160 HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT

push.services.mozilla.com/

52.26.115.190

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.26.115.190:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2LFPC0BxwIicU9uy/Zr4zQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eEVTzIE6f7rwKZ+3YeuwdUvIvF0=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8176ac8bbb8fa05f36bdfa163da09e0c
b936c84c5fa7e781b12a17952c82bca546ca0575
1aa7e39fd02514a4023036a8a100d7e7898ee220063ebfb41c509264c81ed727

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

gta4.moy.su/.s/src/uwnd.min.js

195.216.243.102

200 OK

57 kB

URL HTTP/1.1
gta4.moy.su/.s/src/uwnd.min.js
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65536), with no line terminators
Size
57 kB (56796 bytes)
Hash
20adfead3a54ad11599adb1bab3d6fc6
23bb516448d5c643cb186ad9aec426388aa79dfd
b49b11429b509cf608a66bbcebc13cf63fa444b998c1a678d1bebfe33f7c2ff4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/src/uwnd.min.js HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/javascript
Last-Modified: Mon, 25 Apr 2022 10:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"626678ba-3334b"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

gta4.moy.su/ban/3.jpg

195.216.243.102

200 OK

27 kB

URL HTTP/1.1
gta4.moy.su/ban/3.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Size
27 kB (27029 bytes)
Hash
28be1f0c4d0a5d2d88bc3b9efe942368
3f451ac52aba6e9cc7b776a51f0092d8e0537df9
eae8ef626369a9359cee054c3fbb04fc130942310f4a31cef0bab85984957ab0

HTTP Headers

GET /ban/3.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 27029
Last-Modified: Tue, 08 Mar 2011 14:10:37 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638dd-6995"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/2/s08378640.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/2/s08378640.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s08378640.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s08378640.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/ban/4.jpg

195.216.243.102

200 OK

28 kB

URL HTTP/1.1
gta4.moy.su/ban/4.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Size
28 kB (27820 bytes)
Hash
8a86b0b0f38f80aef5abd3bb7ee88853
99dd1edf17cd2ee8c1e93652ddb11d6cd4848866
0f726ad21bc8bef4d0928a34fd7bc02ae88c1e6496f99896ad9d28272a90685e

HTTP Headers

GET /ban/4.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 27820
Last-Modified: Tue, 08 Mar 2011 14:10:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e2-6cac"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

wmcasher.ru/img/partner/wmcahsercredit100100.gif

188.114.96.1

200 OK

23 kB

URL HTTP/1.1
wmcasher.ru/img/partner/wmcahsercredit100100.gif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 100 x 100\012- data
Size
23 kB (23017 bytes)
Hash
074c44bfe357b3fc4b349fa66d12bac4
1b9df23c94c33ed94438c2569383d5a88c32335e
ceb55c4db8ef46799761878bbd77e0784cacf09f82a74737baa93ff33f7e07b1

HTTP Headers

GET /img/partner/wmcahsercredit100100.gif HTTP/1.1
Host: wmcasher.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:18 GMT
Content-Type: image/gif
Content-Length: 23017
Connection: keep-alive
Last-Modified: Thu, 04 Aug 2011 09:31:01 GMT
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xW1AqcCklbxwRfmSSbFfLVirTHliyVAkjiEZw%2Bb%2BYFim2yop3YL5mKkJtmSnCbblQvJl%2FXtTon3cvQO2YY5FQ1Yaft3sVLqPMzBjRr0jAL4up7oeVswcM8BQVpZupQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76b59350b61-OSL
alt-svc: h2=":443"; ma=60

gta4.moy.su/_nw/2/s25656120.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/2/s25656120.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s25656120.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/2/s25656120.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/_nw/1/s90786475.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/1/s90786475.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s90786475.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s90786475.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/_nw/1/s90605422.jpg

195.216.243.102

301 Moved Permanently

178 B

URL HTTP/1.1
gta4.moy.su/_nw/1/s90605422.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s90605422.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://gta4.moy.su/_nw/1/s90605422.jpg
X-Frame-Options: SAMEORIGIN

gta4.moy.su/ban/6.jpg

195.216.243.102

200 OK

28 kB

URL HTTP/1.1
gta4.moy.su/ban/6.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Size
28 kB (28227 bytes)
Hash
1d15741c01ecd36a87cdee9ad5765964
a884da0e3abf87b084fd53f1698a02d216df63ab
8021b6f7256089ab94d0bdcb1003996e38e98c37d5c87a7884f263d3625540cd

