r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8404
Expires: Tue, 31 Jan 2023 04:19:47 GMT
Date: Tue, 31 Jan 2023 01:59:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10530
Expires: Tue, 31 Jan 2023 04:55:13 GMT
Date: Tue, 31 Jan 2023 01:59:43 GMT
Connection: keep-alive
xk7a903zl7i0ge.life/
216.240.130.67200 OK 168 B IP 216.240.130.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b7949a2c2cec5d0fc76270710f132d4e
a51a1a70d14193182bc1cca339efbf805da63a34
0de73e0545467494dda68a11a3203376a2653991d9b4ec3d0376175f23802a21
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET / HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:43 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 168
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5857
Expires: Tue, 31 Jan 2023 03:37:20 GMT
Date: Tue, 31 Jan 2023 01:59:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 31 Jan 2023 01:43:15 GMT
content-type: application/json
age: 988
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mWsknPJf+NqCTeuImbB+4+aPuWFFqPz9u61bcx7RmP8xXU5xB3KM1SQfOTnDe3fFDziNC+R9yYMenufFOk/6qw==
x-amz-request-id: NWCC9NHBRPA55VMK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 31 Jan 2023 01:50:59 GMT
age: 524
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 31 Jan 2023 01:59:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xk7a903zl7i0ge.life/favicon.ico
216.240.130.67200 OK 168 B URL HTTP/1.1 xk7a903zl7i0ge.life/favicon.ico
IP 216.240.130.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b7949a2c2cec5d0fc76270710f132d4e
a51a1a70d14193182bc1cca339efbf805da63a34
0de73e0545467494dda68a11a3203376a2653991d9b4ec3d0376175f23802a21
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /favicon.ico HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:43 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 168
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 31 Jan 2023 01:41:41 GMT
age: 1083
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9135
Expires: Tue, 31 Jan 2023 04:31:59 GMT
Date: Tue, 31 Jan 2023 01:59:44 GMT
Connection: keep-alive
xk7a903zl7i0ge.life/?type=really
216.240.130.67200 OK 7.7 kB URL HTTP/1.1 xk7a903zl7i0ge.life/?type=really
IP 216.240.130.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (385)
Hash a5ad9bd52461282c1278e007f2154444
1d4e02b93b88953de0d79c85cf1731c81ec27cab
b1234abb45bb8b3e704db917441878a4c59b0ef4e84f14e008db16156e5a7c8a
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /?type=really HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:44 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7732
Content-Type: text/html; charset=utf-8
push.services.mozilla.com/
35.81.157.247101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.157.247:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: CI6Gf5HIWdK69aaQ5lJecA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3di8B5+h7K2gdUUAS6HyzUNKCjM=
xk7a903zl7i0ge.life/index_files/sss.css
216.240.130.67200 OK 1.6 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/sss.css
IP 216.240.130.67:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (419)
Hash fc00b9b51a262a87f7e30db5c25268f0
be5c9ed88aa40ba4ee090374cbc243a30c93f7c0
e0a9cd18a5bea81bbfb6e154b2316035912806a57ddebb028ffa724e373585a5
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/sss.css HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:44 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:43 GMT
ETag: "3c3e-5e5c68786b793-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1572
Content-Type: text/css
xk7a903zl7i0ge.life/index_files/bootstrap-theme.css
216.240.130.67200 OK 2.9 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/bootstrap-theme.css
IP 216.240.130.67:0
File type Unicode text, UTF-8 (with BOM) text
Hash 57fcb8cfac4a97ec84257c82d2da8e17
dd6d312cf304fb0dc24695b8e83c3b3282731412
dbaeab16ebdafdfec537a31736236f890a6167181304558e90b11d9535c9ef65
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/bootstrap-theme.css HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:44 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:16 GMT
ETag: "6618-5e5c685eb9e0f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2859
Content-Type: text/css
xk7a903zl7i0ge.life/index_files/jquery.js
216.240.130.67200 OK 30 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/jquery.js
IP 216.240.130.67:0
File type ASCII text, with very long lines (65451)
