r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14802
Expires: Thu, 30 Mar 2023 12:49:41 GMT
Date: Thu, 30 Mar 2023 08:42:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b93010cbf31ba3ec785b4088e5d0f529
c0f1ab8a2aae3c445a8f24959a4eea433a345caf
2cc1a5865dee7636b82a68deddd3aff8b697e846e37789a694cc3c7c47340590
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CC1A5865DEE7636B82A68DEDDD3AFF8B697E846E37789A694CC3C7C47340590"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3994
Expires: Thu, 30 Mar 2023 09:49:33 GMT
Date: Thu, 30 Mar 2023 08:42:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15137
Expires: Thu, 30 Mar 2023 12:55:16 GMT
Date: Thu, 30 Mar 2023 08:42:59 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Alert, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 30 Mar 2023 08:16:04 GMT
content-type: application/json
age: 1615
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: /h138L2Sv4t7a57FUvLyQ4w+279CbYTDgtYXa3VSJee5F4TN7yoNHVh6nAjG+osMQoxeRnEgSMQ=
x-amz-request-id: ZY4V6DG24XH7626W
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 30 Mar 2023 07:56:57 GMT
age: 2762
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 30 Mar 2023 08:42:59 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
194.105.131.44301 Moved Permanently 113 B URL HTTP/1.1 consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
IP 194.105.131.44:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash a538151abf3c20704faeaee365321629
461344deb2bce5e25cf9c7d6d95457440acd8b64
ab42be95b09a817c90cac87b497f4bbda67ee18770e38ac85ac0fa55b9bf5136
GET /document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/ HTTP/1.1
Host: consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Thu, 30 Mar 2023 08:43:00 GMT
Content-Type: text/html
Location: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Set-Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; Domain=.consultant.ru; HttpOnly; Path=/; Expires=Fri, 29-Mar-2024 08:43:00 GMT
CID=wmmDLGQlS5QfnddPsYimAg==; expires=Fri, 29-Mar-24 08:43:00 GMT; domain=consultant.ru; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Pragma, Backoff, Expires, Last-Modified, Content-Type, Alert, Retry-After, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 30 Mar 2023 08:14:37 GMT
age: 1703
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3df8c73360b4239af64e11f9d2388be
dc5463ff26615b40e4eab388052790d6c30ea5e6
877b23d16abf2e0e9f649f53747e82af0b75e8595abd71728254e612847cfdb6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "877B23D16ABF2E0E9F649F53747E82AF0B75E8595ABD71728254E612847CFDB6"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17278
Expires: Thu, 30 Mar 2023 13:30:58 GMT
Date: Thu, 30 Mar 2023 08:43:00 GMT
Connection: keep-alive
push.services.mozilla.com/
52.89.222.161101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.222.161:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oJN4+WENIsukkUcoQRsqXg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qLkls63Fm8Ih51tM5noXmtxZSQ0=
www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
194.105.131.45403 Forbidden 12 kB URL HTTP/1.1 www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
IP 194.105.131.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11541), with no line terminators
Hash 26ed30d23905cecae1fd736830415325
c78963d3ddbb6537f7f8b90c081f3ce8726f2fec
9227d66005bb476d3113325d395313b9d6260438dab016905d5a3960b463ffb0
GET /document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/ HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==
Upgrade-Insecure-Requests: 1
HTTP/1.1 403 Forbidden
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Set-Cookie: __ddgid_=IAwTwdQBpJsmxxvT; Domain=.www.consultant.ru; HttpOnly; Path=/; Expires=Fri, 29-Mar-2024 08:43:01 GMT