HTTP Headers

GET /ban/6.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 28227
Last-Modified: Tue, 08 Mar 2011 14:10:40 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e0-6e43"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/1/s32298393.jpg

195.216.243.102

200 OK

22 kB

URL HTTP/1.1
gta4.moy.su/_nw/1/s32298393.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x300, components 3\012- data
Size
22 kB (21677 bytes)
Hash
5876e17cdc22f969c94726c0d6b7d5e3
a2ae98301b0dcb9b26560ed43d8accc859037a4c
67874b2903cc4e42c3659c2b46011187bb3a3f3955f0d979db1b5d7b762ce944

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s32298393.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 21677
Last-Modified: Sun, 23 Jan 2011 09:40:03 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf773-54ad"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/ban/5.jpg

195.216.243.102

200 OK

26 kB

URL HTTP/1.1
gta4.moy.su/ban/5.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 184x153, components 3\012- data
Size
26 kB (26089 bytes)
Hash
2387d83cc09f1c0ba7bc083c7d8ebd6c
6a9595c1e32b9e38219f13c05171b88036c4c591
7570a3f9658b515509e23c2dbc43508240c26e1debc77044d035805f6b91d4db

HTTP Headers

GET /ban/5.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26089
Last-Modified: Tue, 08 Mar 2011 14:10:46 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e6-65e9"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/2/s96081741.jpg

195.216.243.102

200 OK

29 kB

URL HTTP/1.1
gta4.moy.su/_nw/2/s96081741.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x400, components 3\012- data
Size
29 kB (29003 bytes)
Hash
0365b8a491c6819b9c1e500ebceb060f
84f54a1956fe36306eedce12720c68bb2597bf06
5c09860189e346fa9ed2a2804718f73ce23d61137972c696bd0fd21771c4ccb1

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s96081741.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 29003
Last-Modified: Wed, 09 Feb 2011 07:15:36 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d523f18-714b"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/img/00.jpg

195.216.243.102

200 OK

215 kB

URL HTTP/1.1
gta4.moy.su/img/00.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2008:11:18 18:37:08], baseline, precision 8, 1024x768, components 1\012- data
Size
215 kB (215207 bytes)
Hash
09e048e88a64c6175ddfb0bb184dba57
e86aad9fd16759a7bd178477339d03883968f4c8
3b9e5426d9ae04154fa71034d70dfc9261377fae3fbb76ec3362463cc0b93fe0

HTTP Headers

GET /img/00.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 215207
Last-Modified: Sun, 13 Feb 2011 23:58:44 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587034-348a7"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/2/s00310405.jpg

195.216.243.102

200 OK

23 kB

URL HTTP/1.1
gta4.moy.su/_nw/2/s00310405.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x380, components 3\012- data
Size
23 kB (23127 bytes)
Hash
d132e2e8afd8fa8e11e45f09e7fef960
d797b5eaa2813ee3e004b712a7bd1a4621484056
7d1a82e26fe4ce1b3f8cab8c72528f4da953142688da588995b730bd7a736e0c

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s00310405.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 23127
Last-Modified: Wed, 09 Feb 2011 07:47:36 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d524698-5a57"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/1/s90786475.jpg

195.216.243.102

200 OK

26 kB

URL HTTP/1.1
gta4.moy.su/_nw/1/s90786475.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x385, components 3\012- data
Size
26 kB (25980 bytes)
Hash
a2ead9fa3194d99c5e74c6b996a7f4af
72f6bad04c1bfbfec0114d3d974645c8bff4894c
6cf1cd701997e2e637cf7a82eb7003a1da3f7977acdc86c90bbd56ce358099e4

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s90786475.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 25980
Last-Modified: Sun, 23 Jan 2011 09:18:50 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf27a-657c"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/1/s90605422.jpg

195.216.243.102

200 OK

17 kB

URL HTTP/1.1
gta4.moy.su/_nw/1/s90605422.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x237, components 3\012- data
Size
17 kB (16729 bytes)
Hash
a2f2bc61160f7bf4ce02720e272c74d1
29556bb87b8634fd1da4bd3b8b59cdca02ac10bb
a4f04a43bf32e19edafb6c9b57658d3f82f67df5ec6e84e8a6aa20005cd58947

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s90605422.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 16729
Last-Modified: Sun, 23 Jan 2011 09:29:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf502-4159"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/2/s08378640.jpg