Hash fb0e6981c97fba54d76f9b2bca152299
7c26673f6d5dd46220ca13f2197a5f5e70d06335
09b221854d59bd9fb7dcd7042f9fcee8b6b8f958d932096a9ca307e2d63813d0
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/jquery.js HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:44 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:33 GMT
ETag: "1538f-5e5c686e54dfe-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30307
Content-Type: application/javascript
xk7a903zl7i0ge.life/index_files/bootstrap.css
216.240.130.67200 OK 18 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/bootstrap.css
IP 216.240.130.67:0
File type assembler source, Unicode text, UTF-8 (with BOM) text, with very long lines (610)
Hash d790fc26c222737335b6f2a18101b74a
4d76c469aefb965a2c17f4851b6fbf629246bd1a
15cf2c8a32ec15d2955a34149f446c6bdfd28718025b8909a872fdd764d0dff2
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/bootstrap.css HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:44 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:18 GMT
ETag: "1c50d-5e5c6860b5f37-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17592
Content-Type: text/css
xk7a903zl7i0ge.life/index_files/amanda.jpg
216.240.130.67200 OK 891 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/amanda.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash d070b823d7ae1895a70949af0ae9298f
51b557d295c6abcf5ad6447e8f0d84f392bd321f
4da6bda13ac8ddd412f47839666da0b12ab3edbcb7cc3ae3af07d1b97595444a
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/amanda.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:13 GMT
ETag: "37b-5e5c685b57e2a"
Accept-Ranges: bytes
Content-Length: 891
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/julie.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/julie.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash e8dbd644fa43153a5cf2b76b1158fe42
27174aa2af0dd2b07ac62a3a5223b240ca539c88
7adca2afbba77c336d1d0ea5f3a227f0c716e3bbd6fb3809ac4625f6c476a1e8
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/julie.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:33 GMT
ETag: "3e9-5e5c686ee52a8"
Accept-Ranges: bytes
Content-Length: 1001
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/celia.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/celia.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 402d07abedd432eaaddbe608c8a95202
78a4ebdfae8dd7918f0ff8be1573bdef4369605c
a65d04b73c70e3e6b17db6fdf7ed02c9a8ed36e43f6d9ed5f3f8e187c35c2b8e
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/celia.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:21 GMT
ETag: "3f5-5e5c68639802c"
Accept-Ranges: bytes
Content-Length: 1013
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/sarah.jpg
216.240.130.67200 OK 1.2 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/sarah.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash a4c54598a73f215c7865c67c41b7480b
c148b2a81c8acb93502e1dd79f1b66f5008538a5
12270c8747dc92961adc727c4a259c0e14d8d4c5cd82926331fd2b269384d334
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/sarah.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:41 GMT
ETag: "492-5e5c6876bf3cd"
Accept-Ranges: bytes
Content-Length: 1170
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/alanna.jpg
216.240.130.67200 OK 871 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/alanna.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 90157745c6cf52455d5b74e4fca7193e
8599dc74922e71fa179bbde47ee00de6d281c303
4f4349cc43463dbd8fc24c00d595e0acd67079906a878fc8b42da05e7a5e488b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/alanna.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:11 GMT
ETag: "367-5e5c685a39be6"
Accept-Ranges: bytes
Content-Length: 871
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/kirs.jpg
216.240.130.67200 OK 761 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/kirs.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 800f0799173fcf65cece8a66b2426c8b
8728ca73d407da62745e4e51cf30851a920baa81
941a19b368f1be49c16df8e2787d96f2b683d6bfbb108b6cdc0ecc4719034222
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/kirs.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:34 GMT
ETag: "2f9-5e5c687005fe4"
Accept-Ranges: bytes
Content-Length: 761
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/header.png
216.240.130.67200 OK 20 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/header.png