__ddgmark_=uCItsqS6HPK7pawx; Domain=.www.consultant.ru; HttpOnly; Path=/; Expires=Fri, 31-Mar-2023 08:43:01 GMT
__ddg5_=bgHL8VNne6NPt9ib; Domain=.consultant.ru; Path=/; HttpOnly; Expires=Thu, 30-Mar-2023 11:43:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 11689
www.consultant.ru/favicon.ico
194.105.131.45403 Forbidden 12 kB URL HTTP/1.1 www.consultant.ru/favicon.ico
IP 194.105.131.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11541), with no line terminators
Hash 26ed30d23905cecae1fd736830415325
c78963d3ddbb6537f7f8b90c081f3ce8726f2fec
9227d66005bb476d3113325d395313b9d6260438dab016905d5a3960b463ffb0
GET /favicon.ico HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib
HTTP/1.1 403 Forbidden
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 11689
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 09fedf2efbac964fd9a5c296d6e55b38
b8c5d0eb13cd7c22a8b266ff1d706d1d2f851678
dbd8adb1ba56b4b1668171d05cbf9f752a0e0e7232e6f0c4e8c2e9974ec8c2b1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 30 Mar 2023 08:43:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 20:53:32 GMT
Expires: Mon, 03 Apr 2023 20:53:31 GMT
Etag: "b8c5d0eb13cd7c22a8b266ff1d706d1d2f851678"
Cache-Control: max-age=388829,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7aff10062e47b512-OSL
check.ddos-guard.net/check.js
185.129.100.100200 OK 152 B URL HTTP/2 check.ddos-guard.net/check.js
IP 185.129.100.100:0
File type ASCII text, with no line terminators
Hash 156e146ac502027c665e3f74266d3ab8
6b462929ef09174e5b3dc6f9a7e6c3a35f33e207
111f976db0e7fd721bc8a1f80f352e825e200c45de66f43be83f5758600dcabb
GET /check.js HTTP/1.1
Host: check.ddos-guard.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.consultant.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
date: Thu, 30 Mar 2023 08:43:01 GMT
content-type: application/javascript
expires: Fri, 29 Mar 2024 08:43:01 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: private, s-maxage=0, max-age=31536000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
etag: xFt4cFWfJY6v5Miw
set-cookie: __ddg2=xFt4cFWfJY6v5Miw; Domain=check.ddos-guard.net; Path=/; HttpOnly; SameSite=None; Secure; Expires=Fri, 29-Mar-2024 08:43:01 GMT
content-length: 152
X-Firefox-Spdy: h2
www.consultant.ru/.well-known/ddos-guard/check?context=free_splash
194.105.131.45200 Ok 94 kB URL HTTP/1.1 www.consultant.ru/.well-known/ddos-guard/check?context=free_splash
IP 194.105.131.45:0
File type C source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash dec86fb322dae369c57a4cc12ef8e25d
aaeabb2acd99b2012658bf6d617e9d8eac10b225
338f411421879738925be253ad0743a61825d94581dc5c9c347b42e4f6782f72
NIDS Severity Alert suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /.well-known/ddos-guard/check?context=free_splash HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib
HTTP/1.1 200 Ok
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Content-Type: application/javascript
Expires: Thu, 30 Mar 2023 09:43:01 GMT
Content-Length: 93685
www.consultant.ru/.well-known/ddos-guard/id/xFt4cFWfJY6v5Miw
194.105.131.45200 Ok 68 B URL HTTP/1.1 www.consultant.ru/.well-known/ddos-guard/id/xFt4cFWfJY6v5Miw
IP 194.105.131.45:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash e679fbd466a2d656f194a5da4fa083cd
2aa795c7607aa6ea41313be88f1b7a9c1ab516b3
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710
NIDS Severity Alert suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /.well-known/ddos-guard/id/xFt4cFWfJY6v5Miw HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib
HTTP/1.1 200 Ok
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Content-Type: image/png
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: __ddg2_=xFt4cFWfJY6v5Miw; Domain=consultant.ru; Path=/; HttpOnly; Expires=Fri, 29-Mar-2024 08:43:01 GMT
Content-Length: 68
check.ddos-guard.net/set/id/xFt4cFWfJY6v5Miw
185.129.100.100200 OK 68 B URL HTTP/2 check.ddos-guard.net/set/id/xFt4cFWfJY6v5Miw
IP 185.129.100.100:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash e679fbd466a2d656f194a5da4fa083cd