195.216.243.102

200 OK

25 kB

URL HTTP/1.1
gta4.moy.su/_nw/2/s08378640.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x385, components 3\012- data
Size
25 kB (25423 bytes)
Hash
934be15ddba6640223376acf17c883dd
569531afadf522edf1ce52456dc74312349d99e2
7895ac2bcf97125fb9030b2cb6b074aae83d1731dfa8e3c5db39075f0cb98727

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s08378640.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 25423
Last-Modified: Sun, 23 Jan 2011 11:03:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3c0b19-634f"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/2/s18180129.jpg

195.216.243.102

200 OK

19 kB

URL HTTP/1.1
gta4.moy.su/_nw/2/s18180129.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x282, components 3\012- data
Size
19 kB (19332 bytes)
Hash
cba6872ebc19672afecbe6b6778ed863
a059083793714027158709b606a4d48418eb8e59
a386e23d45e612433e79cbda0cb7826b833212b2be3906c2c553743d25fbf26f

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s18180129.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 19332
Last-Modified: Sun, 23 Jan 2011 09:53:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bfa90-4b84"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/img/icon/social/vk.svg

195.216.243.102

200 OK

772 B

URL HTTP/1.1
gta4.moy.su/.s/img/icon/social/vk.svg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
772 B (772 bytes)
Hash
7c4eb8cae0b565c023c4406add5f8041
079ce5d3277df672b57a73476a28d0bf0b1c1fe2
05a3f8587400860aa87bb18c9a9cd5b22a45ca4fc4a37a7922d29e48549b2fc9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/img/icon/social/vk.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 772
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-304"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/img/icon/social/fb.svg

195.216.243.102

200 OK

611 B

URL HTTP/1.1
gta4.moy.su/.s/img/icon/social/fb.svg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
611 B (611 bytes)
Hash
d178cc46dcbcf2b6f19445674fe3fe58
26f9747489d9e796926f7bbe11817c420afda3af
a9265d79c9ff74d4deeab5dce9643ed838018a6b4346605e002867858534f4bf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/img/icon/social/fb.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 611
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-263"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/2/s69926273.jpg

195.216.243.102

200 OK

24 kB

URL HTTP/1.1
gta4.moy.su/_nw/2/s69926273.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x349, components 3\012- data
Size
24 kB (23566 bytes)
Hash
6373a6d7f63a26ea42a534885069c1a8
9a1a07f3851ea3604c2726ac032ad43df7768d09
b0ff37ae600a286996f2377e1735c2a1b421afd61d9817442ca92cd02d64a825

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s69926273.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 23566
Last-Modified: Wed, 09 Feb 2011 06:58:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d523b22-5c0e"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/img/icon/social/ok.svg

195.216.243.102

200 OK

1.9 kB

URL HTTP/1.1
gta4.moy.su/.s/img/icon/social/ok.svg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.9 kB (1858 bytes)
Hash
08bbc2fa9b08463b0d061041d62b408e
370c53ccc3edd296cd35fb9e3de20dabfdae78d9
e1369586f1d82834ecc0ccab2f5f1a6f7565f2c715243d956bd7eb1404c8fba9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/img/icon/social/ok.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 1858
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-742"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/img/14.png

195.216.243.102

200 OK

3.8 kB

URL HTTP/1.1
gta4.moy.su/img/14.png
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 1200 x 21, 8-bit colormap, non-interlaced\012- data
Size
3.8 kB (3787 bytes)
Hash
30d76136b350f4da2a3851affa4857b4
3754c75af6dd737e38d162588a1b897cdbe29fb7
53a7eeb5714b1e4980eaf4defc747d897c24898254d805f34816febb4b008091

HTTP Headers

GET /img/14.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 3787
Last-Modified: Sun, 13 Feb 2011 23:58:46 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587036-ecb"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/img/1.png

195.216.243.102

200 OK

3.9 kB

URL HTTP/1.1
gta4.moy.su/img/1.png
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 1200 x 38, 8-bit colormap, non-interlaced\012- data
Size
3.9 kB (3946 bytes)
Hash
41b6d1c1491732e950c88fd4948fd09e
134a8703a740043c1e4e162a071320ec3544f9a1
f1a45b41d8717f89404ea3d2387ea8aaf921aedae1acc209ea95afa03e5bbc31

HTTP Headers

GET /img/1.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 3946
Last-Modified: Sun, 13 Feb 2011 23:58:44 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587034-f6a"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/img/100.png

195.216.243.102

200 OK

3.0 kB

URL HTTP/1.1
gta4.moy.su/img/100.png
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
3.0 kB (2960 bytes)
Hash
aa874d38228be0f1c6cc5b5d1a8ce1ab
c5a7b6f273aa646640d74f8deb410b3008edb396
d12853b0d3ebcb4c9c55146ec2e61a9704bddd77bd6663e5e32ee1c94a54a80c