IP 216.240.130.67:0
File type PNG image data, 1156 x 157, 8-bit colormap, non-interlaced\012- data
Hash 063a95529154028f2af0e59e108c212f
d874e88893b9a5aa10c6901994596d0587ddf379
04de73ffa9ceddb3b536e266db78de64a9130e1be184d561bceec1dc0bd87e21
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/header.png HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:27 GMT
ETag: "4e62-5e5c68692958f"
Accept-Ranges: bytes
Content-Length: 20066
Content-Type: image/png
xk7a903zl7i0ge.life/index_files/ba.jpg
216.240.130.67200 OK 64 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/ba.jpg
IP 216.240.130.67:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 750x500, components 3\012- data
Hash 7d7294b0e03147e998263a671efff1da
451d6ef22c3878e6b4f8a535c891997e42ca8081
f6b531c2446c1b6729d18dba8edc71c8580399f65420337152be29a63de7aa8b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/ba.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:14 GMT
ETag: "f8ab-5e5c685ccee59"
Accept-Ranges: bytes
Content-Length: 63659
Content-Type: image/jpeg
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5468
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 01:59:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5468
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 01:59:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5468
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 01:59:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5468
Expires: Tue, 31 Jan 2023 03:30:53 GMT
Date: Tue, 31 Jan 2023 01:59:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a2d26da68a313cc65958fc2692351c2
798c3538f3147ca77d317676ddd1bf040bd0f93b
76ce30224803d680c0115e987a712ce5552b2760beadf796a96b17439fb20797
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b71db36-11cb-45f6-a296-34813aea1c35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10898
x-amzn-requestid: e29f8dfc-07d4-4136-afaf-e1e067eea2ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zxGshIAMFw5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-5e87d2a44722af9e4e86c3d4;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: djoQmYTv7Rlq9tKKkJ5U1J3YeVSIs5yzSts_xRN3bdi27Ra8UfM6OQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:44:45 GMT
age: 15300
etag: "798c3538f3147ca77d317676ddd1bf040bd0f93b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e575f4c5e3aa793f846cadc8baf386c
f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d
09a5bbe4fb7f23ee43228267f30c1ef0cd8747e515e01c963df0756b866f23ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd328471c-fc31-49a3-ae71-21d6171a8237.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9700
x-amzn-requestid: 059475a7-d7de-4a44-9fc7-11fb24e201b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffB_9G8DIAMF64A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e399-57fea3031d1e93ec02308fac;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vzubP2I1xR5NF1amWIPiIlp6yPykWhz-CEbwDiJOs-eTWkTE-fvfjA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 04:12:11 GMT
age: 78454
etag: "f482a4e8e80ea5b6afc29e5cc1a9a2b8c2f0434d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b43468b05cd1fd11c398263a80e4edb2
02e964ea5a88c866267ac6c5601bfcde26ffd42b
19783f05297f7ed5d7ca8cec0fc0e1676831275ac48f1510a4f410dbe2802314
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa70b0b84-f0e7-44e4-a574-ee3e55fbc0d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4634
x-amzn-requestid: 2941da94-203c-47d1-99ee-d864bdbf6993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCAHF9kIAMFrUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e39a-78bb7189351d830a7ef70c67;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:10:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uwVY2yJq8mZgVFAkrRx3OPU0qJ7uI5aehpxP_ULNJX9BQJLCiUwo7g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 03:45:40 GMT
age: 80045
etag: "02e964ea5a88c866267ac6c5601bfcde26ffd42b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d957012d3e2b8c3bc0eefe11d66e8554
1959fdd94846fa3791c4890578dd15336b909dcc
a97e81ec5eb2eda6a603bf4bfd4fa4ef4fab762747479489e99e6c713258a736
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1295ec36-f5b2-4db1-83c7-667fa373f592.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13853
