39 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7450)
Hash 6f59e89a84784982b69664f2135209c0
f3bd49f5b1fe484bd1f25a5aac57dd00c46d3b0b
ce4d0c587a43d32c0151fa2f529497cc93006fc2d8075e68bffcba000f9803b6
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET / HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 38735
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Content-Language: ru
X-Frame-Options: SAMEORIGIN
Permissions-Policy: interest-cohort=()
X-Generator: Drupal 7 (https://www.drupal.org)
Link: <http://hannums.wikaba.com/>; rel="canonical",<http://hannums.wikaba.com/>; rel="shortlink"
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/modules/system/system.base.css?rwurij
200 OK 1.9 kB URL GET HTTP/1.1 hannums.wikaba.com/modules/system/system.base.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 110caa93c3fff11bfabfe651d0135248
58a68879ef48726396ba84d3aafae3034f53a58f
bf6028e15a460586c16adb0210d268374501f60ecf36f11e554e2ffd089c636b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /modules/system/system.base.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 1883
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "1534-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
netdna.bootstrapcdn.com/font-awesome/4.0.1/css/font-awesome.min.css?the-file-wont-load-without-a-parameter&rwurij
200 OK 4.4 kB URL GET HTTP/1.1 netdna.bootstrapcdn.com/font-awesome/4.0.1/css/font-awesome.min.css?the-file-wont-load-without-a-parameter&rwurij
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (648)
Hash 53fe1b7ccc4ed89cfc942c504840a64c
72ecf0a8e57c7a8506d3bf0e03c153fa970484a6
e257f06dc6e7f1627fc283c6f1ec1c326872e7037fa39f0f7b67e429cfe43c34
GET /font-awesome/4.0.1/css/font-awesome.min.css?the-file-wont-load-without-a-parameter&rwurij HTTP/1.1
Host: netdna.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: DE
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31919000
Content-Encoding: gzip
ETag: W/"53fe1b7ccc4ed89cfc942c504840a64c"
Last-Modified: Mon, 25 Jan 2021 22:04:53 GMT
CDN-CachedAt: 10/12/2023 22:20:08
CDN-ProxyVer: 1.04
CDN-RequestPullCode: 200
CDN-RequestPullSuccess: True
CDN-EdgeStorageId: 1079
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
CDN-Status: 200
CDN-RequestId: 60344b06d914af52abffd7bef66671cd
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 797875
Server: cloudflare
CF-RAY: 82ed1bd31bc356b4-OSL
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=Open+Sans+Condensed:300,300italic,700&subset=latin,cyrillic-ext,latin-ext,cyrillic&rwurij
200 OK 720 B URL GET HTTP/1.1 fonts.googleapis.com/css?family=Open+Sans+Condensed:300,300italic,700&subset=latin,cyrillic-ext,latin-ext,cyrillic&rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 11cbce2825245b64d0d3a03ad61807cb
3799c0d1f4043b1fe2393b6341ee8d38cf0d9298
b1de1a0401b47cf30e7a0f0e2fbd2dc1fe3964e1f8ba2cabde0d9f1842034a9a
GET /css?family=Open+Sans+Condensed:300,300italic,700&subset=latin,cyrillic-ext,latin-ext,cyrillic&rwurij HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 01 Dec 2023 17:39:17 GMT
Date: Fri, 01 Dec 2023 17:39:17 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
www.googletagmanager.com/gtag/js?id=UA-72746484-2
200 OK 69 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-72746484-2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 3ac9ec0087cdca4081b067d3897610e9
33974b9c742869d21fa6ed68363a54b4c1b19c38
df5ea2b2ddceac9b12bfb1140221799577fc8402b8b02208e8b4239fa037491b
GET /gtag/js?id=UA-72746484-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 17:39:17 GMT
expires: Fri, 01 Dec 2023 17:39:17 GMT
cache-control: private, max-age=900
last-modified: Fri, 01 Dec 2023 17:18:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69033
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hannums.wikaba.com/sites/all/modules/dc_ajax_add_cart/css/dc_ajax_add_cart.css?rwurij
200 OK 579 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/dc_ajax_add_cart/css/dc_ajax_add_cart.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 8885a49ed44af0363c52fb32015fc6cb
605a2a0d9634f85ebc4233598ebde07b49b3bcf3
8ca5b9fabdbd113d4e8a50dfa70ec5291ae7bdc159b519a15526edb4f9ebd812
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/dc_ajax_add_cart/css/dc_ajax_add_cart.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 579
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 12:29:48 GMT
ETag: "62e-58097f2f34700-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/geofield_ymap/geofield_ymap.css?rwurij
200 OK 54 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/geofield_ymap/geofield_ymap.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 78574518b69e36167aff22867cefcd21
eca2d84e0fc00987ca924e4cbd77065e63547619
e1305464692f828cb140c3e87ccda1bc3dd56b2fb1faa4f0f1aca8227c9b8d11
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/geofield_ymap/geofield_ymap.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 54
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 26 Nov 2019 10:04:05 GMT
ETag: "36-5983d000f8f40"
Accept-Ranges: bytes
hannums.wikaba.com/modules/node/node.css?rwurij
200 OK 109 B URL GET HTTP/1.1 hannums.wikaba.com/modules/node/node.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 21d9d9df449caf1c50a6b24a7d37c8a6
8d406985562b474368905936421000d3b439f78c
4569fbfef2a73b2369d1e070a2ce3511f5a8c6a22a7cd6d61baf4982e75a21ee
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /modules/node/node.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 109
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "90-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/youtube/css/youtube.css?rwurij
200 OK 255 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/youtube/css/youtube.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 2699eb1df179998727e76df65b4a0ac1
1211d761db953afa4d332cdabdbadda0d31d6b96
5d6c6db892cbcd7fdadaa1a92835cab6e3b7f7af4d1a778537872bbbf62e6e90
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/youtube/css/youtube.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 255
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 05 Jun 2016 21:00:00 GMT
ETag: "17c-5348e3d2e5400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/ckeditor/css/ckeditor.css?rwurij
200 OK 186 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/ckeditor/css/ckeditor.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash ea5336b4064e6edb916b3da3c8f8a0be
5eccedafe3ac771abc9a3afa18a8c8448f727203
f2470640af17a4eb9988eed14e1110ae897fc6314340d0df1bf050d2c8d38ea6
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/ckeditor/css/ckeditor.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 186
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Apr 2018 11:21:00 GMT
ETag: "1af-56a823b7e9f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/views/css/views.css?rwurij
200 OK 309 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/views/css/views.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash da002e99593b2cd3c57c06da331b21cf
7068405066ceda68c1d27147f488d1917f5e8ba3
0dd53ceca07de8b1b2c16d9fee7a1d33dc90bc462a24abd38b2b9da7b8d27bc2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/views/css/views.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 309
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Apr 2018 11:21:00 GMT
ETag: "2c3-56a823b7e9f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.js
200 OK 88 kB URL GET HTTP/1.1 ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.js
IP
Requested by http://hannums.wikaba.com/
Hash fb2d334dabf4902825df4fe6c2298b4b
433836da7e015f2eb3fc386817de88b78248f6ef
430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575
GET /ajax/libs/jquery/1.12.4/jquery.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 87669
Date: Fri, 01 Dec 2023 17:39:17 GMT
Expires: Sat, 30 Nov 2024 17:39:17 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
hannums.wikaba.com/sites/all/modules/ctools/css/ctools.css?rwurij
200 OK 248 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/ctools/css/ctools.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 0c78b9b65520315a2fb697db36bb453e
f7091f860f3a762111a3bbde535d63cfcebe46e0
c1247c6c6e2fa2a3b02f04886deac34f46ccef66483b1c64c1347e6b95e158b9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/ctools/css/ctools.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 248
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 28 Feb 2019 16:11:08 GMT
ETag: "1fd-582f689bd3f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/libraries/slick/slick/slick-theme.css?rwurij
200 OK 866 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/slick/slick/slick-theme.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash f9faba678c4d6dcfdde69e5b11b37a2e
81a434f94f2b1124f3232bb86f2944f82fb23ac0
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/slick/slick/slick-theme.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 866
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Oct 2017 07:49:28 GMT
ETag: "c49-55a9fbb0c5200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/slick/css/theme/slick.theme.css?rwurij
200 OK 3.0 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/slick/css/theme/slick.theme.css?rwurij
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (339)
Hash f520d9382287729fe1688cefda9bf65f
32d821c1ca2193a3c09bc450feaee07779eb16ce
afef1bc6d173b9a9f52ace30ef5275c019118975d06ec4fdaceb002f670cbf4b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/slick/css/theme/slick.theme.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 3025
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 22 Dec 2018 06:56:56 GMT
ETag: "288e-57d96de8e7e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/slick/css/theme/slick.theme--default.css?rwurij
200 OK 60 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/slick/css/theme/slick.theme--default.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 87504ddf6433f29308a4c08766b2af65
4504c52314680fe6c99313f1801f26b565b9ec5b
75dd049118c93d9542b03d06231801f858b7e4d0939c1fcb4017aa8375fee6e5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/slick/css/theme/slick.theme--default.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 60
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 22 Dec 2018 06:56:56 GMT
ETag: "3c-57d96de8e7e00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/all/modules/colorbox/styles/plain/colorbox_style.css?rwurij
200 OK 1.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/colorbox/styles/plain/colorbox_style.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 6026f6f064261781c528ec3ce933aad5
c825a7b3e26867063a359e18b1c61bcf2bed2b0f
b9c28ceec078252f12cfc0fef63757ef845a887f67f9e0eae99c9d3929bd3b30
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/colorbox/styles/plain/colorbox_style.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 1100