HTTP Headers

GET /img/100.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 2960
Last-Modified: Sun, 13 Feb 2011 23:58:45 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587035-b90"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/img/6.png

195.216.243.102

200 OK

10 kB

URL HTTP/1.1
gta4.moy.su/img/6.png
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 200 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10218 bytes)
Hash
667b49f1eed4dbda2dcddaf1da0bbc11
437737cb2c4801906d62030c293b29d8d3a23e36
6ecad5e6220a2551ef0d94f89bf3773c56f116eaa757588993c0670a6d581dc6

HTTP Headers

GET /img/6.png HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 10218
Last-Modified: Sun, 13 Feb 2011 23:58:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d58703d-27ea"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/t/882/16.gif

195.216.243.102

200 OK

122 B

URL HTTP/1.1
gta4.moy.su/.s/t/882/16.gif
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 5 x 20\012- data
Size
122 B (122 bytes)
Hash
e908656b16e032ef4a32171be76a36fd
d5aad933183b391a294563c06dbdeee7d6091ca6
5086607173b563e49d9c59e6b512eee9f69580af995786f31491812996638e53

HTTP Headers

GET /.s/t/882/16.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 122
Last-Modified: Tue, 23 Feb 2016 13:19:08 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "56cc5c4c-7a"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
292eed04923896349bd9a8073fbaf670
764c2427e77b7fadd6ce5e946d3e4403657a652e
16bcd5e999638930d91e50a4ffde5bdf8580f348e1bce5bc37e179da65fa4ab2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16BCD5E999638930D91E50A4FFDE5BDF8580F348E1BCE5BC37E179DA65FA4AB2"
Last-Modified: Fri, 03 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21562
Expires: Sat, 04 Feb 2023 10:48:40 GMT
Date: Sat, 04 Feb 2023 04:49:18 GMT
Connection: keep-alive

gta4.moy.su/.s/img/icon/social/ya.svg

195.216.243.102

200 OK

660 B

URL HTTP/1.1
gta4.moy.su/.s/img/icon/social/ya.svg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
660 B (660 bytes)
Hash
7676c3eee5bd955efe08fd05367a443b
595e4e8dbf5ff472606434d0f45806d088de4c0c
b72d3f61ac56b4aa27bad5769589705004aff1f0ad341785ca72dc46ba16de5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/img/icon/social/ya.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 660
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-294"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/img/icon/social/gp.svg

195.216.243.102

200 OK

550 B

URL HTTP/1.1
gta4.moy.su/.s/img/icon/social/gp.svg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (534), with no line terminators
Size
550 B (550 bytes)
Hash
10d296226de121de55180e5b1b7d9d49
5980293f4f290734d09459d068a8c3996e43fe40
a657a4d5d05c6cd9b9f881ab6941e71f725c7eb451c9f37ceb514e45fdfd441d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /.s/img/icon/social/gp.svg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/.s/src/social.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/svg+xml
Content-Length: 550
Last-Modified: Fri, 01 Feb 2019 12:57:26 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c544236-226"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/ban/2.jpg

195.216.243.102

200 OK

48 B

URL HTTP/1.1
gta4.moy.su/ban/2.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 5 x 5\012- data
Size
48 B (48 bytes)
Hash
9750eb0573078058e4687dcba2794e89
e12a68b54a9eb1373083c1c35e020ec1b1561c16
b429a2de9dc7b091cb845285fab32e6004b12b5fbdcd66e43e9d34cba5b9e0a3

HTTP Headers

GET /ban/2.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26347
Last-Modified: Tue, 08 Mar 2011 14:10:44 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d7638e4-66eb"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/img/3.jpg

195.216.243.102

200 OK

162 kB

URL HTTP/1.1
gta4.moy.su/img/3.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=Paint.NET v3.36], baseline, precision 8, 1200x166, components 3\012- data
Size
162 kB (162327 bytes)
Hash
9ff8330795e4b78547bd397e642cb906
61eeafed54063f0045911e652ff18a8918676218
cdb50c1ca12875404668d61667d0e52f56ca90abad6d212d10538afded0e6833

HTTP Headers

GET /img/3.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 162327
Last-Modified: Sun, 13 Feb 2011 23:58:49 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d587039-27a17"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/.s/t/882/8.gif

