| ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/ | 162.159.137.9 | 301 Moved Permanently | 0 B |
URL HTTP/1.1ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/ IP162.159.137.9:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | medium | ET INFO HTTP Request to Suspicious *.cloud Domain |
GET /wp-content/plugins/elementor/zd/clients/ HTTP/1.1
Host: ayqowe.elementor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 16 Jan 2023 09:23:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 16 Jan 2023 10:23:49 GMT
Location: https://ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/
Server-Timing: cf-q-config;dur=7.0000023697503e-06
Vary: Accept-Encoding
x-powered-by: Elementor Cloud
Server: cloudflare
CF-RAY: 78a5cb6d4d240b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash2258cd6b877a3aca8f4c84074e65ac4b 4e46c70941f8e497e8afc8d078644e7f81761a1c faac4e0d123f2112b58953c104ea746cd53047fc1ada0ef5d669feecf78ddfff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FAAC4E0D123F2112B58953C104EA746CD53047FC1ADA0EF5D669FEECF78DDFFF"
Last-Modified: Sat, 14 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6623
Expires: Mon, 16 Jan 2023 11:14:13 GMT
Date: Mon, 16 Jan 2023 09:23:50 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash0643dc6b6fed33b3537160b6bb77bcbf aa43bd1fbb30d2219f3285c1ee4991ffb33562c5 f137438e30e0d69cba77ca2eb736687873e4a9c06cf88d23c6d55ea930fde09f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F137438E30E0D69CBA77CA2EB736687873E4A9C06CF88D23C6D55EA930FDE09F"
Last-Modified: Sat, 14 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2702
Expires: Mon, 16 Jan 2023 10:08:52 GMT
Date: Mon, 16 Jan 2023 09:23:50 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash30db107dcf4380cef05efea409c2e6a3 96e6a306fbc07299aba64e5c14e2bfca35872fa9 b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 16 Jan 2023 08:42:09 GMT
content-type: application/json
age: 2501
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashd6e2abd68203014e8e24d4a9e20e980a 5edbbb1a36083d5077b90b82e7aa10049e90c5d6 88cf8dae194a5e92a8c36a4c54ae71a609eaaed6e99d3986b3834c40d2fceeaa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "88CF8DAE194A5E92A8C36A4C54AE71A609EAAED6E99D3986B3834C40D2FCEEAA"
Last-Modified: Sun, 15 Jan 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7717
Expires: Mon, 16 Jan 2023 11:32:27 GMT
Date: Mon, 16 Jan 2023 09:23:50 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: p9tzJkBPZ8jnxE6bLg+39OpRitAukKXzirResNTSfIjB7jkT7BdrdRksQILypaKuse2sp4ZRLhQ=
x-amz-request-id: XKVS94SYMBW90PTS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 16 Jan 2023 08:55:45 GMT
age: 1685
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 16 Jan 2023 09:23:50 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 16 Jan 2023 08:33:46 GMT
age: 3004
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashe5f9cfd32ba0e755eba2eba2bca5bc3c 012c01ac7a06da9f57e0e1c24658a4bd40e82518 ffd7fc715a11f6579f953c2f0f65128000733620fcc777cd0a4c5bb895c64ad2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6563
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 16 Jan 2023 09:23:51 GMT
Last-Modified: Mon, 16 Jan 2023 07:34:28 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
|
|
| ayqowe.elementor.cloud/styles.css | 162.159.137.9 | 200 OK | 40 kB |
URL HTTP/2ayqowe.elementor.cloud/styles.css IP162.159.137.9:0
File typeASCII text, with very long lines (616) Hashbb177c7cfc20d1b29232f475a9d06cd6 a4e896ff976c9f0ba7e0260c3c5fa7b303047c6d 63228e9e7b0bde8f855265727cd7c87baadf02df366abd634e1b2110ce3bc469
GET /styles.css HTTP/1.1
Host: ayqowe.elementor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 16 Jan 2023 09:23:50 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400
last-modified: Thu, 29 Dec 2022 13:32:30 GMT
etag: W/"29d30-1855e1591b0"
cf-cache-status: MISS
expires: Mon, 16 Jan 2023 13:23:50 GMT
vary: Accept-Encoding
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 78a5cb70ae660af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 54.200.107.47 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.200.107.47:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PVhYFFLur3fbG0sq/f2ZTw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6AXDBn2dn8l/I2fGrY8q9zjRGcY=
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash6b6a65d2536cc8f99e68793ae265b595 f65e75f8419bd83e26f49def7fa2604db5f77b4d 94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5730
Expires: Mon, 16 Jan 2023 10:59:22 GMT