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:54:54 GMT
ETag: "cd9-58083584bff80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/panels/css/panels.css?rwurij
200 OK 329 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/panels/css/panels.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash dda6c96ee93acee508dc8418346308bd
f2f71650365a9518ffe0171369a77c6c08193f78
b5e4bc2762d8432240f7e1d798f9cb4820968b53c1f01c9304b831af3966107a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/panels/css/panels.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 329
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:57:21 GMT
ETag: "312-58083610f0a40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
cdn.jsdelivr.net/npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.3.1/7.x-3.x/drupal-bootstrap.css
200 OK 3.9 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.3.1/7.x-3.x/drupal-bootstrap.css
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type assembler source, ASCII text
Hash 65aebbdd59a95891a5e35b2b7899ff5e
e9d1d1feeb606f182fb4c499f3efdf3e1e031b2b
f731970eb72f3cac5099223fb3d466f63ca972f47620d7b9486fe3a2dd43aa0d
GET /npm/@unicorn-fail/drupal-bootstrap-styles@0.0.2/dist/3.3.1/7.x-3.x/drupal-bootstrap.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 0.0.2
x-jsd-version-type: version
etag: W/"3fb4-6dHR/utgbxgvtMSZ8+/fPh4DGys"
content-encoding: br
accept-ranges: bytes
date: Fri, 01 Dec 2023 17:39:17 GMT
age: 15428563
x-served-by: cache-fra-eddf8230109-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3851
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.css
200 OK 24 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.css
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type ASCII text, with very long lines (386)
Hash 2dbb985a5bb6dd8ef0a7b21d290ea9ae
f8676e1f4a902a63088f45982f3f9b6a6c401b47
d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a
GET /npm/bootstrap@3.4.1/dist/css/bootstrap.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.4.1
x-jsd-version-type: version
etag: W/"23a0d-+GduH0qQKmMIj0WYLz+bamxAG0c"
content-encoding: br
accept-ranges: bytes
date: Fri, 01 Dec 2023 17:39:17 GMT
age: 10600929
x-served-by: cache-fra-eddf8230072-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23480
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js
200 OK 18 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/js/bootstrap.js
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Hash 894d79839facf38d9fd672bdbe57443d
11277f4e04cf070a350e566b053ef2215993720c
dbd2a35e72edc7d6bde483481a912f1c38aa57fab2747d9b071d317339ee03a2
GET /npm/bootstrap@3.4.1/dist/js/bootstrap.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.4.1
x-jsd-version-type: version
etag: W/"126dc-ESd/TgTPBwo1DlZrBT7yIVmTcgw"
content-encoding: br
accept-ranges: bytes
date: Fri, 01 Dec 2023 17:39:17 GMT
age: 5606926
x-served-by: cache-fra-eddf8230104-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17567
X-Firefox-Spdy: h2
hannums.wikaba.com/sites/all/modules/flag/theme/flag.css?rwurij
200 OK 439 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/flag/theme/flag.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash d4f3c56f9fd57bf5d3765a3a89843309
092de668a9741e529459182400f58314aee7eef6
0d7eac2ec47b9fa5ffea2a8f0df3c24236e70153b3b12e5507c19fd4aef18ec2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/flag/theme/flag.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 439
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 11:17:48 GMT
ETag: "330-58096f1754f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/fivestar/css/fivestar.css?rwurij
200 OK 604 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/fivestar/css/fivestar.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 116b59e0f9d17f92bdf8a61c55d473ae
821ccdf4526928af5944025474ceef77f441a7b0
7d78de523833913c8275691f8b0dd8337d4fc9ef2ec64548c71c69aab5722314
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/fivestar/css/fivestar.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 604
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 26 Jun 2017 04:43:30 GMT
ETag: "962-552d597b0a080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/fivestar/widgets/basic/basic.css?rwurij
200 OK 203 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/fivestar/widgets/basic/basic.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 58bb81053a9862b1ac28cc39d8f78171
2ce6d543a10a89c2a01de8c6293e2a0194df0941
e5b2d987428b6f2d243fb25a7d12a78d99658b7b54d02071f64ae943a342005c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/fivestar/widgets/basic/basic.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 203
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 26 Jun 2017 04:43:30 GMT
ETag: "2e0-552d597b0a080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/panels/plugins/layouts/twocol/twocol.css?rwurij
200 OK 212 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/panels/plugins/layouts/twocol/twocol.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 2e546ee93cc8321648bdf23abaabc5e4
91e4ec1df104a8fac2c28b11596d26a827ec6fa0
670bac2fd537f33576207f7d27481c502dc413518a17984dcf2d4ea99718add0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/panels/plugins/layouts/twocol/twocol.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 212
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:57:21 GMT
ETag: "229-58083610f0a40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/libraries/slick/slick/slick.css?rwurij
200 OK 569 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/slick/slick/slick.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash f38b2db10e01b1572732a3191d538707
a94a059b3178b4adec09e3281ace2819a30095a4
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/slick/slick/slick.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 569
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Oct 2017 07:49:28 GMT
ETag: "6f0-55a9fbb0c5200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/modules/field/theme/field.css?rwurij
200 OK 235 B URL GET HTTP/1.1 hannums.wikaba.com/modules/field/theme/field.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 3fd6bf194fe0784421357bd19f77c161
12ce76acebc9130fc7c25e9a14e6f2c7f38b0ad4
e3ad317a103b4271c6d00cb97957c0d8e0f5bfd6cdc74976d022dd526963ecdf
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /modules/field/theme/field.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 235
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "226-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/responsive_menus/styles/mlpm/css/jquery.multilevelpushmenu.css?rwurij
200 OK 672 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/responsive_menus/styles/mlpm/css/jquery.multilevelpushmenu.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 84f48b50804c4dc3203d355db1702271
e4d7ea25f35e531c5897ceba60d7f6e7b14fa0a6
eb9af98c5c1ea26d84d10242508ce694c87956eac6d90c09cf5f1df58627af08
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/responsive_menus/styles/mlpm/css/jquery.multilevelpushmenu.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 672
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:33:03 GMT
ETag: "8a8-580830a27b9c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/slick/css/theme/slick.theme--grid.css?rwurij
200 OK 963 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/slick/css/theme/slick.theme--grid.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 8952971a8e1a3b50898923b9b8671408
7898e3c97f547847e9dfbc83543d821576a57bb7
76e58828101c14b72f17e14b2b5f927be85ea390872db33c4f6c76c1c8d72486
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/slick/css/theme/slick.theme--grid.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 963
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 22 Dec 2018 06:56:56 GMT
ETag: "1ad7-57d96de8e7e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
200 OK 8.3 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 27ec803cdfd2bb0f9fe8de4c36a7fa96
1b457d23fc4e51ec3d2611ee3f9b1db172da34db
d3bd99d958c3ed547a3d4f4b9aeb6c691c93f65d8e837011932f2dc6df13e008
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/themes/ozbm/css/style.css?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: text/css
Content-Length: 8330
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 26 Jun 2023 10:51:01 GMT
ETag: "d655-5ff06205e3533-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/misc/jquery-extend-3.4.0.js?v=1.12.4
200 OK 1.3 kB URL GET HTTP/1.1 hannums.wikaba.com/misc/jquery-extend-3.4.0.js?v=1.12.4
IP
Requested by http://hannums.wikaba.com/
Hash 73cc1b4b47e9a54a3732cfc8d09bf2b0
9b94000f047efbf2c40e686432651303f2666375
c54103ba57ee210ca55c052e70415402707548a4e6a68dd6efb3895019bee392
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /misc/jquery-extend-3.4.0.js?v=1.12.4 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1330
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "d57-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/misc/jquery-html-prefilter-3.5.0-backport.js?v=1.12.4
200 OK 4.5 kB URL GET HTTP/1.1 hannums.wikaba.com/misc/jquery-html-prefilter-3.5.0-backport.js?v=1.12.4
IP
Requested by http://hannums.wikaba.com/
Hash 6e5efccdf748cc778bd48b9cd87f3782
91beb4ca03f00e8be63261fc2f4d13dc538ed70f
fad84efa145fb507e5df9b582fa01b1c4e6313de7f72ebdd55726d92fa4dbf06
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /misc/jquery-html-prefilter-3.5.0-backport.js?v=1.12.4 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 4480
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "3155-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/misc/jquery.once.js?v=1.2
200 OK 1.1 kB URL GET HTTP/1.1 hannums.wikaba.com/misc/jquery.once.js?v=1.2
IP
Requested by http://hannums.wikaba.com/
Hash cceebad9bbb56917e310d1a7369f267b
5866489ecb92b075184c24174d9a22edc295b19d
1430f42c0d760ba8e05bb3762480502e541f654fec5739ee40625ab22dc38c4f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /misc/jquery.once.js?v=1.2 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1066
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "b9e-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/misc/drupal.js?rwurij
200 OK 7.1 kB URL GET HTTP/1.1 hannums.wikaba.com/misc/drupal.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 2b587bb02819d09ab40485d88ca645c4
914380fc5158927571583763a00dcd2ce22a3d97
9a1bbcecc783930543e61805d08cfddaa643c1a6309d1b3a9e3216961b75dede
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /misc/drupal.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 7052
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "5083-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/libraries/easing/jquery.easing.min.js?rwurij