195.216.243.102

200 OK

1.7 kB

URL HTTP/1.1
gta4.moy.su/.s/t/882/8.gif
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 527 x 23\012- data
Size
1.7 kB (1650 bytes)
Hash
33a3d7e7230d2a7e73669f8a212c4de4
cb802e0026f748424d7697807e74c4cb269e6a1a
6cbdab1c63ef4e6306319c889bdbf5efb417f7c9f15111138a2a0f5c82d58b89

HTTP Headers

GET /.s/t/882/8.gif HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/_st/my.css
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 1650
Last-Modified: Tue, 23 Feb 2016 13:19:08 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "56cc5c4c-672"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/_nw/1/s84974119.jpg

195.216.243.102

200 OK

26 kB

URL HTTP/1.1
gta4.moy.su/_nw/1/s84974119.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x385, components 3\012- data
Size
26 kB (26229 bytes)
Hash
fbcfc312da46e8344f88ee724b7763d8
8c3ff70001b23e790aca05d072a04e7acc145624
dfa3ae01a7dc91ad1a109acd0753f11e1ca59383d5f093f4177fe4eab339604b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/1/s84974119.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 26229
Last-Modified: Sun, 23 Jan 2011 09:22:56 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3bf370-6675"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

gta4.moy.su/?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo

195.216.243.102

200 OK

798 B

URL HTTP/1.1
gta4.moy.su/?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
798 B (798 bytes)
Hash
1ea80a2d3084ba93b3531bb9b0e712e6
d5245d8493b358618a2845c5f7dc1fa09f7a7af3
1802bf8ffc0aa155ee5f3ae4ba4817913d7b5d3fffe8999097bbdad800b0e0df

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?S%5EM51%218vrt7jpcdxJ5VX4MRAJu%5Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%3Bj0BTDXghwoo HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Content-Encoding: gzip

www.sairoscredit.ru/res/upload/banner/GIF3_1.gif

195.69.187.54

301 Moved Permanently

169 B

URL HTTP/1.1
www.sairoscredit.ru/res/upload/banner/GIF3_1.gif
IP
195.69.187.54:0
ASN
#60455 abc Ucranian-franch Joint Venture

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
9527755784f5014d2c94dcabdf6ae892
941126eba6b0b049b4a09fb846ebd943e894e068
5b111ef9f2dbaf8e8870567dc8e2302efe2b0feb9d4ba62ce74c1039ab663523

HTTP Headers

GET /res/upload/banner/GIF3_1.gif HTTP/1.1
Host: www.sairoscredit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.2
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://sairoscredit.ru/res/upload/banner/GIF3_1.gif

gta4.moy.su/_nw/2/s25656120.jpg

195.216.243.102

200 OK

27 kB

URL HTTP/1.1
gta4.moy.su/_nw/2/s25656120.jpg
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x408, components 3\012- data
Size
27 kB (27178 bytes)
Hash
c4e90b896bba4a1ed26669c56524ae81
2c0ad90856219a8e7a0f62824af31a959211c791
74fd07151dfbe0fad3be8227e1d4d60ec10d26668ca71a2ddc6b1e52ef867bbc

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/2/s25656120.jpg HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/jpeg
Content-Length: 27178
Last-Modified: Sun, 23 Jan 2011 10:59:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3c0a2d-6a2a"
Expires: Fri, 24 Feb 2023 04:49:20 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

s2.ucoz.net/adv/dummy/000/css/style.css

195.216.243.102

200 OK

1.6 kB

URL HTTP/1.1
s2.ucoz.net/adv/dummy/000/css/style.css
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
1.6 kB (1564 bytes)
Hash
50406c447ccad47ca9e5d53eff612ffb
16e3921585135a87a1066689c9c67a312d96c92d
01a0732bba96fb38be885a1d233fecf52e32c7e07e48cd05f6f07a3690ea304c

HTTP Headers

GET /adv/dummy/000/css/style.css HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Mar 2019 14:28:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5c9a3704-19eb"
Content-Encoding: gzip

s2.ucoz.net/adv/dummy/000/img/ucoz-logo.png

195.216.243.102

200 OK

4.6 kB

URL HTTP/1.1
s2.ucoz.net/adv/dummy/000/img/ucoz-logo.png
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 136 x 136, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4585 bytes)
Hash
14d37a3409afc2c450c62b97bc8019da
43fc12bf16a292d6d10b17ab7d1e37785288858c
fc4f998c5fcacc6cf161f1bedf46ec55e56273670ecce8b59e947b68d3c5bdb2