x-amzn-requestid: ca6ea6e7-3e13-4194-87f5-20a07b813e21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk3zzF4hIAMFwWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839b1-772487cb1b7495c52c552d36;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T5CaUojMEG8x8vki59UdIhI8IbbBRY_7w3xgiW3RCZlHTyeHPLIy2Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 21:47:13 GMT
age: 15152
etag: "1959fdd94846fa3791c4890578dd15336b909dcc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ee0e708ca11a9468634d2a7dff56510f
40d7c0f07b5218c4ceabcd7fc90af26bb3dc2cf3
e944a184377a91dae9fbc38ebc686fb95e261cb16ae09c7d69ababacffa75e57
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6c0b4d2-6327-4501-8fe0-017b08501835.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8529
x-amzn-requestid: 633fc342-7b5a-4103-970e-74730c08679b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fbhguFesIAMFqVQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d47c6a-38e274c36d39ef4f2dd6034a;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 01:37:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: URqrtcPijXsHDSPMQ3K9PHbq20O0KYuk3YyO91rNW7t10zCuF3g5wg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 15:47:08 GMT
age: 36757
etag: "40d7c0f07b5218c4ceabcd7fc90af26bb3dc2cf3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fc180ec5b99ac357db8775775c3c11
c9856a488e82bc330881377528bf2e53274ef5f3
a31fd6fc84f79b0f5fb79cccf490ddf61eb58bdaf57ca27f57a911332e550d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffea501ff-acf4-4b37-aa0a-baf417cf3694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5394
x-amzn-requestid: 16d876fb-0afd-4b5d-b19e-1029506fd6f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIgq2E4CIAMFiFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce178-1f08dc2105b6e182677004e7;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:10:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FoTKdVc567GRCEDn8JoMOs4-enQPpdvFhPafmSRsgCFZC78q8ba5pA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 30 Jan 2023 12:51:52 GMT
age: 47273
etag: "c9856a488e82bc330881377528bf2e53274ef5f3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xk7a903zl7i0ge.life/index_files/kloe.jpg
216.240.130.67200 OK 69 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/kloe.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x493, components 3\012- data
Hash 1914292614b83ae1627bb276808ae235
6bcf189618ed066611f89d64772cfd78c30f1db2
68499a64d9d1ac5991dae0a3be12f8f9ed7b17ca1cd3df4e03c1f9aa9b8c064d
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/kloe.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:35 GMT
ETag: "10c6f-5e5c6870c2b84"
Accept-Ranges: bytes
Content-Length: 68719
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/charlotte.jpg
216.240.130.67200 OK 46 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/charlotte.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 700x467, components 3\012- data
Hash 91eecbaefc8c64050787fea3a1f59b7e
859f56f60c3068473fc4bd70d909a86efba85f5b
c40c77ff949826ea3816e701cc720d5f1be74046904c59dadc22fcc652df1d84
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/charlotte.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:22 GMT
ETag: "b4f5-5e5c686452c8b"
Accept-Ranges: bytes
Content-Length: 46325
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/dragon.jpg
216.240.130.67200 OK 122 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/dragon.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3\012- data
Size 122 kB (122512 bytes)
Hash 21dbc14a1437a9605e68087ca494d80b
b794aec99342745684e6eb814d0b18728248de8f
162bba939f90750f53897ce5d5f005e736b9eb5f1aeac183867e8b5b12416698
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/dragon.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:25 GMT
ETag: "1de90-5e5c68676eb4f"
Accept-Ranges: bytes
Content-Length: 122512
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/ba2.jpg
216.240.130.67200 OK 136 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/ba2.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 800x399, components 3\012- data
Size 136 kB (135876 bytes)
Hash 2f3095269509d87e975ef832cbac843e
f575f99437afcc3321475964c6f90f936ad9c2b8
328ab56f63ec86d1558385e6b4ca9636c9c79c70d3500ca31b34c4ee66f1c22c
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/ba2.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 01 Nov 2022 06:38:51 GMT
ETag: "212c4-5ec62fa21b759"
Accept-Ranges: bytes
Content-Length: 135876
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/lauren.jpg