Date: Mon, 16 Jan 2023 09:23:52 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash6b6a65d2536cc8f99e68793ae265b595 f65e75f8419bd83e26f49def7fa2604db5f77b4d 94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5730
Expires: Mon, 16 Jan 2023 10:59:22 GMT
Date: Mon, 16 Jan 2023 09:23:52 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash6b6a65d2536cc8f99e68793ae265b595 f65e75f8419bd83e26f49def7fa2604db5f77b4d 94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5730
Expires: Mon, 16 Jan 2023 10:59:22 GMT
Date: Mon, 16 Jan 2023 09:23:52 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash6b6a65d2536cc8f99e68793ae265b595 f65e75f8419bd83e26f49def7fa2604db5f77b4d 94b31f7663e4917e8e97079202ef9fa340766f1ebfc2601360618d947f7dabc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94B31F7663E4917E8E97079202EF9FA340766F1EBFC2601360618D947F7DABC9"
Last-Modified: Sun, 15 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5730
Expires: Mon, 16 Jan 2023 10:59:22 GMT
Date: Mon, 16 Jan 2023 09:23:52 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg | 34.120.237.76 | 200 OK | 8.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg IP34.120.237.76:0
Hashf3125cca0d057bc2e0ce53e6731759d6 4b96e2b5e97a6a9f30c183f1b250b1907017e09e 90e65f8221c9c498fca6dbfd7d7858629deb8de86d613fdb9828237d8becafc7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2fb3ba8-a85e-42ba-b607-87ced36844b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5766
x-amzn-requestid: b6a8d7ee-ff35-4720-8d2e-ba2b8db6edfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbP4GDQIAMFTSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c47265-6022a62f69d8f938458d18a0;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YcIDYSEtEIIfGauNxD9V1tuSCAPDq9OaaAATRTOC3Sjlb-72IA0ScQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 22:02:24 GMT
age: 40888
etag: "2259cdebacc4c9f07aad838eec494863d4273ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6288fb14-98ed-45e9-92f6-6fabe4d7cf2f.jpeg | 34.120.237.76 | 200 OK | 7.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6288fb14-98ed-45e9-92f6-6fabe4d7cf2f.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha14364fe2ad784ef5db2ea66dcf18dba 3274bc2a0b6e41d6f44e31ab0e233f79677079d3 40ffbf3dd157214eb918c6babf69b94f657f354337001f0b7e06930bf6a47aae
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6288fb14-98ed-45e9-92f6-6fabe4d7cf2f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7291
x-amzn-requestid: 153fdafd-e094-4261-8202-065208ed543e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbOMGuxoAMFkJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4725a-68ba19037f23dae033513080;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dCzcLSv-R9QxYnx_d6iQJBWnYuZIIsHlwdKj4N_8yNlNHiSQ7RDDVQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 21:45:02 GMT
age: 41930
etag: "3274bc2a0b6e41d6f44e31ab0e233f79677079d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c941e9c-910c-4cd7-a013-a4dca3c5db2b.jpeg | 34.120.237.76 | 200 OK | 6.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c941e9c-910c-4cd7-a013-a4dca3c5db2b.jpeg IP34.120.237.76:0
Hash9c5058ef690bd228f31e9d90c73cf492 dc9fcfdd93d89eadcb13ec37d22537e6b9e2a2dc 915d230401bea656e4765abb78e2cad48351048fbcf71125fcec1f93104d1b75
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c941e9c-910c-4cd7-a013-a4dca3c5db2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3845
x-amzn-requestid: 4b8fa830-dad5-4f44-addd-2fcee42f417e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: excEMFt1oAMFeOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c3a6e7-703ffebe0297428c35eabdb6;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 07:10:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wMmYR9yEPelW_Q5_tnImorkseC1tr0EcDvNHeYBpNWB6l47og9HC5Q==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 04:54:34 GMT
age: 16158
etag: "2b2b272f1712319a5de86f8fac3f73b23e5ef4b0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg | 34.120.237.76 | 200 OK | 6.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha7917592de9f2ddbe7d3a7fa7f3d4d62 866b04ce93a30369d7cb0a6d2155a8b10292507f da58e1798bf0fcbfe771420a66bbf671cc84e0ca429e076fdc70bb8d73cddb18
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd986c41-5e27-40cc-8622-aeddbd283d0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6273
x-amzn-requestid: f5d21802-91ea-44cc-aeb2-8ec9af07e1a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ezbOyFwNIAMFZsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4725e-3028350e72b2ee7b6ae44f2c;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 21:38:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8ggqVFvybykQ-MJzU9H_L6JS9YqmLGsuaMJ34Qy7o6yoMOJOmvYsMA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 21:53:09 GMT