HTTP Headers

GET /adv/dummy/000/img/ucoz-logo.png HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/png
Content-Length: 4585
Last-Modified: Tue, 26 Mar 2019 14:28:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a3704-11e9"
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f32763d17ee930a84421656330650bd1
688473a7c570a6e84406eef1927df94bfccd1870
33f1a840a87b8ef5136065f9be370aa640573ab68d82e8a822d48bbd2eb837c1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff

142.250.74.97

200 OK

60 kB

URL HTTP/2
themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
Web Open Font Format, TrueType, length 60332, version 1.1\012- data
Size
60 kB (60332 bytes)
Hash
0d6d6ae28614efe13ec053eaeef473c1
20cd1c419ba0763bb4bbb1435bc0aed00452af2e
5dfdd878d2d6bdd50f37fde1800a044753dd00bac3c3a30a35f999b422a48ee1

HTTP Headers

GET /static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gta4.moy.su
Connection: keep-alive
Referer: https://s2.ucoz.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
timing-allow-origin: *
content-length: 60332
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 15:43:54 GMT
expires: Thu, 01 Feb 2024 15:43:54 GMT
cache-control: public, max-age=31536000
age: 219925
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f32763d17ee930a84421656330650bd1
688473a7c570a6e84406eef1927df94bfccd1870
33f1a840a87b8ef5136065f9be370aa640573ab68d82e8a822d48bbd2eb837c1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5c76765db19803e47b8e55555d07c127
f56f64baf69d020097ae18e7207795f418004b58
4b306b25755a2eda4cd50c82ca0c348a76a474c5b509c7b2b5bdedff7f9949cf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B306B25755A2EDA4CD50C82CA0C348A76A474C5B509C7B2B5BDEDFF7F9949CF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4881
Expires: Sat, 04 Feb 2023 06:10:40 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cbff38ff2fedd197ce23aab62520ebe5
5a615a636fe04ddf563a6cc5dc4bae400e525c83
69bef33937d0b49a5e448d9bf35dc0c7d45f4c59aacb89527adc4e1875d783bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "69BEF33937D0B49A5E448D9BF35DC0C7D45F4C59AACB89527ADC4E1875D783BC"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16969
Expires: Sat, 04 Feb 2023 09:32:08 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive

rot.spotsniper.ru/?src=ujs6&s_subid=btn

31.172.81.160

200 OK

1 B

URL HTTP/1.1
rot.spotsniper.ru/?src=ujs6&s_subid=btn
IP
31.172.81.160:0
ASN
#44066 diva-e Datacenters GmbH

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

HTTP Headers

GET /?src=ujs6&s_subid=btn HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/javascript
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

rot.spotsniper.ru/?src=ujs6

31.172.81.160

200 OK

1 B

URL HTTP/1.1
rot.spotsniper.ru/?src=ujs6
IP
31.172.81.160:0
ASN
#44066 diva-e Datacenters GmbH

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

HTTP Headers

GET /?src=ujs6 HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/javascript
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

gta4.moy.su/favicon.ico

195.216.243.102

200 OK

2.2 kB

URL HTTP/1.1
gta4.moy.su/favicon.ico
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
MS Windows icon resource - 1 icon, 32x32\012- data
Size
2.2 kB (2238 bytes)
Hash
8aa669baf3c25a970854c528605da2a0
aaa9c295c6a8ecec8427a36a8ec33243bdba4c12
288c5053b5af4930a7f0391743b53ccee86572a3b113f57e8a345381f0d42b60

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gta4.moy.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18
Cookie: 7gta4uzll=1675486160; ucvid=j9BTM1wAce; 7gta4pushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/x-icon
Content-Length: 2238
Last-Modified: Sun, 08 Feb 2009 03:14:28 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "498e4e14-8be"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

s2.ucoz.net/adv/dummy/000/img/bg.gif

195.216.243.102

200 OK

1.3 kB

URL HTTP/1.1
s2.ucoz.net/adv/dummy/000/img/bg.gif
IP
195.216.243.102:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 485 x 3\012- data
Size
1.3 kB (1268 bytes)
Hash
b19967d808ed7c42b41316d6c8474f55
18d80748bd4041b13a3373a429281ec65347a0e2
16c9962c4ecd52efc16d9d639d52fc60b9e427b6e454190d162f1aa1d220ad50

HTTP Headers

GET /adv/dummy/000/img/bg.gif HTTP/1.1
Host: s2.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s2.ucoz.net/adv/dummy/000/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:20 GMT
Content-Type: image/gif
Content-Length: 1268
Last-Modified: Tue, 26 Mar 2019 14:28:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a3704-4f4"
Accept-Ranges: bytes