216.240.130.67200 OK 54 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/lauren.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 740x490, components 3\012- data
Hash d51ede31a50258d871b526fbce4ceacc
c10c909d7329ba0596c2042f3260780497b5f216
5196530f9eaa7c34fd5ad1204c80bf41327aa3063416556805723b9828ec81d0
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/lauren.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:45 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:36 GMT
ETag: "d286-5e5c687210b6e"
Accept-Ranges: bytes
Content-Length: 53894
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/aba1.jpg
216.240.130.67200 OK 30 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/aba1.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x404, components 3\012- data
Hash 6217017999a95832dfd57e07e69e7945
2d7294e24ecc583525a26929761156ba4c9c0d4e
450d0352972a053de543c24a224ca2497e50c9eddf7fc2a6c1d03d752eeaeec2
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/aba1.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:08 GMT
ETag: "7349-5e5c685698459"
Accept-Ranges: bytes
Content-Length: 29513
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/dawn.jpg
216.240.130.67200 OK 76 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/dawn.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x533, components 3\012- data
Hash 200147d9e294d48c805bc09a02ff3e56
88b89c93ef699255ddeecd507667adf4c936e6b6
91014821d0c70a791499f39000e73c0248976e728659d658dfbd9fac1d00d418
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/dawn.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:24 GMT
ETag: "128dd-5e5c6865ccb9b"
Accept-Ranges: bytes
Content-Length: 75997
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/weight7.jpg
216.240.130.67200 OK 10 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/weight7.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x180, components 3\012- data
Hash 5b1bce3ae4727ed88d426a00ad3765fc
d6f3f4b2f72c9831ee89a61f34eabb477dc877fb
2915682e9c8033614139aeb4ef33fc2bdfcf8c570eb829a55debe364505a00a8
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/weight7.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:44 GMT
ETag: "28d4-5e5c68798a58f"
Accept-Ranges: bytes
Content-Length: 10452
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/aba2.jpg
216.240.130.67200 OK 81 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/aba2.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x450, components 3\012- data
Hash 497b4eebc90cac9745f1ac4b4049ffa3
a78c17d96fc11f7c74e90d3275cad409812e42b7
b985b9dd09e85ddcf65c499c0fd3c0053678ec57a392a4cbaf0e823c3a51f003
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/aba2.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:09 GMT
ETag: "13df0-5e5c6857ab2eb"
Accept-Ranges: bytes
Content-Length: 81392
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/offer.jpg
216.240.130.67200 OK 4.3 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/offer.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 980x68, components 3\012- data
Hash abaa8f34d70ee49a3e3f510055969992
47bb47886d152a25f0e139ef470bc94878613ef2
230ef429b9add256371b8764789748638eb543dcb25e7c128098338cc8ae3029
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/offer.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:39 GMT
ETag: "10f1-5e5c68745413f"
Accept-Ranges: bytes
Content-Length: 4337
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/aba4.jpg
216.240.130.67200 OK 58 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/aba4.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 598x600, components 3\012- data
Hash e442e8254afcc932fd4619d5842d7bdb
e8b93a876579e30c4c261fbc6c32058de4ef6f96
7d5e01bbc9c0c91503221269b53bd47aec31fa126b71a842f2e3981d8f6bf529
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/aba4.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:11 GMT
ETag: "e203-5e5c6859a9f0c"
Accept-Ranges: bytes
Content-Length: 57859
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/aba3.jpg
216.240.130.67200 OK 81 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/aba3.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x722, components 3\012- data
Hash 407fb44dd7a607d30a54e91a205756de
77129774d443ba7f2514b275c8ba65060c4e1a81
65263c8e2d08fc64e18722d9c90265104101d4c316db16b19b42cb3d344ee8bf
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/aba3.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:10 GMT