2aa795c7607aa6ea41313be88f1b7a9c1ab516b3
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710
GET /set/id/xFt4cFWfJY6v5Miw HTTP/1.1
Host: check.ddos-guard.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.consultant.ru/
Cookie: __ddg2=xFt4cFWfJY6v5Miw
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ddos-guard
date: Thu, 30 Mar 2023 08:43:01 GMT
content-type: image/png
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie: __ddg2=xFt4cFWfJY6v5Miw; Domain=check.ddos-guard.net; Path=/; HttpOnly; SameSite=None; Secure; Expires=Fri, 29-Mar-2024 08:43:01 GMT
content-length: 68
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3345
Expires: Thu, 30 Mar 2023 09:38:46 GMT
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3345
Expires: Thu, 30 Mar 2023 09:38:46 GMT
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3345
Expires: Thu, 30 Mar 2023 09:38:46 GMT
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3345
Expires: Thu, 30 Mar 2023 09:38:46 GMT
Date: Thu, 30 Mar 2023 08:43:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 424b55535e5fd622b2fc96aac1246324
cf7cf08aa8969a86bf03695af2129686fd62fe86
c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 1cXec9_e-KpzyTwiHaNAaf0y5i12tw7BkZTXnduS5ek7yAAZ0LXTWw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:48:07 GMT
age: 39294
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f7d2537-a0a5-4a19-9229-144648b886b8.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f7d2537-a0a5-4a19-9229-144648b886b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db24198518d1a093c5c03e92e53925a2
288898a60e0a029946e7d770d2b0c64b6f3bf51d
4a15da439fa1a3ccdd3d329f250bacaab581287183293c4e367b05c2a83eb66d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f7d2537-a0a5-4a19-9229-144648b886b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12233
x-amzn-requestid: 781fd422-c720-49d7-bc90-6f8b18751caf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkAynHgNoAMFvCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424ae76-5327bf334c985816289507b9;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:32:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: nwdrJGU7u4C_ZtSQkSASfZ2qj8a31rIr87g_K8YvrrsoVN5yeN8CRQ==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:52:11 GMT
age: 39050
etag: "288898a60e0a029946e7d770d2b0c64b6f3bf51d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda18d5e-b73e-4202-b1f8-d36a10bc29f6.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda18d5e-b73e-4202-b1f8-d36a10bc29f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8de7c61ab5f849628db707ae7587904
f040cba140c3510c5e6fc0ae1e56505c3749d525
492ea40ba548983fcd3bc41a1e29b6337e4e4e83b1248dcccf82cc1e7e22df88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda18d5e-b73e-4202-b1f8-d36a10bc29f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6975
x-amzn-requestid: bd3a35e2-22bc-4b5d-8c46-74f21205e512
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkA4qHKCoAMFR4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424ae9d-7f1dd1175a4580f75a614254;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:33:17 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: Q39PWwkZfIyNwmE_PBk86LfcqDKgLlbLsU2ewpLgeCv9hehTL9Gvsw==
via: 1.1 8731d2a1a7d15f67b588bf58f652f9f0.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 22:04:53 GMT
age: 38288
etag: "f040cba140c3510c5e6fc0ae1e56505c3749d525"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0ac043d-a0e8-4634-a2f0-91eb887beb46.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0ac043d-a0e8-4634-a2f0-91eb887beb46.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 436db05a7bfdea78f479be0c3d48df38
ec1102be8a026e6d3bda038330d0bb40efae697b
336c3e71a8c0a7d24f786d83240f96bed040256e454121276965ebbf9d6887f9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0ac043d-a0e8-4634-a2f0-91eb887beb46.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7466