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ff983b506-OSL

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ff8c40b41-OSL

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ff9e50b3d-OSL

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
f69b53009bb8be17d4fb2e6765b9b678
8131a3b0cb52c757d591d5de8cf55fbc41816a86
7a69dd5885363bdbdea12a8648738043aa15eea0f8c5e5a1ace83656faacc807

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:25:30 GMT
ETag: "8131a3b0cb52c757d591d5de8cf55fbc41816a86"
Last-Modified: Sat, 04 Feb 2023 00:25:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3338
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940c76ffcb61bfa-OSL

www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js

142.250.74.99

200 OK

168 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js
IP
142.250.74.99:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (883)
Size
168 kB (168061 bytes)
Hash
f6d3eb07c9239a65a97434694a46172b
2e8e3d2457fa992e86420d8bef03f3a973cc04ef
1a91214b383755fc1c15bae863f911320804c422ebfb9c4aecf0fb0abef7cbe6

HTTP Headers

GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__ru.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gta4.moy.su
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 168061
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 21:24:45 GMT
expires: Sat, 03 Feb 2024 21:24:45 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
age: 26674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192572

88.212.201.204

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192572
IP
88.212.201.204:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;ucoznet?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192572 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192930

88.212.201.204

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192930
IP
88.212.201.204:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;clickgate08?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192930 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 04:49:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192573

88.212.201.204

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192573
IP
88.212.201.204:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486192573 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;s1280*1024*24;uhttps%3A//gta4.moy.su/%3FS%255EM51%25218vrt7jpcdxJ5VX4MRAJu%255Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%253Bj0BTDXghwoo;1675486193305

88.212.201.204

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;s1280*1024*24;uhttps%3A//gta4.moy.su/%3FS%255EM51%25218vrt7jpcdxJ5VX4MRAJu%255Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%253Bj0BTDXghwoo;1675486193305
IP
88.212.201.204:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;ucoz_topline_worldwide?rhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;s1280*1024*24;uhttps%3A//gta4.moy.su/%3FS%255EM51%25218vrt7jpcdxJ5VX4MRAJu%255Ev4z1CkaGDg3uPe7KIT8zAsQNaEFgRefzPt5LKPz8D02Aa%253Bj0BTDXghwoo;1675486193305 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

sairoscredit.ru/res/upload/banner/GIF3_1.gif

195.69.187.54

404 Not Found

86 B

URL HTTP/1.1
sairoscredit.ru/res/upload/banner/GIF3_1.gif
IP
195.69.187.54:0
ASN
#60455 abc Ucranian-franch Joint Venture

File type
ASCII text, with no line terminators
Size
86 B (86 bytes)
Hash
4c534bfea8dbc5c6b6e6f23ec3f561a9
736099e8f2738aab0d2ca7f14911285ab3175d14
8f354848a7bfb33c0e944aa5c5756540f8e2c73ce6fcb51c14cf9a269c3a2df6

HTTP Headers

GET /res/upload/banner/GIF3_1.gif HTTP/1.1
Host: sairoscredit.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gta4.moy.su/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: nginx/1.20.2
Date: Sat, 04 Feb 2023 04:49:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: CoreCMS
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c9dfd3434200a45f2bed9b51b8f2f487; path=/; HttpOnly
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7ae0bfeb9d9d293bf8ecb124bccc45ea
ebde4c68eac108de41a74a75e1567048b60cdcdc
c49a2e28fc333dcae2aef8c81eb10cd0744314ac6e17991f77992908eb42ff98

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C49A2E28FC333DCAE2AEF8C81EB10CD0744314AC6E17991F77992908EB42FF98"
Last-Modified: Fri, 03 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7988
Expires: Sat, 04 Feb 2023 07:02:27 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive

ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr

199.115.116.43

302 Found

0 B

URL HTTP/1.1
ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr
IP
199.115.116.43:0
ASN
#30633 LEASEWEB-USA-WDC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?ce=gi4tqn3fmu5ha3ddf4ztmmjr HTTP/1.1
Host: ct.mediaboom.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
date: Sat, 04 Feb 2023 04:49:19 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1675486159.5808643; expires=Tue, 01-Feb-2033 04:49:19 GMT; Max-Age=315360000
location: http://ww16.ct.mediaboom.site/?ce=gi4tqn3fmu5ha3ddf4ztmmjr&sub1=20230204-1549-1913-afed-40214b91145d
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7857
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 04:49:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7992 bytes)
Hash
65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 23938
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8148 bytes)
Hash
8bee4ee9542d0c7a9cc8402d60e7cca2
95b8debca975255d2a0a60c5c6dde74040bd2f88
a6c63af682c3d4b11e5af0aa6b72921b8acf72626fb765a60e96d491d2a04c70