ETag: "13c41-5e5c6858c1446"
Accept-Ranges: bytes
Content-Length: 80961
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/checkmark-green-sm.png
216.240.130.67200 OK 488 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/checkmark-green-sm.png
IP 216.240.130.67:0
File type PNG image data, 18 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash c131293b511073f9e4a264a56ca6b944
f8f5e6f5be5ef1fbd104e634e96328bcf9aa4c2c
19872432c4a730efd5c6e2f0a15f1e3f86bce97df466c0a6fb0a73850432fb3f
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/checkmark-green-sm.png HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:23 GMT
ETag: "1e8-5e5c6864e5846"
Accept-Ranges: bytes
Content-Length: 488
Content-Type: image/png
xk7a903zl7i0ge.life/index_files/button2.png
216.240.130.67200 OK 3.5 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/button2.png
IP 216.240.130.67:0
File type PNG image data, 229 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 049f30d5417a4c92b46513f94734307f
338a7afc29f7430a9183221b0d4fc64339ae8614
94cd2c9039943908e046bb41b6e0f8bb3e77fad1428d3c1c8d59f6db9fa9c4f0
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/button2.png HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Fri, 04 Nov 2022 10:54:42 GMT
ETag: "d96-5eca2e6ac6e00"
Accept-Ranges: bytes
Content-Length: 3478
Content-Type: image/png
xk7a903zl7i0ge.life/index_files/lewis.jpg
216.240.130.67200 OK 897 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/lewis.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash a0714ae616fe5659756b4dd4066c183d
b6035b482df527557413cf03dd546b037d283f3f
844bc3d24236102efe3bd13e56c4de4c8fbf24270b3d48bbae785f806bfe107a
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/lewis.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:37 GMT
ETag: "381-5e5c6872a0848"
Accept-Ranges: bytes
Content-Length: 897
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/jenni.jpg
216.240.130.67200 OK 1.2 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/jenni.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 1b39f74ed649d8245e76218d04a5efa3
cf710ec25ab89a0261b93808f01567d21dd5da51
e26b64b81552b655e6e2418694efcf358b6e182a047e08fa250cce76b471d462
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/jenni.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:31 GMT
ETag: "48f-5e5c686cd6c86"
Accept-Ranges: bytes
Content-Length: 1167
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/tanya.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/tanya.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 697a5efbb7e68b36cf219aaca0cb937f
f258db5db21b20948c8df104fdc0af0be2dd8585
9318b50bbc2ded39bbcecab7958c37f2d693255a3fad0ba277d050ad96817561
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/tanya.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:44 GMT
ETag: "3eb-5e5c6878fac9d"
Accept-Ranges: bytes
Content-Length: 1003
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/cash.jpg
216.240.130.67200 OK 905 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/cash.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 2bfddd0d6cb57db343057e28540d7789
7010cd0623c4a908c31207489d7537c711395188
c5928e5d40dcda2552668d6467d9ff53722df3ae2084a874d733bfdb8466e2fe
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/cash.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:20 GMT
ETag: "389-5e5c686269ffe"
Accept-Ranges: bytes
Content-Length: 905
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/katy.jpg
216.240.130.67200 OK 1.1 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/katy.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash b99e03a607b85ec110df647203b0f9c3
4787ffda4321b916434f10ae97751596902d6f90
c82c15d5f021c4ab3b4f8f58e8b13ba70435f5bc0cb071139665c74a070005c1
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/katy.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:34 GMT
ETag: "42d-5e5c686f7536a"
Accept-Ranges: bytes
Content-Length: 1069
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/FIGUR.jpg
216.240.130.67200 OK 240 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/FIGUR.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1776x1540, components 3\012- data
Size 240 kB (240050 bytes)
Hash 45f28f4e8fa0f3c9077ab236807bbc5c
7c785075e0ab641382cdd6d75376af3684723ae5
119f5c757f5bb5ac79f97e7aa7ab01f8861c1e51c018ede9fdd6eb9818e6ae88
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/FIGUR.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:46 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Thu, 03 Nov 2022 09:15:26 GMT
ETag: "3a9b2-5ec8d65d92c56"
Accept-Ranges: bytes
Content-Length: 240050
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/alice.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/alice.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 768cd4000ff49849af047ca539001f73
20d19d05118ab339d2aa7c982aabaad8f2858a13
a3668c61acd7a55a84b387b70f2c99bd125b93826cddd86e250c2d6949b08e45
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/alice.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:12 GMT
ETag: "402-5e5c685ac94d8"
Accept-Ranges: bytes
Content-Length: 1026
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/mark.jpg
216.240.130.67200 OK 1.1 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/mark.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash a6d2389fe77194b1910519339fa6986a
f675ab1921a93c885f64c89a2f8298b7554bd61d
bde1f0ee1a3b09bb92532be6975144f7586917435813896500466596e4986d54
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/mark.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:38 GMT
ETag: "44d-5e5c687330522"
Accept-Ranges: bytes
Content-Length: 1101
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/ashley.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/ashley.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 415f017906222cb2b8379f9978919da5
2761549593081194a78ab61c36ab58c5a1f2daed
f128ce2e8f807fb90dc53bd90e0ce589ce436ca44e70741b9a837b5b9075b142
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/ashley.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:13 GMT
ETag: "404-5e5c685be7b04"
Accept-Ranges: bytes
Content-Length: 1028
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/hick.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/hick.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 8c48184e56b85efab3dad12aac53186d
a383c94edcb0cb2372f43208274e2ddb31cabf4b
77d3ffc57b2976ba452e18f6e0f48a36383baaf6cfe5be4b7f522cb3d45fbf3b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/hick.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:30 GMT
ETag: "3e9-5e5c686bbb922"
Accept-Ranges: bytes
Content-Length: 1001
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/brit.jpg
216.240.130.67200 OK 983 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/brit.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 9b394b32e7b19f9502ce554006126eac
2ecb41cd0d6c98d1491b657a892b5766427d469d
12794d6340906f7a85e3e4bdb9bc949c2bcabcf2bcd196ad3653359c8b3127b5
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/brit.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:19 GMT
ETag: "3d7-5e5c686149a91"
Accept-Ranges: bytes
Content-Length: 983
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/shel.jpg
216.240.130.67200 OK 915 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/shel.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash f1a5ed16f97df8522c6bcafe7d48ee98
9896260ce70c010da7fc046e366365749082d126
51a254f10a58e12c79fdb7b2286e2f1621fbd0151056414e32e915e6513aae5b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/shel.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:42 GMT
ETag: "393-5e5c68774d937"
Accept-Ranges: bytes
Content-Length: 915
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/molly.jpg
216.240.130.67200 OK 904 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/molly.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 9e14543169e54c99eb67273b16031a9f
a726f407a09243f1f81f5b2058f5ffa0016b4bb3
953cf8c617d073c131d7eb678d50c3618a47837702fb2590d75e7914e53eafdf
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/molly.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:38 GMT
ETag: "388-5e5c6873c1d55"
Accept-Ranges: bytes
Content-Length: 904
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/jill.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/jill.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash ec3ef80a4e4f2021c2097e496c1d9aa3
82a155fe6ca75dfccad7b9ddc300a512b56053a7
6d01a780ef02b2473e38da960c5446e1d839f27a2efdedfef1b7d1571d0579ab
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/jill.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:32 GMT
ETag: "3f2-5e5c686d688a0"
Accept-Ranges: bytes
Content-Length: 1010
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/jenna.jpg
216.240.130.67200 OK 824 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/jenna.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 5745466c39db7ad2cecae71b4c1fa3d5
10688d5f7d090f951e9f379f2c91c5c221cb7dac
356e6e69d5dc7d2202f8a43691d291105f91f03d9b93fdc633b81d9e1446cc97
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/jenna.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:30 GMT
ETag: "338-5e5c686c496bc"
Accept-Ranges: bytes
Content-Length: 824
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/laura.jpg
216.240.130.67200 OK 1.1 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/laura.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash ead095590b9375e8c7bd8af497c0ab08
fd298e382eeeac8b243ab2ba2bcb54cd491ecc0b
7839950cd47f65e4d158f9343619361adf2abfb32e016a97330a3b485310a03b
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/laura.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:36 GMT
ETag: "468-5e5c68715302e"
Accept-Ranges: bytes
Content-Length: 1128
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/sara.jpg
216.240.130.67200 OK 1.1 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/sara.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 330b72546880fbb7fa0481605026b85f
008eaa896d548c74f275f1055ae14459f620c4b5
51f3eff6e22073f049aca5b1b97d3f33f4d93c84b41dc18324d3a672189192cd
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/sara.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:47 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:41 GMT
ETag: "458-5e5c68762f30b"
Accept-Ranges: bytes
Content-Length: 1112
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/silver.jpg
216.240.130.67200 OK 1.0 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/silver.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 80eb41366f2ca466acd60d5e1408204c
078ee35013bb1065cee8da38cf60ad1cba2460a8
d70169d634755cbafd67ed68b892b899322fb23cb3d7f8272ceea5366a39d592
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/silver.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:48 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:43 GMT
ETag: "40d-5e5c6877dc671"
Accept-Ranges: bytes
Content-Length: 1037
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/got.jpg
216.240.130.67200 OK 930 B URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/got.jpg
IP 216.240.130.67:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, extended sequential, precision 8, 50x50, components 3\012- data
Hash 7b4978ed2b409e387f808229a3f694c5
9add45facef34e9104e33855572c92781f9cb0e8
6a0055e2614acebed870961faa68fe5adeb927b7a889ae8a8fc1381c67062116
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/got.jpg HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:48 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:27 GMT
ETag: "3a2-5e5c68689b7f5"
Accept-Ranges: bytes
Content-Length: 930
Content-Type: image/jpeg
xk7a903zl7i0ge.life/index_files/header_768.png
216.240.130.67200 OK 1.5 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/header_768.png
IP 216.240.130.67:0
File type PNG image data, 768 x 46, 8-bit colormap, non-interlaced\012- data
Hash 63696453376f2083c1ea9294efe8cded
1efea74bd82407e6f1390ce25645f95b8630cf82
31fea6b9021c4353a634c0692a4dccf8cde5e9045d3eab39889b9b2163d14eec
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/header_768.png HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:48 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:29 GMT
ETag: "5ca-5e5c686b29920"
Accept-Ranges: bytes
Content-Length: 1482
Content-Type: image/png
xk7a903zl7i0ge.life/index_files/header_480.png
216.240.130.67200 OK 1.5 kB URL HTTP/1.1 xk7a903zl7i0ge.life/index_files/header_480.png
IP 216.240.130.67:0
File type PNG image data, 480 x 46, 8-bit colormap, non-interlaced\012- data
Hash d1aa9196555ef4aac88ed7561693a4c5
e6e9514c8cba13a793e2f92f5f1284a6393e360b
1f2ba03818df92bdea1d745ffcf9b3a231c3bc06478eebc7e37caa2023c5f154
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.life Domain
GET /index_files/header_480.png HTTP/1.1
Host: xk7a903zl7i0ge.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xk7a903zl7i0ge.life/?type=really
HTTP/1.1 200 OK
Date: Tue, 31 Jan 2023 01:59:48 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, close
Last-Modified: Tue, 09 Aug 2022 03:28:29 GMT
ETag: "5e9-5e5c686a9b3b6"
Accept-Ranges: bytes
Content-Length: 1513
Content-Type: image/png