age: 41443
etag: "866b04ce93a30369d7cb0a6d2155a8b10292507f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f0659c5-1455-4203-aa61-f1bb301688cd.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f0659c5-1455-4203-aa61-f1bb301688cd.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash9768b1bb9048d23c6a631e153b47ab04 741da16203215f9d52e476214b1bdef332961a35 750b57d8c95b025da617f005eef0e3bf685f7778e8e039f70015d7bfb810cb3b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f0659c5-1455-4203-aa61-f1bb301688cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11040
x-amzn-requestid: 8d0ff3db-efbc-41ff-abd9-4f328129cfd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eroNIFEtIAMFS8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c153ed-138d582e22acee7017e9d4e9;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 12:51:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Gyoizb63vbxozvOs7WjPmHHB-O1iGBA_xBzTEoHqp9XGiqnPyQImGg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 15 Jan 2023 22:03:42 GMT
age: 40810
etag: "741da16203215f9d52e476214b1bdef332961a35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0022fa9-c30e-4529-88ce-9e459037d9a6.jpeg | 34.120.237.76 | 200 OK | 7.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0022fa9-c30e-4529-88ce-9e459037d9a6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha76dfabd1b1a4be07a8f20c5beeed1e5 d53e914a4967cb214161e9c6d6885384cce2c19e 769534c59ce01cdff3ff60f792db4a975eeca3d101d79b0e2d8e94b4e19da583
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0022fa9-c30e-4529-88ce-9e459037d9a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7820
x-amzn-requestid: 4655d49f-9376-4f60-bd81-cacef32798a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etkuvFANIAMFZ-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c21b2a-53fae20e204d44c801a5aa8e;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 03:02:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: taJKDvcq634PIyhQmsGOIEINUA3MgqJalDaKKDvlO-EfHOv69M5BaQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 16 Jan 2023 03:52:20 GMT
age: 19892
etag: "d53e914a4967cb214161e9c6d6885384cce2c19e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/ | 162.159.137.9 | 500 Internal Server Error | 0 B |
URL HTTP/2ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/ IP162.159.137.9:0
NIDS | Severity | Alert | suricata | medium | ET INFO HTTP Request to Suspicious *.cloud Domain |
GET /wp-content/plugins/elementor/zd/clients/ HTTP/1.1
Host: ayqowe.elementor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 500 Internal Server Error
date: Mon, 16 Jan 2023 09:23:50 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 78a5cb6f2cc00af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 | 104.16.56.101 | 200 OK | 0 B |
URL HTTP/2static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP104.16.56.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ayqowe.elementor.cloud
Connection: keep-alive
Referer: https://ayqowe.elementor.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 16 Jan 2023 09:23:50 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 78a5cb70dd011bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ayqowe.elementor.cloud/images/icons/logo.svg | 162.159.137.9 | 200 OK | 0 B |
URL HTTP/2ayqowe.elementor.cloud/images/icons/logo.svg IP162.159.137.9:0
GET /images/icons/logo.svg HTTP/1.1
Host: ayqowe.elementor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 16 Jan 2023 09:23:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=14400
last-modified: Thu, 29 Dec 2022 13:31:56 GMT
etag: W/"e8f-1855e150ce0"
cf-cache-status: MISS
expires: Mon, 16 Jan 2023 13:23:50 GMT
vary: Accept-Encoding
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 78a5cb70ae670af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ayqowe.elementor.cloud/images/errors/404.svg | 162.159.137.9 | 200 OK | 0 B |
URL HTTP/2ayqowe.elementor.cloud/images/errors/404.svg IP162.159.137.9:0
GET /images/errors/404.svg HTTP/1.1
Host: ayqowe.elementor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ayqowe.elementor.cloud/wp-content/plugins/elementor/zd/clients/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 16 Jan 2023 09:23:50 GMT
content-type: image/svg+xml
cache-control: public, max-age=14400
last-modified: Thu, 29 Dec 2022 13:31:56 GMT
etag: W/"3fcf-1855e150ce0"
cf-cache-status: MISS
expires: Mon, 16 Jan 2023 13:23:50 GMT
vary: Accept-Encoding
x-powered-by: Elementor Cloud
server: cloudflare
cf-ray: 78a5cb70ae690af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|