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca17cfb9-5ad6-429a-9791-23b12f01c467.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8148
x-amzn-requestid: a4cf6e4a-df1f-48c3-ae73-009f5becf3ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEtHTroAMFwGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8084-3ae929a84d43c3ea0336fcd8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: adu72wkRyshUviu2Qpk8rLCyN1kh46LIVQw7K4atunuEHQuFf62VXw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:12:49 GMT
age: 23790
etag: "95b8debca975255d2a0a60c5c6dde74040bd2f88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd573e5ee-5860-4f00-9316-68ffbc966d73.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7692 bytes)
Hash
bd5f43772dbf673858972c77e1e630d4
94c0a24c5d47a636e45a3694c694815091aee213
0b6c34a934eab27c326dab6c8b90e78e710a948ac7c4bf13ba907b5cda738c3e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd573e5ee-5860-4f00-9316-68ffbc966d73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7692
x-amzn-requestid: 4a8d5bcb-b1a0-4015-9fb1-c00f613de8e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEEH5JoAMF0Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8080-703ca5a95c06465c080a1c7d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Z04SY01AfS5-CIziSRsJ5Sg117g_tPumLgllrBpj6afnbJH3Ne1sTw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:31 GMT
etag: "94c0a24c5d47a636e45a3694c694815091aee213"
content-type: image/jpeg
age: 23928
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9500 bytes)
Hash
3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 22723
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13065 bytes)
Hash
cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 25342
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549d8f22-b421-4fad-867d-64232284ffaf.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8148 bytes)
Hash
9409d3b4b0f8f973d9acab2b744d8dd0
15431d807c3fe818a9b363f1c725c1860e939799
ddde1e1c8faef040370396ccda3a5090e64b63a1bddbe642c128d66849c1caa4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F549d8f22-b421-4fad-867d-64232284ffaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8148
x-amzn-requestid: a9d4782b-b24e-4b72-9994-b9efa680c2fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEOHxIoAMFvUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8081-1d17982c4fe45adf0704f4c4;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VkajXQ1KEbO3T3sVDkH6XLx7pKr5cnHC2QOsR1EvKa7-8WPQrVFbXw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "15431d807c3fe818a9b363f1c725c1860e939799"
content-type: image/jpeg
age: 23938
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a803ab4e3d208f5f2f423789c4e2b979
15708b6218150e5f9d2970f2b3dd057f481ebb62
8b3c8774e9bba02ab66d2f2fc6a195a0e407f16e5a1b968c8eaa5b9d88628702

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B3C8774E9BBA02AB66D2F2FC6A195A0E407F16E5A1B968C8EAA5B9D88628702"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3551
Expires: Sat, 04 Feb 2023 05:48:32 GMT
Date: Sat, 04 Feb 2023 04:49:21 GMT
Connection: keep-alive

counter.yadro.ru/hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486195576

88.212.201.204

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486195576
IP
88.212.201.204:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//gta4.moy.su/news/mody_dlja_gta_4_eflc_mashiny/7-0-18;1675486195576 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 04:49:21 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

dominantroute.com/bens/vinos.js?23433&u=null&a=0.8613778089825537

193.200.64.20

200 OK

140 kB

URL HTTP/1.1
dominantroute.com/bens/vinos.js?23433&u=null&a=0.8613778089825537
IP
193.200.64.20:0
ASN
#6681 Rozetka Sp. z o.o.

File type
ASCII text, with very long lines (727)
Size
140 kB (140300 bytes)
Hash
fe31641943ccddfac9d5150d379c1bad
28fcf8cf8bd375059b392cd33a67bfe9a58c636e
39b59d8e3d2c64aea3714167afc52b56516dd14e5c4ddc91b25dff422acec312

HTTP Headers

GET /bens/vinos.js?23433&u=null&a=0.8613778089825537 HTTP/1.1
Host: dominantroute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gta4.moy.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 04:49:21 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa TIA"
Set-Cookie: uuid=16754858291532635802; expires=Mon, 03-Feb-2025 04:49:21 GMT; Max-Age=63072000; path=/; samesite=None; domain=.dominantroute.com; secure

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8909 bytes)
Hash
a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 23913
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL