money-easiltmb.buzz/dashboard.php
172.67.187.115302 Found 0 B URL HTTP/1.1 money-easiltmb.buzz/dashboard.php
IP 172.67.187.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /dashboard.php HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: loclang=en; expires=Mon, 03-Apr-2023 19:32:25 GMT; Max-Age=259200; path=/
Location: ./login.php
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qTCc8YBkf83i8cx5UJBdNuLTLPPqNy7vzxYQZunmsOD3jpjqhJ4BhUGoWLf3SL4NU6FoTvAaiVSeehknGVc0RGHD11cFTwWukKvizs2rdVqhv6%2FvDDbwlg35Zd0z4rs4h7qfBnxc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04a9c8fdb512-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12678
Expires: Fri, 31 Mar 2023 23:03:43 GMT
Date: Fri, 31 Mar 2023 19:32:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7743
Expires: Fri, 31 Mar 2023 21:41:28 GMT
Date: Fri, 31 Mar 2023 19:32:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6394
Expires: Fri, 31 Mar 2023 21:18:59 GMT
Date: Fri, 31 Mar 2023 19:32:25 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 19:16:12 GMT
content-type: application/json
age: 973
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: kjvoxTXu4LOP8KQW7z8zB0DVvSo1hF/5C3+i+IkWyPyxMtpgxJucoSJ2y6CEIIb7a+HSwWuoJII=
x-amz-request-id: FBD8M07Y38TM5J3J
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 19:03:27 GMT
age: 1738
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
money-easiltmb.buzz/login.php
172.67.187.115200 OK 1.9 kB URL HTTP/1.1 money-easiltmb.buzz/login.php
IP 172.67.187.115:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash d509b48560da9a8361616b89fa808160
d2d76e48c5b289e9cc2983c713092d9ee11c6805
e5c4f4199f2a13bce4dec0ab04d99ee7a90a57c683dee3f991c882f1eced5f91
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /login.php HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: loclang=en
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaCtdNNcrYh7HYAa3m87lNz7sOWJUspq%2BU7N2%2FkqwqmaGvnBBH5Gh2eEFeqTgsH9SFi9NNcQ%2BHtnkMzXTfWmRZtutqgKJftBZiSjd7LAQeJ0iXJbd64pg8HwEG9qbiU2mkrRZLPj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04aadae8b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 19:32:25 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
money-easiltmb.buzz/assets/bootstrap.css
172.67.187.115200 OK 35 kB URL HTTP/1.1 money-easiltmb.buzz/assets/bootstrap.css
IP 172.67.187.115:0
File type Unicode text, UTF-8 text, with very long lines (560)
Hash d21011f840a632e4175dcee7d8291575
8e607a18d2f92182ee5cd706522e407793ca7a44
6aeeb234a827dcfbd2e4896568dea8e24164f0c0f7757bfd0e3ffa22aacd2a1a
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/bootstrap.css HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-33c9c"
Expires: Fri, 31 Mar 2023 21:06:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 37534
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NCp9brIItkTSRGx7YJTsort5Zhir2kIiXv6ydlRy18CNxvYSVlOJFuvs%2BzOdRIfHai8PnCI4zHJmkCwyY92pQqrUDNpqdmz8Ss39esGAFpcm3RPcFij6wIm%2BDO5Oezojcgojphr%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04abfcd0b512-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/fontawesome-all.min.css
172.67.187.115200 OK 22 kB URL HTTP/1.1 money-easiltmb.buzz/assets/fontawesome-all.min.css
IP 172.67.187.115:0
File type troff or preprocessor input, ASCII text
Hash 02d311189f338dee2d5f4df3d4b0b250
c597484479980138e2c3c242f131b53e3308654a
6b20cf8a99cea6710e9f6d1047c88a83b560e67367d79f8f8c4ad122592dbdae
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fontawesome-all.min.css HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1aa95"
Expires: Fri, 31 Mar 2023 21:06:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 37534
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXkyF3BCT4JCIPc6Aql3fjLEbl68bU1e1KrR58347S3niiirLW1LNMjiWfaTxm0ttllOp%2Ba3S4imVH9rhzCmA1oF5PeLHUXcaRuOK1tXg%2FpSrSSSqdpLocVfaMULTiXa89i0%2Fd8e"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04abfbfeb517-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/all.min.css
172.67.187.115200 OK 25 kB URL HTTP/1.1 money-easiltmb.buzz/assets/all.min.css
IP 172.67.187.115:0
File type troff or preprocessor input, ASCII text
Hash e5dbfb6e80fb1348e8c38b3f010b1e80
bb34657cddac13147e2e0cff6acb550dd230e0a5
16b969791f5dcf2b1a9551cc002bf83ddbc5b18b12eed1673e16a785b5d0b69e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/all.min.css HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1e1f7"
Expires: Fri, 31 Mar 2023 21:06:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 37534
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJUD83sfBT70i0LSCF4g0YVeYYj4Zv4ksTLGct7U59xUbvX40pe3u5s7IDxmTq%2BxmXaPnzQWYB0Bf91wpYPdUk%2F2o9808%2FBA3d5gYngrg%2FHSgkmMHSPt%2FCZcwCN262jNhMV%2BI0Eb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04abfb40b511-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/jquery.min.js
172.67.187.115200 OK 35 kB URL HTTP/1.1 money-easiltmb.buzz/assets/jquery.min.js
IP 172.67.187.115:0
File type ASCII text, with very long lines (65447)
Hash 581d5dbdcf26ba2614721e41b238c2c7
bfde8b5e1d2a57ceafcaf76fc5088a48f2964745
cb0ae46753c8b5f437bb72dc01417690f0b520bbabecc486d06bd421d552d3d0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/jquery.min.js HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-15d9d"
Expires: Fri, 31 Mar 2023 21:06:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 37534
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BfYvLAnZ1cRj5ohrgDpGIDm5ZEkppWnwUPh2jibemzHDfoiIz7vaikbcFqy9Afgl9Xc%2FX4Y5qMOuAEELsPYNXackKz2DwHS%2FdBNmGOj6Cwuql64hQyBcJiRl0hzPkV8jUJbryj5Y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04ac1c35b517-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/style-r.css
172.67.187.115200 OK 26 kB URL HTTP/1.1 money-easiltmb.buzz/assets/style-r.css
IP 172.67.187.115:0
Hash f57721e95dc26dcd2eb2de5f9c73aa75
9d47364db6aba1f71e8b6355a741cdfb070088b9
38655785efbfa9847e6adaa569cf126e45d2131ace4ac5705bcd4867ed9068c1
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/style-r.css HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-21131"
Expires: Fri, 31 Mar 2023 21:06:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 37534
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UsMhV6ybbN0i0pWp7dr2QpjJpdbZ33QHIcQKhPN7LyhYE6oLqKaiiW5r0q9ohxtvgUyUFZ0ZdHu%2B8V10tWmRNzBVQp3IDNNydabHtFP2qNf3rAq9%2FkZtgX6HFEN8EwidYnGg9kgM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04abff1ab509-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/bootstrap.min.js
172.67.187.115200 OK 48 kB URL HTTP/1.1 money-easiltmb.buzz/assets/bootstrap.min.js
IP 172.67.187.115:0
File type ASCII text, with very long lines (46533)
Hash 509aef83f28365434613ecd63a6d8bf8
0b6d576487e3912a1d5f41ba36d832f99c7edc5c
74ef027f0a04e52420c18a214a7f3682a47786d50c1d5e0593789e477f1e6416
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/bootstrap.min.js HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-2341c"
Expires: Fri, 31 Mar 2023 21:06:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 37534
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fy6dEUqZFhNx%2BhyUj5m14D446jmhJ%2BVwtd6KHOIj0J4lSe%2FU2Y0F8wmq%2B9%2BzXBQcmSQ7wye%2Fvt1OiMqL1xfYxZVbIhjrBYl%2FiU9ar4so9utytilBymZHwoM0Ru9TVLnKvFkI3pmO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04ac2b90b511-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/custom.js?
172.67.187.115200 OK 18 kB URL HTTP/1.1 money-easiltmb.buzz/assets/custom.js?
IP 172.67.187.115:0
File type Unicode text, UTF-8 text, with very long lines (365)
Hash 9264afc86c318cad8c13400c5c5ced3a
feb2028c8c366af31c7609d319d89b1e1253194f
e26341f207096243204690efc4a72bbec140fdbc33733654cb8523822b41da26
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/custom.js? HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 02:19:05 GMT
Vary: Accept-Encoding
ETag: W/"632d1799-1568f"
Expires: Fri, 31 Mar 2023 21:06:51 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 37534
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qh%2FfzfjGwlAT2hjKXjGnDFFOVbRz93sTdjsu3z%2Fg%2B2vUS81JTbsefxfRTYkOHk6NVivLFEL8kpkpb9%2BuGwuukw9ug358bB53cfTDeNtbec8H6n7w6b7%2BRGwzZvY7UQGppOYGJGzW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04ac2c5fb517-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/sweetalert2.min.js
172.67.187.115200 OK 13 kB URL HTTP/1.1 money-easiltmb.buzz/assets/sweetalert2.min.js
IP 172.67.187.115:0
File type Unicode text, UTF-8 text, with very long lines (37599), with no line terminators
Hash 57818ed08c2a7da6d52e46e78f2e2e1c
88c636bfa3a201fec8fc3f18dbc472c9376a6a90
22036697dde58e72d2ade78ae9d18509c90c39f2a5a889adca1d39c39a6dbf6f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/sweetalert2.min.js HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-92e0"
Expires: Sat, 01 Apr 2023 07:32:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=of%2ButPp0gmvEevGzNr7sV8mjjtYLD6wYhvwjshRKE1RwOCY%2FtJMvips3nw2Er6BPb2%2FWoZe0t3VC7Xq2BKXdHsCVsgzLX9FfxZcuHkSobYgmeJaWkNEmuDypiswKAMDB8M%2BvOmog"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04ac0ceeb512-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/sweetalert2.min.css
172.67.187.115200 OK 5.1 kB URL HTTP/1.1 money-easiltmb.buzz/assets/sweetalert2.min.css
IP 172.67.187.115:0
File type ASCII text, with very long lines (27093), with no line terminators
Hash 9f590230d0450fc4bdd6c6293f9618e4
22416254ee00589116ee25ada147128de7eaa753
e4daec0f09a9064152f3fe4656da672be6806b2debe90c5bf9cff73f09582056
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/sweetalert2.min.css HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-69d5"
Expires: Sat, 01 Apr 2023 07:32:25 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jYLj11tLdueQGKUnuH1O50SSKD1xnqmHPUD11ggHKckXfotibMuJuXdaZS6JTI6Jd8aTcuaxWGgVlOa%2BgS2j0AZSuD7ylf9tpibEDLxoOKgyrAbkg5hOfKF2EFgdCqAFW20TAsve"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04abf90efabc-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e2d5e4593c830bd9a297e9d820fce16b
a48bacab5839fbc2a379e0e1f8703da462f3c31d
c273a26e5fb94b4aa7c494bd09daf02419f99307f90de3891951535ae93e8028
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
money-easiltmb.buzz/assets/css2
172.67.187.115200 OK 20 kB URL HTTP/1.1 money-easiltmb.buzz/assets/css2
IP 172.67.187.115:0
Hash 94f2ef6bfc6b53a314cd20b71ba23b1c
25ddcdcdc2f51e6f985aa11fbb3873187e2c2946
b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/css2 HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: application/octet-stream
Content-Length: 20214
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-4ef6"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uohur8Y4wUbZHdzBi%2BxRToIQffz1f8aKs5XlK2rXui4Px3Tnro3cd5SyaIbWOA%2BOZvy3kObZg8pUKUUskGRQwsrH5DwNCzOlcUvkSzFn1xS8NxZEfFXGI%2FxlLlfBGfj0cw2kqByf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b0b04abfbfbb517-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e2d5e4593c830bd9a297e9d820fce16b
a48bacab5839fbc2a379e0e1f8703da462f3c31d
c273a26e5fb94b4aa7c494bd09daf02419f99307f90de3891951535ae93e8028
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
money-easiltmb.buzz/assets/logo-light.svg
172.67.187.115200 OK 20 kB URL HTTP/1.1 money-easiltmb.buzz/assets/logo-light.svg
IP 172.67.187.115:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text
Hash b702ea6d1e64d02640da350f1be013d3
d56759285f2dc057e45f03ac62e900658345ab8b
4c1fd3f0c4f7acfdcf696c7d1e45645c35341a3d3eab9abdebacbe07735cc5a0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/logo-light.svg HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: W/"632acf41-673e"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tvnheXnJCuz9mFMrAJjiclEmUHbBcNGTZzK9HaCofNP0%2BKpso3IurDGRUQB5%2BKCWMG3ROyk7dvCmzEJ8uY745PBlrP6CSrWohdHsW1m9zqXDQSoojiomM3YvV1cVFq2ElXfJGcPt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0b04ad1d5fb511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5ac54bb3628890e12111d64757053dac
882c767217269bad8ce48c525f3fc09b0b463524
c1ad6c172550ea4fe7b49ec5f913099a74b95f887cb31bfde78e4895b016bc01
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
216.58.207.227200 OK 38 kB URL HTTP/2 fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 37924, version 1.0\012- data
Hash e08be6d5d433944f7ad52902e4d24db5
e2600c1d60d12d397b3ee44411a021231d71e974
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
GET /s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://money-easiltmb.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:32:11 GMT
expires: Wed, 27 Mar 2024 10:32:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
content-type: font/woff2
age: 291614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5ac54bb3628890e12111d64757053dac
882c767217269bad8ce48c525f3fc09b0b463524
c1ad6c172550ea4fe7b49ec5f913099a74b95f887cb31bfde78e4895b016bc01
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 19:32:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
money-easiltmb.buzz/assets/fonts/fa-regular-400.woff2
172.67.187.115200 OK 24 kB URL HTTP/1.1 money-easiltmb.buzz/assets/fonts/fa-regular-400.woff2
IP 172.67.187.115:0
File type Web Open Font Format (Version 2), TrueType, length 23940, version 769.768\012- data
Hash e8a1ba418ee6d897d1339ef22e6d8e60
379ca48f70f3d4f79f8bf1079881c7c5af4f44a4
6a274e7629c0d71dcf8cab1e7733687ebfe32e2c53b4ca9fad050b4f1d5471f3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fonts/fa-regular-400.woff2 HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://money-easiltmb.buzz/assets/all.min.css
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:25 GMT
Content-Type: font/woff2
Content-Length: 23940
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-5d84"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6UPv%2BUeQj8S9BiGzIBhdUd3zdtfXhMnuhwpjfluTv1Ox0p88Q9DnwD7Y5KhuSEXVGxzhUrdbmKvJZkQd3nxwlvcvaPhmEWumWIqLru2gX6fZv2Bd1FZAtRS84ryDrLtKQ2AoX4d"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0b04adaa5ab509-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Expires, Cache-Control, Content-Length, Retry-After, Last-Modified, Pragma, ETag, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 19:14:39 GMT
age: 1066
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
money-easiltmb.buzz/assets/fonts/fa-solid-900.woff2
172.67.187.115200 OK 154 kB URL HTTP/1.1 money-easiltmb.buzz/assets/fonts/fa-solid-900.woff2
IP 172.67.187.115:0
File type Web Open Font Format (Version 2), TrueType, length 154228, version 769.768\012- data
Size 154 kB (154228 bytes)
Hash 55b416a8df21f9f987aa352f10d1343b
2717f3f58271f2f2e6120d9937c7227002656d34
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fonts/fa-solid-900.woff2 HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://money-easiltmb.buzz/assets/all.min.css
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:26 GMT
Content-Type: font/woff2
Content-Length: 154228
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-25a74"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0zsjNMIbWeBtNHSeXM2BBBQoPqbwjBg0TF9FS78u5MxF87QRkz6Z6bvlgwguwUKFFAJFhimDc3aFLp%2B7TaFFt1iCTGBCbuDXuQVjM%2FYI7cvQF1e1Wv7C7Tvr0j0SxHwbBdOpwAE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0b04ad8f94b517-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/icon-512x512.png
172.67.187.115200 OK 24 kB URL HTTP/1.1 money-easiltmb.buzz/assets/icon-512x512.png
IP 172.67.187.115:0
File type PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced\012- data
Hash 1328ca357f48d233b15c3934ec76863a
41d4cd19d3047ef92e9c39cd87cfbc377150f204
f9414ce7996af3db2da170547bc98cf030d8cf9530b970a05088f3e3709318f8
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/icon-512x512.png HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:26 GMT
Content-Type: image/png
Content-Length: 24432
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-5f70"
Expires: Tue, 25 Apr 2023 13:29:12 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: HIT
Age: 453794
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3e9w9Trokzdzr8d%2F0hWM8I%2FhwsBmTymj9ZuYecehIxCmTB%2BkUyj3Hxp3s%2BUN7qPKFDqyZU0E8223R503YUNuiaPWeukvP1MYv4KS%2FQOLP13fYZu1Q6KuELaiIKzMGUMGzuIOJEOH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0b04af1a3db517-OSL
alt-svc: h2=":443"; ma=60
money-easiltmb.buzz/assets/favicon.ico
172.67.187.115200 OK 2.1 kB URL HTTP/1.1 money-easiltmb.buzz/assets/favicon.ico
IP 172.67.187.115:0
File type MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data
Hash 94a425202351ffed86ba3ce74b400f3f
6f252a965dc311636496ebfee97deb77559289d8
9499d770110f9762dcab77728714493571be626ac44c27a8899d74604ba99879
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/favicon.ico HTTP/1.1
Host: money-easiltmb.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easiltmb.buzz/login.php
Cookie: loclang=en
HTTP/1.1 200 OK
Date: Fri, 31 Mar 2023 19:32:26 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: W/"632acf41-25be"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KjQAcH0vL%2FlQoCvpjyUe8Rnal1tkMsbu0XC7qBV7bvUvfoyKlrGyW%2B8kxbkTlGs44sewtBSs05E6Ob9qJKEFCubX3begcJkfti6o8qBmTUgH0Cj%2FyPTxTKpX8T98uioi9w5zcnMm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b0b04af1884b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 782ca4845ea5e0ec981e33231b1e61cb
032116b75e124c57877524e9e4f523b6d7c65820
94d007862fc7a4cd67f582ff22f2339619177435559c1dd5075a08c7240f3520
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94D007862FC7A4CD67F582FF22F2339619177435559C1DD5075A08C7240F3520"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8446
Expires: Fri, 31 Mar 2023 21:53:12 GMT
Date: Fri, 31 Mar 2023 19:32:26 GMT
Connection: keep-alive
push.services.mozilla.com/
35.167.192.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.167.192.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j1ZMiCBe10kIRPE8g8DU/w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ke6hDS/fB5yBznzsfeJmYecTYhA=
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221680291114009%22
35.241.9.150200 OK 22 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221680291114009%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (22067), with no line terminators
Hash e7d69864b22d11215cc8be72296ba6eb
808adf14a615ac3506bf590a0e92fc6727c2cd8e
365663f7aa31a92f4be596222c57edd9c08ea64690565354e391f06c3193c86f
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221680291114009%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Length, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 22067
via: 1.1 google
date: Fri, 31 Mar 2023 19:31:56 GMT
last-modified: Fri, 31 Mar 2023 19:31:54 GMT
content-type: application/json
age: 30
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6363
Expires: Fri, 31 Mar 2023 21:18:30 GMT
Date: Fri, 31 Mar 2023 19:32:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6363
Expires: Fri, 31 Mar 2023 21:18:30 GMT
Date: Fri, 31 Mar 2023 19:32:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6363
Expires: Fri, 31 Mar 2023 21:18:30 GMT
Date: Fri, 31 Mar 2023 19:32:27 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a2b8f737604b7983cf686c82599dc73
aa63be93c4cd641f09ce0d5144ef60aab21caed1
78835586bfd170fee7e6f70b2b426ed186f5aeae969459c6dcbf527ba9c0deec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccede828-1c24-4287-bb00-f793263370cf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6380
x-amzn-requestid: 0a129a69-0720-47a0-8b0e-b3200de24204
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUn6E19IAMF9SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260165-564474a42e79d1dc4eb9558f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: L6tgzFrj9t69Rnfd9bziAPiROAX0tvcj9Kcg8sXkto8qRFeKqiwkpg==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:17:06 GMT
age: 76521
etag: "aa63be93c4cd641f09ce0d5144ef60aab21caed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8600e41520408df4865627256a0a0736
dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef
9163d80d7b6087b804e6682a50d4f66339d339894cf1c5808f2e5c2e0b3de930
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2cbd721e-872e-4eec-8eb5-363663d0ab36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5806
x-amzn-requestid: cee5b166-592b-405e-b5f1-e36eb249ec59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllFFooAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-01840fa47177285667bca060;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: WnrfQr57EWYnXt1xJt9tr5XCuM3gPYULlDdEVpv2Q2kz7MDIPxSPKA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:50 GMT
age: 78277
etag: "dffeaf1a8f73ae9f6247b9dc7f05301fefc00aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 41f0baa1423dbd529f6c47bd51fe708f
f09b44f30b63f5e29dd247f592147ffc6b308e72
313b769259453565919ab14410faea927a23ad75636abc57851dfe67d43ea156
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4de055bc-1569-4c9a-9ff5-b5ce7d869905.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4370
x-amzn-requestid: 5791c184-d5eb-4666-bc94-f838cd0183af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUllHrcIAMFSWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-15fb3d2f67359d6837df5d0d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: SutOql3FzsHZoFN5TXMJZ1NZzBplZK1w0zNIzAN1rUQ2cKeSrCiA6w==
via: 1.1 99db15345b0e5e7ad9c267ae999b8cf4.cloudfront.net (CloudFront), 1.1 44cd593d82a2d200a94217033c614c6a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:50 GMT
age: 78277
etag: "f09b44f30b63f5e29dd247f592147ffc6b308e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 424b55535e5fd622b2fc96aac1246324
cf7cf08aa8969a86bf03695af2129686fd62fe86
c4bb26a7b2c431282b53b4df9999b9cc8e61369a79c606688a76499b31a65127
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b95f765-7590-4263-b0a3-4db9c87a60df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10271
x-amzn-requestid: db0d1fe4-060a-4e61-90f3-ec9befee1295
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CkBoXGh5oAMFfzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6424afce-2e9251552b4acdcb19e02dfc;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Wed, 29 Mar 2023 21:38:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 1cXec9_e-KpzyTwiHaNAaf0y5i12tw7BkZTXnduS5ek7yAAZ0LXTWw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:48:08 GMT
age: 78259
etag: "cf7cf08aa8969a86bf03695af2129686fd62fe86"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39bdd16276747b1445a79e674a2a3347
d0676f63738484298a78b7abf7e4934c3d256065
67aa526299060c2a39c4baa10fd03f121497dccd5e765676639ed73ac529c34b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6350b4c-fa14-49e1-a21b-44b6f311dbdc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11061
x-amzn-requestid: 428128ec-c441-4ff7-9c84-880a01672b00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnVFnFf0IAMFTvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260223-185c48300f161931310fa35f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:41:55 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: gc77o7y-moH1HuMEZFe9-00DVAda9baa-5VEPlMA4SIZDJNzQ8jUlA==
via: 1.1 a87682502db4b394cc6ba84510da9f98.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 21:47:50 GMT
etag: "d0676f63738484298a78b7abf7e4934c3d256065"
content-type: image/jpeg
age: 78277
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0530376e431b6563796e4abb0db0bc4e
6921f4bd83a806e1ea8247854ad4c045fa7ee298
d6371c81d5494d5e50fd5cc1cfe1ce28213dfa70ea5a94df82c9f4b3e6430a53
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba3e3682-3d0e-4ac1-8330-9ea9ebe92041.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10490
x-amzn-requestid: 0525e5c4-485e-47eb-ab95-1136e4d5c29a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUnTEztoAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260161-54b47454475ff6ee4d880534;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: jl5cQc_Zqq5xNDMcs5jRHb3HBIjuucl-JHF126hInXrOfv_CG-UqSg==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Thu, 30 Mar 2023 22:18:02 GMT
age: 76465
etag: "6921f4bd83a806e1ea8247854ad4c045fa7ee298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
IP 142.250.74.106:0
GET /css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://money-easiltmb.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 19:32:25 GMT
date: Fri, 31 Mar 2023 19:32:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2