x-amzn-requestid: c8eb17dd-3fa5-415b-b287-c0844b90246e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkA6dFovoAMFb7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424aea9-682a6e4245ec88a62c46dcc3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:33:29 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: N6XZlvIdPAiyMxQPUmiOrU-ITvVbYBhwXQHSNFQIuGL7h3WnLVk9SA==
via: 1.1 5502255f9557c1e2c098b94110b6151c.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 21:53:33 GMT
age: 38968
etag: "ec1102be8a026e6d3bda038330d0bb40efae697b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 7571f483-0d57-4f3f-9d86-2f18175cc0b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRP5DG2BoAMFrdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d2d06-400180d700df598366b8b16f;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 04:54:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8LzPrLvhUnXntYPNCg_QN2LFUvQ-4FL4SMyYBxPOwlGd1sgL3j-Znw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 11:37:45 GMT
age: 75916
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F437d5c4a-94b1-4feb-9989-5ea3ef2aa4c9.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F437d5c4a-94b1-4feb-9989-5ea3ef2aa4c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c2a125c5670902105c5f8556784463f8
e4c0522a7421069d8359783b091d5ed13ef9e694
8a5ead1ec1bb888e9430d400b308f36db529e1a0e803bc40fc8e8fce9ec54c07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F437d5c4a-94b1-4feb-9989-5ea3ef2aa4c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8284
x-amzn-requestid: 458151bd-9fa0-481f-afc7-3805cd5166e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkCpdEfpoAMFxyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424b16f-65e700b2663e86ab66e110d3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:45:19 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: Q0SosYTPgh8SFwIgntZOCtFc1eRSEtxWo4cqziMVh5K5AxK-hbchhA==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 22:42:31 GMT
etag: "e4c0522a7421069d8359783b091d5ed13ef9e694"
content-type: image/jpeg
age: 36030
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.consultant.ru/.well-known/ddos-guard/mark/
194.105.131.45200 OK 0 B URL HTTP/1.1 www.consultant.ru/.well-known/ddos-guard/mark/
IP 194.105.131.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /.well-known/ddos-guard/mark/ HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 41265
Origin: http://www.consultant.ru
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib; __ddg2_=xFt4cFWfJY6v5Miw
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Thu, 30 Mar 2023 08:43:02 GMT
Content-Length: 0
www.consultant.ru/.well-known/ddos-guard/captcha_js
194.105.131.45200 Ok 4.5 kB URL HTTP/1.1 www.consultant.ru/.well-known/ddos-guard/captcha_js
IP 194.105.131.45:0
File type ASCII text, with very long lines (4491), with no line terminators
Hash dda7abdcae8d47301dcdfa0e7c99c112
e2624247ab03de5e020a865ce07ad70399e48b63
b5ecb1e11d0996a35f5ed4ae3b5edae2aacac2ee1c490dcdfa40acb5076102f9
NIDS Severity Alert suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /.well-known/ddos-guard/captcha_js HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib; __ddg2_=xFt4cFWfJY6v5Miw; __ddg3=KSOXD13CFspinbOR
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 Ok
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:05 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Content-Type: application/javascript
Expires: Thu, 30 Mar 2023 09:43:05 GMT
Content-Length: 4491
www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
194.105.131.45403 Forbidden 32 kB URL HTTP/1.1 www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
IP 194.105.131.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32228), with no line terminators
Hash 6e7922a2a528b006e548c8525e163ac6
479678969a0abef3d626c537769bddf21062e68b
922c0aa16d68d8c1e8359e09e8536797662b0f96f0a6a2d1c54ef1ee633d94b5
GET /document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/ HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib; __ddg2_=xFt4cFWfJY6v5Miw
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:05 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Set-Cookie: __ddg3=KSOXD13CFspinbOR; Domain=.consultant.ru; Path=/; Expires=Fri, 31-Mar-2023 08:43:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 32314
www.consultant.ru/.well-known/ddos-guard/check?context=captcha
194.105.131.45200 Ok 94 kB URL HTTP/1.1 www.consultant.ru/.well-known/ddos-guard/check?context=captcha
IP 194.105.131.45:0
File type C source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash dec86fb322dae369c57a4cc12ef8e25d
aaeabb2acd99b2012658bf6d617e9d8eac10b225
338f411421879738925be253ad0743a61825d94581dc5c9c347b42e4f6782f72
NIDS Severity Alert suricata medium ET HUNTING DDoS-Guard Hosted Content
GET /.well-known/ddos-guard/check?context=captcha HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib; __ddg2_=xFt4cFWfJY6v5Miw; __ddg3=KSOXD13CFspinbOR
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 Ok
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:05 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Content-Type: application/javascript
Expires: Thu, 30 Mar 2023 09:43:05 GMT
Content-Length: 93685
www.consultant.ru/favicon.ico
194.105.131.45403 Forbidden 32 kB URL HTTP/1.1 www.consultant.ru/favicon.ico
IP 194.105.131.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32228), with no line terminators
Hash 6e7922a2a528b006e548c8525e163ac6
479678969a0abef3d626c537769bddf21062e68b
922c0aa16d68d8c1e8359e09e8536797662b0f96f0a6a2d1c54ef1ee633d94b5
GET /favicon.ico HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib; __ddg2_=xFt4cFWfJY6v5Miw; __ddg3=KSOXD13CFspinbOR
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: ddos-guard
Date: Thu, 30 Mar 2023 08:43:05 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 32314
www.consultant.ru/.well-known/ddos-guard/mark/
194.105.131.45200 OK 0 B URL HTTP/1.1 www.consultant.ru/.well-known/ddos-guard/mark/
IP 194.105.131.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /.well-known/ddos-guard/mark/ HTTP/1.1
Host: www.consultant.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: text/plain;charset=UTF-8
Content-Length: 41261
Origin: http://www.consultant.ru
Connection: keep-alive
Referer: http://www.consultant.ru/document/cons_doc_LAW_34661/d4344568bd586d541d39273855ba64ba9d18e84a/
Cookie: __ddg1_=y1YCNqTS41vowUJhE9RR; CID=wmmDLGQlS5QfnddPsYimAg==; __ddgid_=IAwTwdQBpJsmxxvT; __ddgmark_=uCItsqS6HPK7pawx; __ddg5_=bgHL8VNne6NPt9ib; __ddg2_=xFt4cFWfJY6v5Miw; __ddg3=KSOXD13CFspinbOR
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: ddos-guard
Connection: keep-alive
Keep-Alive: timeout=60
Date: Thu, 30 Mar 2023 08:43:05 GMT
Content-Length: 0
hcaptcha.com/1/api.js
104.16.168.131200 OK 90 kB IP 104.16.168.131:0
File type Unicode text, UTF-8 text, with very long lines (57362)
Hash 9a3be04218c6965d2e9593e89c47a09d
3642b3db00e1ae478654c2b8421ef8c882a0368b
212adc58fd37ef1d471afb8480bc1da5ae29c2b853a3859183193d54c1e1ae07
GET /1/api.js HTTP/1.1
Host: hcaptcha.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.consultant.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 30 Mar 2023 08:43:05 GMT
content-type: application/javascript
cf-ray: 7aff101f6982b4fd-OSL
age: 0
cache-control: max-age=120
etag: W/"90c515c65a034bb89813b1b9e7324e17"
last-modified: Wed, 29 Mar 2023 19:29:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 acf2dd107c5d6d9bebe3457b4f66431e.cloudfront.net (CloudFront)
cf-cache-status: HIT
cross-origin-resource-policy: cross-origin
x-amz-cf-id: QwuUQdd8EB285Jp4A7cTO7jp-5Ll3hs_aWX7J0tBZYTUaq0LDGyiRA==
x-amz-cf-pop: CPH50-P1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2