200 OK 819 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/easing/jquery.easing.min.js?rwurij
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (2538), with no line terminators
Hash f42c75cfb0e8076577230dff9ee1bb4f
263d7948d7d49b2c216ba2fe84346b3001bd76a1
9d521960c0eaa94f26f120b9b2693093a39d1abde6f73aaa4868eb14685a87d1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/easing/jquery.easing.min.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 819
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Nov 2016 21:00:00 GMT
ETag: "9ea-5415d3d507400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/jquery_update/replace/ui/external/jquery.cookie.js?v=67fb34f6a866c40d0570
200 OK 1.3 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/jquery_update/replace/ui/external/jquery.cookie.js?v=67fb34f6a866c40d0570
IP
Requested by http://hannums.wikaba.com/
Hash 20a0023596a032da17c48c7ffe08087a
63863462d721d103bcbbb2e1e543f8cd4bd6f335
4ba03e57203ea578ec51f56d317a69cc2bb83af0933780683890fd9e046b66e5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/jquery_update/replace/ui/external/jquery.cookie.js?v=67fb34f6a866c40d0570 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1343
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Jul 2017 21:00:00 GMT
ETag: "e47-55552d901b400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/misc/ajax.js?v=7.87
200 OK 8.4 kB URL GET HTTP/1.1 hannums.wikaba.com/misc/ajax.js?v=7.87
IP
Requested by http://hannums.wikaba.com/
Hash fd6b4b7b50c3f36b047e6d33b8ee55ef
df8cb43d8e87114c27e65be49bc2a5d5e09ce5a8
9032259f96c06cb70bfe474654b34328339cd8e950c4ddece511d5695420e7b1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /misc/ajax.js?v=7.87 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 8388
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "66a9-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/libraries/slick/slick/slick.min.js?v=1.x
200 OK 10 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/slick/slick/slick.min.js?v=1.x
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (42862)
Hash d5a61c749e44e47159af8a6579dda121
3b41b3bc956685015a347a2238e71db29dfa0dbb
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/slick/slick/slick.min.js?v=1.x HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 10442
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Oct 2017 07:49:28 GMT
ETag: "a76f-55a9fbb0c5200-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/jquery_update/replace/jquery.form/4/jquery.form.js?v=4.2.1
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/jquery_update/replace/jquery.form/4/jquery.form.js?v=4.2.1
IP
Requested by http://hannums.wikaba.com/
Hash ca3452e4d6f6d6262f629af386a6fba2
6e86ca8dc28ae9a70083749e04b35928446ac155
c6e24784b53d4277e05724c870031c6eb00f2c5cb32fbfe822d6cb3750898ccd
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/jquery_update/replace/jquery.form/4/jquery.form.js?v=4.2.1 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 13072
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Jul 2017 21:00:00 GMT
ETag: "b0a7-55552d901b400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/jquery_update/js/jquery_update.js?v=0.0.1
200 OK 187 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/jquery_update/js/jquery_update.js?v=0.0.1
IP
Requested by http://hannums.wikaba.com/
Hash 0322fd2a4afa96636ff341be5114ec47
b327d21f64878116bec57ba8ce7a6f3bd2fe2b3c
fa385dc43825fc9f723153ad0a845eb66d6f04e1a09c71691781f7cf333a4aef
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/jquery_update/js/jquery_update.js?v=0.0.1 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 187
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Jul 2017 21:00:00 GMT
ETag: "12e-55552d901b400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/dc_ajax_add_cart/js/dc_ajax_add_cart_html.js?v=1.0.0
200 OK 582 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/dc_ajax_add_cart/js/dc_ajax_add_cart_html.js?v=1.0.0
IP
Requested by http://hannums.wikaba.com/
Hash e70a3eb4450257d475b53d576d23c583
1fbddfa97883a4d84c82ca90b089d94630dc854b
3a86e9b5aa224651213ac8989c11969dc8dd52ae7eafd1394a2dc96d9fd94291
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/dc_ajax_add_cart/js/dc_ajax_add_cart_html.js?v=1.0.0 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 582
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 12:29:48 GMT
ETag: "4bb-58097f2f34700-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/default/files/languages/ru_SVoAMMVTeaXfvAWz_C3TjqUdjhcbQFd_OJkxsx9qEK4.js?rwurij
200 OK 4.7 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/languages/ru_SVoAMMVTeaXfvAWz_C3TjqUdjhcbQFd_OJkxsx9qEK4.js?rwurij
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (22638), with no line terminators
Hash 276b39fa0d7c97a5f76c2b7a6e5b3b28
6238cab0171fbf724810958d6439d70378129abe
495a0030c55379a5dfbc05b3fc2dd38ea51d8e171b40577f389931b31f6a10ae
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/languages/ru_SVoAMMVTeaXfvAWz_C3TjqUdjhcbQFd_OJkxsx9qEK4.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 4739
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Sep 2021 07:27:25 GMT
ETag: "586e-5cca48fee1140-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/libraries/colorbox/jquery.colorbox-min.js?rwurij
200 OK 4.7 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/colorbox/jquery.colorbox-min.js?rwurij
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (11827)
Hash 06a3b48689b0314af6c5da5b6ff27bfd
a98a815d90cba195409d39bd74d31b1e6f9dbf95
4cd7a0d2c9eb03966a0dc60658526c20fa4e8ee4a0660da469f55edaf9a18c9f
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/colorbox/jquery.colorbox-min.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 4711
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 11 Dec 2015 21:00:00 GMT
ETag: "2e7c-526a59b44f400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/colorbox/js/colorbox_load.js?rwurij
200 OK 681 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/colorbox/js/colorbox_load.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 36a4aada3c3537ec46126513ce43eccf
399879f74dcda9df92662ebbd975f040b800a64c
7189fe4fda240e2f3a5de4e496031dac7b0afeb36e94dce7027b817638ec56bd
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/colorbox/js/colorbox_load.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 681
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:54:54 GMT
ETag: "5db-58083584bff80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/colorbox/js/colorbox_inline.js?rwurij
200 OK 731 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/colorbox/js/colorbox_inline.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 7555d43e049e2bcaa01ff1afdf365ab7
768f0d77c478b2de02fe058854facdaa3840d961
84f81ed1744d6dca4ce4d8555a695a91cfdf6ef0a0396f9e226a29670f1c1aa7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/colorbox/js/colorbox_inline.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 731
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:54:54 GMT
ETag: "887-58083584bff80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/colorbox/js/colorbox.js?rwurij
200 OK 473 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/colorbox/js/colorbox.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 7054d2a0129e2de1d6356a717093a1db
c43d2ef1b82a15be7ad8eca05997c346c8ea14ff
97451af42baa65c9344baeb774c6f69f6ece19c51449883276e2d34a7ef4f799
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/colorbox/js/colorbox.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 473
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:54:54 GMT
ETag: "3ea-58083584bff80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/flag/theme/flag.js?rwurij
200 OK 3.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/flag/theme/flag.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 17823ceb5ea75de28b5c53df9390bd06
db7aa3403f7cc96a3112641de28eef4137bbfde2
25282a16c91dbb6cfe0d0bebd010c03b073be19791f3e4f495e0fa66629f403a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/flag/theme/flag.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 3075
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 11:17:48 GMT
ETag: "211e-58096f1754f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/colorbox/styles/plain/colorbox_style.js?rwurij
200 OK 505 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/colorbox/styles/plain/colorbox_style.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash ff7b6b55a71ca76f7ca964409fe66d07
953ed95a2b57d879b35736042c5cb194ed7127fa
b816908aa1ea087d08d30e737a9e92af7b303b73f4937d3e118243eb8c769e85
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/colorbox/styles/plain/colorbox_style.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 505
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:54:54 GMT
ETag: "52d-58083584bff80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/views/js/base.js?rwurij
200 OK 1.2 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/views/js/base.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash c9bd24d44383f9fdfdcb5589c890df4f
f5f4a3feda40aab1509d67b0f873873aa7cb2676
ba15df4d5b36f211301991e834a567a125a6c9e3b2150b200df5d7097e399773
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/views/js/base.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1241
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Apr 2018 11:21:00 GMT
ETag: "d5f-56a823b7e9f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/themes/bootstrap/js/misc/_progress.js?v=7.87
200 OK 1.3 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/themes/bootstrap/js/misc/_progress.js?v=7.87
IP
Requested by http://hannums.wikaba.com/
Hash e5667dc868dc21f505948886de9e5b38
9f35336dc9888956a2f06058330c199becef7007
f6144d880786d111f4704d517d3e7f2ccca21c1d414c2d2ac5d85afe6f4ad15c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/themes/bootstrap/js/misc/_progress.js?v=7.87 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1337
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 15 Jun 2019 07:06:44 GMT
ETag: "dd4-58b5767d54900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/misc/form.js?rwurij
200 OK 1.0 kB URL GET HTTP/1.1 hannums.wikaba.com/misc/form.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 2c9ea1a0e8cf2d4cf4548eec26340c03
2e07cb518493957cfd09e21ed5dfce40253c7ea7
b9a8189016392f6b6d3636ee9d35d96ac68b8372f60bd5a3971c0db9b780dcae
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /misc/form.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1001
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Jan 2022 23:05:15 GMT
ETag: "99c-5d5f76b2860c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/slick/js/slick.load.min.js?rwurij
200 OK 1.3 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/slick/js/slick.load.min.js?rwurij
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (3028)
Hash 6076006ddc8149fbf1a5a03c9f605933
aa7bfc9d7b7206af75a0a70afe0a7a6fa81a8366
47bcc1062a51a6e88cc7151c008e0bf99e961867eac6f7f30fac34ad072e2f0a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/slick/js/slick.load.min.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1309
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 22 Dec 2018 06:56:56 GMT
ETag: "bd5-57d96de8e7e00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/fivestar/js/fivestar.js?rwurij
200 OK 1.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/fivestar/js/fivestar.js?rwurij
IP
Requested by http://hannums.wikaba.com/
File type HTML document, ASCII text
Hash e042d122148e814e19cf4ae657b29d54
83f1135525ddafb75f2b1ae894a54bc167eb47ca
b53ff7a8354b06f19acd083bd6cf6325871da42440b1210dc6734232a3adcdad
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/fivestar/js/fivestar.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1132
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 26 Jun 2017 04:43:30 GMT
ETag: "c2d-552d597b0a080-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/themes/bootstrap/js/misc/_collapse.js?rwurij
200 OK 1.0 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/themes/bootstrap/js/misc/_collapse.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 54cff7384f413b41bdb5deea5e51ea4d
ea9191d5ce54318ea1e98d43e30de8df8707dcb6
0479df0d58915b4ef1f929615bd56b6363088d849e9b3e697a2d7b3c5db82f88
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/themes/bootstrap/js/misc/_collapse.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:17 GMT
Content-Type: application/javascript
Content-Length: 1045
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 15 Jun 2019 07:06:44 GMT
ETag: "b9d-58b5767d54900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/views/js/ajax_view.js?rwurij
200 OK 2.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/views/js/ajax_view.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 770fa349d99e3bd645ecb017b8365483
7ce5d2f4c4b53fa9aa1a2b616c5c0521278ecc01
fa9b8dda1626fdc48feb190db7cd22f100a89ae51564db4f4e037c2e29f96f83
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/views/js/ajax_view.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 2081
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Apr 2018 11:21:00 GMT
ETag: "1628-56a823b7e9f00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/modules/responsive_menus/styles/mlpm/js/jquery.multilevelpushmenu.min.js?rwurij
200 OK 6.7 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/responsive_menus/styles/mlpm/js/jquery.multilevelpushmenu.min.js?rwurij
IP
Requested by http://hannums.wikaba.com/
File type ASCII text, with very long lines (27847)
Hash d2bff38d1018d55f1b84f922a114f633
85112ea15ca119c1fd1e2a6774cc0319dd4ecd9d
e9b999b1438d0b919f85e35a90d6b3d415afcf0641cac8c798633cd7ee292d41
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/responsive_menus/styles/mlpm/js/jquery.multilevelpushmenu.min.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 6748
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:33:03 GMT
ETag: "6cc8-580830a27b9c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/themes/ozbm/custom.js?rwurij
200 OK 0 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/themes/ozbm/custom.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/themes/ozbm/custom.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 20 Feb 2019 10:28:19 GMT
ETag: "0-58250d10036c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/all/modules/responsive_menus/styles/mlpm/js/mlpm.js?rwurij
200 OK 1.2 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/responsive_menus/styles/mlpm/js/mlpm.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 8fe809d153308da1ba4c12a03f0a062e
8b60f6a5b0b98fdd607d865866e186abb4f4eb3b
f13c5214f5975390de46d2eb2a8ff20825e1a8239c937ce53d8ae62ddc5ed0e7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/responsive_menus/styles/mlpm/js/mlpm.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 1189
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Jan 2019 11:33:03 GMT
ETag: "e6b-580830a27b9c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/themes/bootstrap/js/modules/views/js/ajax_view.js?rwurij
200 OK 268 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/themes/bootstrap/js/modules/views/js/ajax_view.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash cfad53db2c0604dce64df36d9a5c3376
cd85c6533301809a46e3828ae7bcbfaeb273dc5e
a898d1e649a1e26ba3bfac722772887a6d6e0ea9fdf850df266724ef66d53711
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/themes/bootstrap/js/modules/views/js/ajax_view.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 268
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 15 Jun 2019 07:06:44 GMT
ETag: "184-58b5767d54900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/themes/bootstrap/js/misc/ajax.js?rwurij
200 OK 1.5 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/themes/bootstrap/js/misc/ajax.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 4fb98374402b39e30327e61ace84d242
2ee5f3cff8d365acc8dc1f6c4a2cd71b1cc1d386
abdaf54b50eb64e1084972039ed9069ec0648270fa2f4e76133f2c31481b98b6
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/themes/bootstrap/js/misc/ajax.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 1477
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 15 Jun 2019 07:06:44 GMT
ETag: "f49-58b5767d54900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/all/libraries/pvzwidget/widget/widjet.js
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/pvzwidget/widget/widjet.js
IP
Requested by http://hannums.wikaba.com/
Hash 9ad1d60a002a7941ecad565ab268ae61
bd32bd84ead558a2655678324321fd51e3018b39
cb4a82f512033fa80d028aee56b92a59d2cd3a1fee8d60ea8f8d7c62f2120b0d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/pvzwidget/widget/widjet.js HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 12627
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 05 Oct 2018 12:53:38 GMT
ETag: "f62d-5777ac297d880-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem_ot_dermatita_i_gribka_zema_zema_cream_5_gr.jpg?itok=vtxmdUeD
200 OK 14 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem_ot_dermatita_i_gribka_zema_zema_cream_5_gr.jpg?itok=vtxmdUeD
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 270x270, components 3\012- data
Hash b5de9dda37ab56541c7fd957f05f676e
0c545e3c7565e0e48500c3ef91c7b13918b34d78
7494c40367c273c43473b4c74bf5eca2cf606a0c81e0538b71c6e9d37c62931a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_krem_ot_dermatita_i_gribka_zema_zema_cream_5_gr.jpg?itok=vtxmdUeD HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 13479
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 May 2021 20:08:22 GMT
ETag: "34a7-5c2b46373f980"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_dezodorant_kristall_s_aromatom_mango_grace_crystal_deodorant_mango_70_gr._tay.jpg?itok=KRdKdidV
200 OK 6.8 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_dezodorant_kristall_s_aromatom_mango_grace_crystal_deodorant_mango_70_gr._tay.jpg?itok=KRdKdidV
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 240x240, components 3\012- data
Hash 342faab3e3cf3bbd073404c25499f9da
6b4200403141c2f4d698b15e90e38f1e54f56f7b
cd52e6d0d6b709e306d1c0d57a1415b0d089e1f740a2073d61e742af3d3e3363
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_dezodorant_kristall_s_aromatom_mango_grace_crystal_deodorant_mango_70_gr._tay.jpg?itok=KRdKdidV HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 6788
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 30 Aug 2020 22:02:37 GMT
ETag: "1a84-5ae1f719eb940"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_rastitelnyy_lifting-tonik_dlya_regeneracii_i_omolozheniya_kozhi_lica_i_shei_abhai_herb_200_ml._tailand_1.jpg?itok=FnI-1L_w
200 OK 9.4 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_rastitelnyy_lifting-tonik_dlya_regeneracii_i_omolozheniya_kozhi_lica_i_shei_abhai_herb_200_ml._tailand_1.jpg?itok=FnI-1L_w
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 282x282, components 3\012- data
Hash 4861cbc322be55217a493b2d0e7c5c90
1c03ac108230e0a5e041a3962e5cbe97472da902
74eb12b5572ba22f65957fddb69d028675ff8ce063e041a8d490849f4f9d4e7e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/naturalnyy_rastitelnyy_lifting-tonik_dlya_regeneracii_i_omolozheniya_kozhi_lica_i_shei_abhai_herb_200_ml._tailand_1.jpg?itok=FnI-1L_w HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 9400
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 25 Nov 2022 19:14:33 GMT
ETag: "24b8-5ee5054f74cd5"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_dlya_ukrepleniya_i_rosta_volos_kokliang_herbal_shampoo_strong_volume_long_hair_200_ml.jpg?itok=wInPzu3m
200 OK 9.0 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_dlya_ukrepleniya_i_rosta_volos_kokliang_herbal_shampoo_strong_volume_long_hair_200_ml.jpg?itok=wInPzu3m
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 235x235, components 3\012- data
Hash 4f8e6ca4bba6f00c875e40119a8b744e
9d57d8a734a8c683283b5541f4ec68cd8acdc45a
acacb6157f9bb7373700ebbfbffbda3c1d1b635f299a2c28ee7bd3d39bc37cf2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_dlya_ukrepleniya_i_rosta_volos_kokliang_herbal_shampoo_strong_volume_long_hair_200_ml.jpg?itok=wInPzu3m HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 9022
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 25 Jul 2020 09:19:32 GMT
ETag: "233e-5ab4096559100"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/naturalnaya_lechebnaya_maska_dlya_ochen_suhih_i_povrezhdennyh_volos_brilliantovyy_blesk_s_maslom_oreha_makadamii_lolane_natura_hair_treatment_for_diamond_shine_booster_macadamia_butter_10_gr._tailand_1.jpg?itok=zds3hYo7
200 OK 14 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/naturalnaya_lechebnaya_maska_dlya_ochen_suhih_i_povrezhdennyh_volos_brilliantovyy_blesk_s_maslom_oreha_makadamii_lolane_natura_hair_treatment_for_diamond_shine_booster_macadamia_butter_10_gr._tailand_1.jpg?itok=zds3hYo7
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 270x270, components 3\012- data
Hash 175628020c9abcd5d5182b86c864bb54
5a3779b3e8ef83b71f51315f20d1e90dc100f42f
f3824cfd5aa807a41c478f20fd346c8b4d2d4c3e3b75fd7798212d2ca996f3cf
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/naturalnaya_lechebnaya_maska_dlya_ochen_suhih_i_povrezhdennyh_volos_brilliantovyy_blesk_s_maslom_oreha_makadamii_lolane_natura_hair_treatment_for_diamond_shine_booster_macadamia_butter_10_gr._tailand_1.jpg?itok=zds3hYo7 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 14053
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 16 Mar 2022 21:56:00 GMT
ETag: "36e5-5da5cfaa26b22"
Accept-Ranges: bytes
hannums.wikaba.com/sites/all/modules/views_infinite_scroll/views-infinite-scroll.js?rwurij
200 OK 689 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/views_infinite_scroll/views-infinite-scroll.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash f86e5dbedbbd85a415bce980a6b5b743
de0c19db27ab77bd0b8a2745edb8b669033c352e
b29098b2712164533efd7ff42c1188ca23da8bf0ac22f50b952b55e9ebb1ea3b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/views_infinite_scroll/views-infinite-scroll.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 689
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 03 Mar 2019 09:25:39 GMT
ETag: "655-5832d39244ac0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_uvlazhnyayushchiy_i_ukreplyayushchiy_kozhu_zmeinyy_lifting_krem_dlya_lica_s_effektom_botoksa_banna_snake_moisturizing_cream_banna_100_ml._tailand_1.jpg?itok=nb66huIq
200 OK 27 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_uvlazhnyayushchiy_i_ukreplyayushchiy_kozhu_zmeinyy_lifting_krem_dlya_lica_s_effektom_botoksa_banna_snake_moisturizing_cream_banna_100_ml._tailand_1.jpg?itok=nb66huIq
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 286x286, components 3\012- data
Hash 3be973abf284c786740e55be8bd6453f
c08362a95e25a764b04f5829cf7860e33457eeb8
35d15d91e02da96e27f40c037b278b9f23d3df1fb3f4f6a01a9f8b1e1ba8d0be
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/naturalnyy_uvlazhnyayushchiy_i_ukreplyayushchiy_kozhu_zmeinyy_lifting_krem_dlya_lica_s_effektom_botoksa_banna_snake_moisturizing_cream_banna_100_ml._tailand_1.jpg?itok=nb66huIq HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 26568
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 21 Feb 2023 18:49:13 GMT
ETag: "67c8-5f53a3c62b7c6"
Accept-Ranges: bytes
hannums.wikaba.com/sites/all/themes/bootstrap/js/bootstrap.js?rwurij
200 OK 2.7 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/themes/bootstrap/js/bootstrap.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash 390b55aed1e2d6474c20f891a3a2764c
ed18eba995321654ec971b2747dd35a3464c5766
0c8a4fa988b7615aa50d5322931e3031ca3d79fdbda4fe47d5dd2eeed05a3d72
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/themes/bootstrap/js/bootstrap.js?rwurij HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 2723
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 15 Jun 2019 07:06:44 GMT
ETag: "26bb-58b5767d54900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sticky-kit.js
200 OK 2.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sticky-kit.js
IP
Requested by http://hannums.wikaba.com/
Hash 583d1290c505cc67179c0aa3b226bfa8
0eb3facfa37b3624a3fad0b853781bf6ea687550
7d4cd515598b21cd963f20e9d7179924828fcb1d60c541dfbbe859bcaba3438c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sticky-kit.js HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: application/javascript
Content-Length: 2095
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 20 Mar 2017 17:30:02 GMT
ETag: "218d-54b2ce0941a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
hannums.wikaba.com/sites/default/files/styles/large/public/probnik_naturalnaya_lechebnaya_maska_dlya_suhih_i_povrezhdennyh_volos_s_maslom_zhozhoba_i_proteinami_shelka_lolane_natura_hair_treatment_for_dry_damaged_hair_jojoba_oil_silk_protein_10_gr._tailand_1.jpg?itok=RULQg4UU
200 OK 14 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/probnik_naturalnaya_lechebnaya_maska_dlya_suhih_i_povrezhdennyh_volos_s_maslom_zhozhoba_i_proteinami_shelka_lolane_natura_hair_treatment_for_dry_damaged_hair_jojoba_oil_silk_protein_10_gr._tailand_1.jpg?itok=RULQg4UU
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 270x270, components 3\012- data
Hash 95d65dda3c06b1e34950188999a87578
91c84a492cdd1aaeee8f6a4d106eefa0c3aa637e
fe34e5598a24c217350b9fe5834d5edaefdf03a35a3adf002d73553b43aec285
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/probnik_naturalnaya_lechebnaya_maska_dlya_suhih_i_povrezhdennyh_volos_s_maslom_zhozhoba_i_proteinami_shelka_lolane_natura_hair_treatment_for_dry_damaged_hair_jojoba_oil_silk_protein_10_gr._tailand_1.jpg?itok=RULQg4UU HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 13812
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Sep 2022 15:11:30 GMT
ETag: "35f4-5e817ba4611bb"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tailand._tayskiy_antivozrastnoy_lifting_krem_dlya_lica_s_mucinom_ulitki_snail_white_gold_cream_royal_thai_herb_50_ml_1.jpg?itok=28kWv_Kx
200 OK 16 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tailand._tayskiy_antivozrastnoy_lifting_krem_dlya_lica_s_mucinom_ulitki_snail_white_gold_cream_royal_thai_herb_50_ml_1.jpg?itok=28kWv_Kx
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 291x291, components 3\012- data
Hash f28ba592cf412efe24ee70a5672528a5
cdecf166dba2a42308254328043e02fda833f295
93c3c24cf6bd742024c9b16ef26a99c7580fd37c0992367426f69e061c4033fd
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tailand._tayskiy_antivozrastnoy_lifting_krem_dlya_lica_s_mucinom_ulitki_snail_white_gold_cream_royal_thai_herb_50_ml_1.jpg?itok=28kWv_Kx HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 16120
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 10 Feb 2023 14:08:18 GMT
ETag: "3ef8-5f4590778c4bb"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/probnik_tayskaya_maska_dlya_okrashennyh_volos_s_ekstraktom_semyan_podsolnechnika_lolane-natura-hair-treatment-sunflower-extract_1.jpg?itok=gdCdunIj
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/probnik_tayskaya_maska_dlya_okrashennyh_volos_s_ekstraktom_semyan_podsolnechnika_lolane-natura-hair-treatment-sunflower-extract_1.jpg?itok=gdCdunIj
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 270x270, components 3\012- data
Hash c1a2ddd25d93742d60589fe424054def
17ddd0e6fe081109cda259c26cba2ac637062398
c11caf78de95959924b9b3db337df84cd6a3096769c48a0b66482fa439d77543
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/probnik_tayskaya_maska_dlya_okrashennyh_volos_s_ekstraktom_semyan_podsolnechnika_lolane-natura-hair-treatment-sunflower-extract_1.jpg?itok=gdCdunIj HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 13207
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 10 Aug 2022 11:56:45 GMT
ETag: "3397-5e5e1be3998b6"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_tayskiy_krem_dlya_lica_zoloto_ulitka_snail_gold_face_cream_royal_thai_herb_50_gr._tailand.jpg?itok=P1hyN6RA
200 OK 21 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_tayskiy_krem_dlya_lica_zoloto_ulitka_snail_gold_face_cream_royal_thai_herb_50_gr._tailand.jpg?itok=P1hyN6RA
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 268x268, components 3\012- data
Hash 3318b726f223571465c6dff138f6b570
4facdfe5866e141a27a3b326b6a5bf2a204f3815
67e299798cad5eb994ef2696e2c4594a589836a2705af330fa95c694397ea9a1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/naturalnyy_tayskiy_krem_dlya_lica_zoloto_ulitka_snail_gold_face_cream_royal_thai_herb_50_gr._tailand.jpg?itok=P1hyN6RA HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 21060
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 12 Jan 2023 11:15:17 GMT
ETag: "5244-5f20f3b575cd6"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/naturalnaya_prozrachnaya_pudra_dlya_lica_s_effektom_razmytiya_ponds_blurring_filler_translucent_powder_50_gr._tailand_1.jpg?itok=rY7iYo1a
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/naturalnaya_prozrachnaya_pudra_dlya_lica_s_effektom_razmytiya_ponds_blurring_filler_translucent_powder_50_gr._tailand_1.jpg?itok=rY7iYo1a
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 290x290, components 3\012- data
Hash e8420904bbd0a391476894e8f93fd988
12de1b7d9dd59eef86fa626c8d93bb04877615a2
79807c6bc307ad8ce503b2dff469a6489d99c48b1fb2b6ee0803932722477903
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/naturalnaya_prozrachnaya_pudra_dlya_lica_s_effektom_razmytiya_ponds_blurring_filler_translucent_powder_50_gr._tailand_1.jpg?itok=rY7iYo1a HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 13174
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 25 Jan 2023 19:57:16 GMT
ETag: "3376-5f31c0a0b0788"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_ukreplyayushchiy_lifting-krem_dlya_lica_zoloto_kollagen_i_vitamin_e_banna_gold_collagen_and_vitamin_e_firming_facial_cream_banna_100_ml._afsu-skuf-ifttf_1.jpg?itok=5WagP1TH
200 OK 22 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_ukreplyayushchiy_lifting-krem_dlya_lica_zoloto_kollagen_i_vitamin_e_banna_gold_collagen_and_vitamin_e_firming_facial_cream_banna_100_ml._afsu-skuf-ifttf_1.jpg?itok=5WagP1TH
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 270x270, components 3\012- data
Hash 1d6a86e14180c64294fd9618cf6abbb4
ca24589a839baab6543aedfd9935bc680460997e
ca65d3bc6eb627f49eec87d32435ce472538708e5a47b84bae889228f12eed96
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_ukreplyayushchiy_lifting-krem_dlya_lica_zoloto_kollagen_i_vitamin_e_banna_gold_collagen_and_vitamin_e_firming_facial_cream_banna_100_ml._afsu-skuf-ifttf_1.jpg?itok=5WagP1TH HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 21841
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Jun 2021 21:19:18 GMT
ETag: "5551-5c56157bc2180"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_i_kondicioner_dlya_ukrepleniya_i_rosta_volos_kokliang_strong_volume_long_hair_200_ml.jpg?itok=FyRpgEYt
200 OK 16 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_i_kondicioner_dlya_ukrepleniya_i_rosta_volos_kokliang_strong_volume_long_hair_200_ml.jpg?itok=FyRpgEYt
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 235x235, components 3\012- data
Hash 4c12493b80b9bb9b4d97d6b91f2b73a2
15806c8c729e4f7b8eef67a7d9ce4d5caa9c6d84
5e6ba8da375faa352a36b9eecef007630a04d12d515acafe36d12398d5a44824
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_i_kondicioner_dlya_ukrepleniya_i_rosta_volos_kokliang_strong_volume_long_hair_200_ml.jpg?itok=FyRpgEYt HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 15655
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 24 Jul 2020 11:25:31 GMT
ETag: "3d27-5ab2e3b0b60c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskaya_travyanaya_otbelivayushchaya_zubnaya_pasta_s_ekstraktom_papayi_5_star_5_a_herbal_clove_papaya_toothpaste_25_gr_1.jpg?itok=bqNPD81Q
200 OK 20 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskaya_travyanaya_otbelivayushchaya_zubnaya_pasta_s_ekstraktom_papayi_5_star_5_a_herbal_clove_papaya_toothpaste_25_gr_1.jpg?itok=bqNPD81Q
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 298x298, components 3\012- data
Hash 703939e158aaf261722c5f091e096e38
fa29c2ec1bcb6ff1eb9252d714d9d5fd0dd336db
1b2b8a78ed3bcbe4773d9a3f2290c0456555a80fe133a8daa1f09ef4bfb642db
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskaya_travyanaya_otbelivayushchaya_zubnaya_pasta_s_ekstraktom_papayi_5_star_5_a_herbal_clove_papaya_toothpaste_25_gr_1.jpg?itok=bqNPD81Q HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 19743
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 Nov 2023 11:38:55 GMT
ETag: "4d1f-60abc2a02ae1b"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/naturalnaya_lechebnaya_maska_ot_vypadeniya_volos_s_peptidami_ekstraktom_svekly-lolane-natura-hair-treatment-peptide-beetroot-extracts_1.jpg?itok=TmxLIk97
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/naturalnaya_lechebnaya_maska_ot_vypadeniya_volos_s_peptidami_ekstraktom_svekly-lolane-natura-hair-treatment-peptide-beetroot-extracts_1.jpg?itok=TmxLIk97
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 275x275, components 3\012- data
Hash 01474b1721c2085c4cf433df3a4ad896
7c9e0db9478506620b2c5900e56be538947b0e2b
875e85084b16d62ba0bc15aa4399cb17798b754c7decccfe8e162e40c49c5599
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/naturalnaya_lechebnaya_maska_ot_vypadeniya_volos_s_peptidami_ekstraktom_svekly-lolane-natura-hair-treatment-peptide-beetroot-extracts_1.jpg?itok=TmxLIk97 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 13167
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 Nov 2022 19:21:45 GMT
ETag: "336f-5ec81c059d4b3"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_kondicioner_dlya_ukrepleniya_i_rosta_volos_s_yagodami_godzhi_kokliang_herbal_conditioner_strong_volume_long_hair_200_ml.jpg?itok=pyD2gv1c
200 OK 8.6 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_kondicioner_dlya_ukrepleniya_i_rosta_volos_s_yagodami_godzhi_kokliang_herbal_conditioner_strong_volume_long_hair_200_ml.jpg?itok=pyD2gv1c
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 235x235, components 3\012- data
Hash 86d8b2560b01fb320cd4ddfbdf510bef
ea547c99ff17dbf4988e451cc344eee4ffad6a27
eae1d6a41a5fc4b0a7484e4698bd7af2f55c638ce6a2377a1ee543abdce5bc7b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_kondicioner_dlya_ukrepleniya_i_rosta_volos_s_yagodami_godzhi_kokliang_herbal_conditioner_strong_volume_long_hair_200_ml.jpg?itok=pyD2gv1c HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 8627
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 31 Jul 2020 18:51:30 GMT
ETag: "21b3-5abc146e4f080"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/gel_dlya_tela_iz_taylanda_aloe_vera_i_kokos_banna_aloe_vera_coconut_skin_gel_banna_250_ml_1.jpg?itok=3w5W8B_I
200 OK 8.5 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/gel_dlya_tela_iz_taylanda_aloe_vera_i_kokos_banna_aloe_vera_coconut_skin_gel_banna_250_ml_1.jpg?itok=3w5W8B_I
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 272x272, components 3\012- data
Hash 6c4a6133b85bc59a506a57a3155c881b
9e5fb05b129071b2a938186086efdb1356e0fc8a
8df985aa28f07c0cc5ef7c1b1614c758643fe754fb115c1f99377169b6655699
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/gel_dlya_tela_iz_taylanda_aloe_vera_i_kokos_banna_aloe_vera_coconut_skin_gel_banna_250_ml_1.jpg?itok=3w5W8B_I HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 8479
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Jul 2021 21:14:46 GMT
ETag: "211f-5c6a324fbbd80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/ef5a423cebdacff73731f59a2c48152a.jpg?itok=cgXRnHQz
200 OK 47 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/ef5a423cebdacff73731f59a2c48152a.jpg?itok=cgXRnHQz
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 6c5eff3bf65c698f809718696b0cc37f
52d88da90ffd4579386e4205f30af968cde4a4ad
4c71bf77416a46099c0bfa50dc505230249de566a3272d1daead967b89d6fe3c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/ef5a423cebdacff73731f59a2c48152a.jpg?itok=cgXRnHQz HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 47229
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 30 Jan 2019 13:44:28 GMT
ETag: "b87d-580ad1bd20700"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/icon_hot_trans.png
200 OK 2.8 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/icon_hot_trans.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash b05f9a8c9653977189928616761c719b
fa05bc891a5e442154e2cbcfe4d33afbb1d90d00
4725e5b6b630068b61d038a7af6d6920f8ac379d1d05ae8800e783b6470eb53a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/icon_hot_trans.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 2791
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 14 Jan 2016 21:00:00 GMT
ETag: "ae7-5295191dfb400"
Accept-Ranges: bytes
hannums.wikaba.com/i/ozbm-logo-big.png
200 OK 30 kB URL GET HTTP/1.1 hannums.wikaba.com/i/ozbm-logo-big.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 385 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash eadbefb96883684a48bd9dd391fa1826
3065686a4be97aaa78ad7686a1cb9dbba0d642fa
9b7fb2e179852d79b8156c172aa48cf4c4e90940fcad455b5b62a5192ad5e818
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/ozbm-logo-big.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 29800
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 11 Mar 2019 12:02:26 GMT
ETag: "7468-583d05892b880"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/4a7643eeda1e9b246df245d38295997d.jpg?itok=1IeXIwUh
200 OK 42 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/4a7643eeda1e9b246df245d38295997d.jpg?itok=1IeXIwUh
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash b23b06dc6a96095c62b9a5a846411f94
30db27af48088b3a6947d8dfaee2951fc343fa64
f2c2587cabb2a1509bf06c28520412ded26ce402917759fbb0408581635c74a7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/4a7643eeda1e9b246df245d38295997d.jpg?itok=1IeXIwUh HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 41928
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 30 Jan 2019 13:44:42 GMT
ETag: "a3c8-580ad1ca7a680"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/uvlazhnyayushchaya_tayskaya_tkanevaya_maska_dlya_lica_s_ekstraktom_aloe_vera_belov_vitamin_aloe_vera_moisturizing_3d_facial_mask_38_ml._tkanevaya-maska-s-aloe-belov.jpg?itok=1PFJQ5kj
200 OK 14 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/uvlazhnyayushchaya_tayskaya_tkanevaya_maska_dlya_lica_s_ekstraktom_aloe_vera_belov_vitamin_aloe_vera_moisturizing_3d_facial_mask_38_ml._tkanevaya-maska-s-aloe-belov.jpg?itok=1PFJQ5kj
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 250x250, components 3\012- data
Hash 3af0846840bfd809a710ea8f6025e0c1
a8b351226c702dda182939c0d186e3c5236cbf67
fae84c2e17ccfca400b4d870d60fde7a5202676cf9f32c1613dd12edd1713f49
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/uvlazhnyayushchaya_tayskaya_tkanevaya_maska_dlya_lica_s_ekstraktom_aloe_vera_belov_vitamin_aloe_vera_moisturizing_3d_facial_mask_38_ml._tkanevaya-maska-s-aloe-belov.jpg?itok=1PFJQ5kj HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 14217
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 25 Feb 2021 20:54:37 GMT
ETag: "3789-5bc2f5c06fd40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/0b27a1b81ef2f2b50e72c9029055c8ee.jpg
200 OK 231 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/0b27a1b81ef2f2b50e72c9029055c8ee.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=853, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=2560], baseline, precision 8, 1120x300, components 3\012- data
Size 231 kB (230574 bytes)
Hash 69a984cd927d590f38dd43a8a46ce5a1
ff046c81f884c99af7294d08734189becffdffc9
2ad5257e796f7bc0c78b3b27749502ddef118b1949f7cdac6309102f366bf5e8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/0b27a1b81ef2f2b50e72c9029055c8ee.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 230574
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:01:18 GMT
ETag: "384ae-5892263b12380"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/dddb41e1110d1dbb1c8dd0ffa4d913a6.jpg
200 OK 324 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/dddb41e1110d1dbb1c8dd0ffa4d913a6.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=300, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1118], baseline, precision 8, 1120x300, components 3\012- data
Size 324 kB (323903 bytes)
Hash 7740f3be83bfe232e07ce9185d34ef8d
fb9fa68ee0a6bd0dadd78f085b7371becaf140e9
97d7dbe4a9c586b453b61f622e57f791f8996ede660f05e40384c0d501ac798d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/dddb41e1110d1dbb1c8dd0ffa4d913a6.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 323903
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:00:17 GMT
ETag: "4f13f-58922600e5a40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/1b1efffed805bec8d79bed2d80870432.jpg
200 OK 496 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/1b1efffed805bec8d79bed2d80870432.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=500, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1280], baseline, precision 8, 1120x300, components 3\012- data
Size 496 kB (496140 bytes)
Hash 5182451429ffecabd25728003668a709
37aac53d4822287bfc8ba71ae3f2373cdcf38948
4eb821afef86a78499d77f11d7c7f171bc2b8c79bca46e8791fe1366ffc9ebdc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/1b1efffed805bec8d79bed2d80870432.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 496140
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:00:58 GMT
ETag: "7920c-58922627ff680"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/bf46d01b4a980299d1abcfb9b01b254f.jpg
200 OK 232 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/bf46d01b4a980299d1abcfb9b01b254f.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=14, height=853, bps=182, PhotometricIntepretation=RGB, orientation=upper-left, width=2560], baseline, precision 8, 1120x300, components 3\012- data
Size 232 kB (232532 bytes)
Hash a156c0c14fdc484e6d9926db9964397f
ea7a5c5728fc95891d742e1165a45be447f0132e
5a821013b371a98561a41db03401e9ba0a0e66805dee6f5b3cff151ead1cdda9
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/bf46d01b4a980299d1abcfb9b01b254f.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 232532
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:02:47 GMT
ETag: "38c54-5892268ff2bc0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/126c83e3278fe723079ce200aa966b65.jpg
200 OK 491 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/126c83e3278fe723079ce200aa966b65.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=640, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1120x300, components 3\012- data
Size 491 kB (491050 bytes)
Hash f6c934895f0020d617efc19ce9b17aab
23c7c05a4f00c03dd43da14faabbe2f4757da774
4321a965b91b511be47f1f87a184a24aea64570712507d29b09fe522725236cc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/126c83e3278fe723079ce200aa966b65.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 491050
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:02:00 GMT
ETag: "77e2a-5892266320200"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/8ba7b739263403d768c1ba4d7cf38cfe.jpg
200 OK 450 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/8ba7b739263403d768c1ba4d7cf38cfe.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=400, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1120x300, components 3\012- data
Size 450 kB (449632 bytes)
Hash 8264b14dd394c7723ab39fc283e73447
e94bc64a4d4a3ba1ffc83859dc34717c6025528e
9194fa32b2c69f85000d67b65952d3c8dee14fc8f4ebe3da511b23054e8f1d05
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/8ba7b739263403d768c1ba4d7cf38cfe.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 449632
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:01:34 GMT
ETag: "6dc60-5892264a54780"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/75f483a93ec1d2f802b947917e73b421.jpg
200 OK 324 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/75f483a93ec1d2f802b947917e73b421.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=300, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1118], baseline, precision 8, 1120x300, components 3\012- data
Size 324 kB (323903 bytes)
Hash 0b3a5de94457837f7d90d9414074ca81
4897ce36e92d8aa0c412da8ee4dec72c5a222dca
540f42edd8a953853f42fe06aedc3bd2cc4405d9256654a616ea122541d21864
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/75f483a93ec1d2f802b947917e73b421.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 323903
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:03:26 GMT
ETag: "4f13f-589226b524380"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/58f99a42553bbde256fd729cee872e71.jpg
200 OK 144 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/58f99a42553bbde256fd729cee872e71.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1120x300, components 3\012- data
Size 144 kB (144189 bytes)
Hash 3b229528118bbb22cb415fc9f455ca08
5be5e2b778e13dc4f16b3d9e027991f796b13d97
4573919a8a3c235875584c579c358397bae38c9539c201325867628efb41c68e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/58f99a42553bbde256fd729cee872e71.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 144189
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 04:58:48 GMT
ETag: "2333d-589225ac05200"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/bd293bfd4cb9bf86ef50a647d6cf13ca.jpg
200 OK 393 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/bd293bfd4cb9bf86ef50a647d6cf13ca.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=960, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=2880], baseline, precision 8, 1120x300, components 3\012- data
Size 393 kB (392991 bytes)
Hash 2c43bac224c6d6d7837bb65b7786157e
aa087ad6571815d999570a08de926919afc9a8ba
20d6f2986072bf3da48a3d5ccf4472cb78defc86a35cb21be36cd0b974909505
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/bd293bfd4cb9bf86ef50a647d6cf13ca.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 392991
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:03:43 GMT
ETag: "5ff1f-589226c55a9c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/new.png
200 OK 7.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/new.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 97 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 435a096104cf6afb45ca27af3efe66d2
27cd7a8f0ac34c7933229925d148541d74d40c64
abf809a477cbf6e9c379265ab62e944195a96f1e07c47c88d331cd9862344b0c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/new.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 7138
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Mar 2019 08:03:47 GMT
ETag: "1be2-583f53ec6dec0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/slider_images/35f6a8fac1f4ed2b88d383b195715b56.jpg
200 OK 252 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/slider_images/35f6a8fac1f4ed2b88d383b195715b56.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=640, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1120x300, components 3\012- data
Size 252 kB (251672 bytes)
Hash 073234c344a81ccce661d43b68a419f9
83dd7b2828e38b0160684fd8a4d01104d7a85998
1eb5fddd9d7fb0df9887355d30435de701fef4249e61d76230bfcfb580d95005
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/slider_images/35f6a8fac1f4ed2b88d383b195715b56.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 251672
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 18 May 2019 05:03:04 GMT
ETag: "3d718-589226a029200"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/preaw_4.25_gr._thailand.jpg?itok=L93YCA5a
200 OK 9.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/preaw_4.25_gr._thailand.jpg?itok=L93YCA5a
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 200x200, components 3\012- data
Hash 628b397e42e66491bcb122667dc4f335
0c74ff8d0558b4d7c42a185a3ae098755159197c
e4a60081cd8a9c0a1c365a92363282ed040783a846678f9a32ec64aa953cb632
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
GET /sites/default/files/styles/large/public/preaw_4.25_gr._thailand.jpg?itok=L93YCA5a HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 9135
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 12:10:46 GMT
ETag: "23af-58097aee1bd80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/hit.png
200 OK 6.1 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/hit.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 97 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 3deeb52111d0176c88d650370036eb8e
48fd44ee107847168e7e492b702cfe03863cd626
9038a8d5afdff03e2107590df207564ee9b734a80094355f6c5bf2518e1c63ca
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/hit.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 6133
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Mar 2019 08:05:03 GMT
ETag: "17f5-583f5434e89c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/dada_products7000-1.jpg?itok=zvVkqh02
200 OK 4.4 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/dada_products7000-1.jpg?itok=zvVkqh02
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 187x187, components 3\012- data
Hash 0ae760727f98e476c77d27c5e2200a1f
de6da2b7a344a7595fa0d95b3309d569de38a2b0
b49062b4a9f1a95936c4e18b9b32cbaaa9bdf7246899f318bccc63d247317e9d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/dada_products7000-1.jpg?itok=zvVkqh02 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 4381
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 12:10:48 GMT
ETag: "111d-58097af004200"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem_dlya_otbelivaniya_zony_bikini_isme_whitening_leg_therapy_cream_5_gr.tailand_1.jpg?itok=db8SVEZ9
200 OK 18 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem_dlya_otbelivaniya_zony_bikini_isme_whitening_leg_therapy_cream_5_gr.tailand_1.jpg?itok=db8SVEZ9
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 272x272, components 3\012- data
Hash 0a87ea4e7769fa85a45e35518c39e5e0
d2bd9b619fe92e190d8f6a90b5da60ef15fbf81a
33e18a762c6b3b2d2b19ff2daddb5503799dc59c0bcdf2bf294257d71bb8bcb0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_krem_dlya_otbelivaniya_zony_bikini_isme_whitening_leg_therapy_cream_5_gr.tailand_1.jpg?itok=db8SVEZ9 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 17783
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 10 Oct 2022 19:20:25 GMT
ETag: "4577-5eab30d37cfd3"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/ozbm.ru-600x600.jpg?itok=iNM-iuMq
200 OK 21 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/ozbm.ru-600x600.jpg?itok=iNM-iuMq
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 6a27a9442f2662de01eeab68dc29b344
cb1fc9dddabcc70e3e7ad4a9d9b1b939b2762b84
12282bcca20b660b8d26e8ecf679c98bbf97758bb1604ec12fad0e23e0fdce60
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/ozbm.ru-600x600.jpg?itok=iNM-iuMq HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 20996
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:32:54 GMT
ETag: "5204-5809650e22180"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_kofe_dlya_snizheniya_vesa_s_hromom_preaw_instant_coffee_powder_with_chromium_formula_12_gr._tailand_1.jpg?itok=mQ8VvwAf
200 OK 27 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/naturalnyy_kofe_dlya_snizheniya_vesa_s_hromom_preaw_instant_coffee_powder_with_chromium_formula_12_gr._tailand_1.jpg?itok=mQ8VvwAf
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 280x280, components 3\012- data
Hash ccc01002163de3b0e05cd329ca5f4cd0
00b531ff59e50ac16a4b6d6d71f0f532de2235f6
07be40d6f18ca8bedf292a8183c813837e04f5aa2942482cabf185209ff46bd2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/naturalnyy_kofe_dlya_snizheniya_vesa_s_hromom_preaw_instant_coffee_powder_with_chromium_formula_12_gr._tailand_1.jpg?itok=mQ8VvwAf HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 27025
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 26 Apr 2023 11:20:58 GMT
ETag: "6991-5fa3b6f2cfce4"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskaya_vosstanavlivayushchaya_syvorotka_dlya_okrashennyh_i_povrezhdennyh_volos_lolane_natura_daily_hair_serum_magic_in_one_for_color_care_50_ml.jpg?itok=ozeQpWsU
200 OK 16 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskaya_vosstanavlivayushchaya_syvorotka_dlya_okrashennyh_i_povrezhdennyh_volos_lolane_natura_daily_hair_serum_magic_in_one_for_color_care_50_ml.jpg?itok=ozeQpWsU
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x220, components 3\012- data
Hash d90da932179d50cd3e05b8ff719e22d4
7aa3fdb7141ce0f057635dd136ad7316f2cbfc03
50065fee07b7ee4335217a3ff277ff7e5f294788029a704d2cf7a8d39cae30fc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskaya_vosstanavlivayushchaya_syvorotka_dlya_okrashennyh_i_povrezhdennyh_volos_lolane_natura_daily_hair_serum_magic_in_one_for_color_care_50_ml.jpg?itok=ozeQpWsU HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 16177
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 17 Jan 2020 14:49:00 GMT
ETag: "3f31-59c570ac00f00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/00080f28c87033ba3ebbd501d7a7564f_1.jpg?itok=jpfhUUQt
200 OK 45 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/00080f28c87033ba3ebbd501d7a7564f_1.jpg?itok=jpfhUUQt
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash ef8966992bf1ec21b23bf73aca0a7f03
9ac86587c79a1724386ea8ce2f7ebb733b8ce8bf
794dcf8efcd965b3a92136d7f22eadd1b2aef36e5dfd6bb9f8dfc1c53a70f1b3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/00080f28c87033ba3ebbd501d7a7564f_1.jpg?itok=jpfhUUQt HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 45012
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:33:06 GMT
ETag: "afd4-5809651993c80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/sale.png
200 OK 8.6 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/sale.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 97 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 45aa77e6ddf235ca381ad8bfc9c91b4a
8cb1f873580acd02acb6cfe41ff8b7678d99fd3a
fe0ae7caea0eb0c4f3574670d52162926c587d0ac3c68a4cd3fcb37aa9dab65d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/sale.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 8645
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Mar 2019 08:04:19 GMT
ETag: "21c5-583f540af26c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_zhemchuzhnyy_krem_dlya_lica_s_otbelivayushchim_effektom_kuan-im_pearl_cream_3_gr.jpg?itok=DpTJtL3y
200 OK 18 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_zhemchuzhnyy_krem_dlya_lica_s_otbelivayushchim_effektom_kuan-im_pearl_cream_3_gr.jpg?itok=DpTJtL3y
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 261x261, components 3\012- data
Hash 63e38fc2d219de95e9d6cb746a8027e6
ede3cc9c3e1e25a727c2ac4de75732ce189619f7
e41f7e23914d44156d80b2cfb08b9faa476c532f267e685d682dfa5d18ff51b0
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_zhemchuzhnyy_krem_dlya_lica_s_otbelivayushchim_effektom_kuan-im_pearl_cream_3_gr.jpg?itok=DpTJtL3y HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 18125
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 12 Jul 2020 11:37:48 GMT
ETag: "46cd-5aa3d00e09b00"
Accept-Ranges: bytes
hannums.wikaba.com/i/icon-eco.png
200 OK 24 kB URL GET HTTP/1.1 hannums.wikaba.com/i/icon-eco.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 2d7e783a263264cf932ccef4bb49f7fa
b11023d9908f9f2f2d2a7cc930835539f953567d
51d518eb8cc9bcf337825b1b856ef6cb37f7f725959ca86fc9aed5622680f551
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/icon-eco.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 24263
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 19:20:19 GMT
ETag: "5ec7-588c9ce9182c0"
Accept-Ranges: bytes
hannums.wikaba.com/i/icon-quality.png
200 OK 16 kB URL GET HTTP/1.1 hannums.wikaba.com/i/icon-quality.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 24bf221a21476bdf00890c31109d7c80
3aa8cedadef4eb514bd6f8fc192d6cb8b454ddee
6f348e1135b8495a5f9527f7a6cc14d3726518488c1eedd1e359694d9f5adbd5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/icon-quality.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 15810
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 19:33:35 GMT
ETag: "3dc2-588c9fe0381c0"
Accept-Ranges: bytes
hannums.wikaba.com/i/icon-design.png
200 OK 7.4 kB URL GET HTTP/1.1 hannums.wikaba.com/i/icon-design.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 8b7b2a73160d1c8668ad56a311fe4d10
dde4f68b982e30d16f0035af20c703abfff46fd6
282dd72c8e3ffa2d593d0736d7460a3e80362d4da9effcd6fdd12a0f830db064
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/icon-design.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 7440
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 19:21:26 GMT
ETag: "1d10-588c9d28fd980"
Accept-Ranges: bytes
hannums.wikaba.com/i/icon-lowprice.png
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/i/icon-lowprice.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash 9a3bd636b18dfd629df9ad1698938e54
af55c16ec3e9f9db3d2b6e9a08921297beda4122
1cc9799bdcf29e52c847b00fd5a97fa0e7c4f6a161ce5b498f831d8e45fb0921
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/icon-lowprice.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 13310
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 19:20:48 GMT
ETag: "33fe-588c9d04c0400"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskaya_boleutolyayushchaya_razogrevayushchaya_maz_counterpain_120_gr.ozbm_.ru_.jpg?itok=k3kEPy3A
200 OK 36 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskaya_boleutolyayushchaya_razogrevayushchaya_maz_counterpain_120_gr.ozbm_.ru_.jpg?itok=k3kEPy3A
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 5b1858b323438ef1ca7fbf303f5e7a14
f39a3b7c33159a2ca6d45f1fb83a971d5a38d9a5
2409463312259b910640e88b8e8666325c1f66405651c0cec7b3a19d35d1bcff
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskaya_boleutolyayushchaya_razogrevayushchaya_maz_counterpain_120_gr.ozbm_.ru_.jpg?itok=k3kEPy3A HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 35723
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:57:10 GMT
ETag: "8b8b-58096a7aaed80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/taiskii_travyanoi_shampun_i_kondicioner_protiv_vypadeniya_volos_kokliang_200_ml._shampun_dlya_volos_iz_taya.jpg?itok=ec-DC9hD
200 OK 12 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/taiskii_travyanoi_shampun_i_kondicioner_protiv_vypadeniya_volos_kokliang_200_ml._shampun_dlya_volos_iz_taya.jpg?itok=ec-DC9hD
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 227x227, components 3\012- data
Hash dc477ee279433aa435eb83e4ed5bf462
f722471ec3b68f99db7fb2debe4bc8963c9ad5cf
69caf7f1d28fe94f248734b96ee34c3ed29687f78e3f7429aee402d8c8179c0e
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/taiskii_travyanoi_shampun_i_kondicioner_protiv_vypadeniya_volos_kokliang_200_ml._shampun_dlya_volos_iz_taya.jpg?itok=ec-DC9hD HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 11625
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 27 Jul 2020 18:20:37 GMT
ETag: "2d69-5ab706114e740"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/ozbm.ru__3.jpg?itok=gZdZMlm4
200 OK 35 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/ozbm.ru__3.jpg?itok=gZdZMlm4
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 9b9e4251c6579963e11349ed48d733ed
1339d6d68540ffa12141ee95a32c5711030047c9
d74d7b4430656524ae1f2b5dba618e41b22ea17a1dafb33639176fc90c9cb0c7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/ozbm.ru__3.jpg?itok=gZdZMlm4 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 35061
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 21:53:20 GMT
ETag: "88f5-5809fd24d7400"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem-gel.jpg?itok=6IuZ2in-
200 OK 22 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem-gel.jpg?itok=6IuZ2in-
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 388x388, components 3\012- data
Hash 607d011cefbbab9448c83604815ddb38
8ae77e0067e2b996e494384fd276299b694f59b6
97f4637d93565261173e361147095c70a4e47dcfadf3de5a65d52f77e92a5b19
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_krem-gel.jpg?itok=6IuZ2in- HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 21839
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 11:48:41 GMT
ETag: "554f-580975fe7d840"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/milo_ot_prichei_madame_heng_1.png?itok=MBytWctu
200 OK 63 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/milo_ot_prichei_madame_heng_1.png?itok=MBytWctu
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 200 x 200, 8-bit/color RGBA, interlaced\012- data
Hash 2d8b62739a60d86efdd372b371bc90d4
84ea2c6f6f0c8484d6509af4afc6231d68eb9364
0676550fdc132a9943685bf23346a1cfa78c699da4c2b31fb1c72543848b8a25
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/milo_ot_prichei_madame_heng_1.png?itok=MBytWctu HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 63411
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:34:52 GMT
ETag: "f7b3-5809657eaab00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/full_456-500x500.jpg?itok=vVtXj_TN
200 OK 40 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/full_456-500x500.jpg?itok=vVtXj_TN
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash bbc3f74ba32c8ef6890fe28adde41688
163b622c12ef7c4084821b97ce3a2fb4dd094e76
29523c06148a7114b7d475fb93510ad7c2d4645bcd82b456aa77b462a2ec5c7a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/full_456-500x500.jpg?itok=vVtXj_TN HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 40440
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:39:04 GMT
ETag: "9df8-5809666efe200"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/chai_matum._matoom_tea._chay_matum_bail_ozbm.ru_.jpg?itok=cm1QhhRy
200 OK 41 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/chai_matum._matoom_tea._chay_matum_bail_ozbm.ru_.jpg?itok=cm1QhhRy
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 4d545af3f79e1af044780a5514c8176a
244905c632c2d0b9fbc3450ff44e9562ed94c524
9b13dbbc1a92804444d5fe88328468a09d0ad0c7bc91d5f139e676d588708e87
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/chai_matum._matoom_tea._chay_matum_bail_ozbm.ru_.jpg?itok=cm1QhhRy HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 40554
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 28 Feb 2019 15:01:27 GMT
ETag: "9e6a-582f590883fc0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem_invisible_anti_otechnost_i_yasnost_glaz_mistine_15_gr.jpg?itok=ygvopHTK
200 OK 16 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_krem_invisible_anti_otechnost_i_yasnost_glaz_mistine_15_gr.jpg?itok=ygvopHTK
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 1e7002ce96aefc2a4ba09ef16bca932a
76d31af74d5f450147740207a1b15836743f5494
7990c682d821852ca0ee91dbd948f3c318b200889c24579e29868b4a3ca6aa06
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_krem_invisible_anti_otechnost_i_yasnost_glaz_mistine_15_gr.jpg?itok=ygvopHTK HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 16228
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 30 Jan 2019 13:43:52 GMT
ETag: "3f64-580ad19acb600"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/biowoman-detox-treatment-hair-scalp-therapy-mask-tayskaya_maska_dlya_volos_s_keratinom.ozbm_.jpg?itok=oR_lEDkm
200 OK 10 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/biowoman-detox-treatment-hair-scalp-therapy-mask-tayskaya_maska_dlya_volos_s_keratinom.ozbm_.jpg?itok=oR_lEDkm
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 270x270, components 3\012- data
Hash f457bbe098433d2d0341b52325fd2714
a3ce13166644342ecde558acdf3d8a2021b36b07
f98561ef56901da3130c2639810f39aaeab60311f8104d57d3a72d0128fa2034
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/biowoman-detox-treatment-hair-scalp-therapy-mask-tayskaya_maska_dlya_volos_s_keratinom.ozbm_.jpg?itok=oR_lEDkm HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 10118
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:35:29 GMT
ETag: "2786-580965a1f3e40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/detskaya_zubnaya_shchetka_iz_taylanda_kodomo_lion_kodomo_professional_toothbrush_9-12_let.jpg?itok=uMzHServ
200 OK 6.0 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/detskaya_zubnaya_shchetka_iz_taylanda_kodomo_lion_kodomo_professional_toothbrush_9-12_let.jpg?itok=uMzHServ
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 223x223, components 3\012- data
Hash b74d9c98b571dea62796603842958335
db824b25b5be76a08ae4c8d81a4438274f667c6d
fe24842c4304ac9d909cedae2f902efea6723ec17da062a9794279fa9587d3c6
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/detskaya_zubnaya_shchetka_iz_taylanda_kodomo_lion_kodomo_professional_toothbrush_9-12_let.jpg?itok=uMzHServ HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 6026
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Dec 2020 20:33:32 GMT
ETag: "178a-5b59545f51f00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskie_kapsuly_dlya_lecheniya_prostudy_i_grippa_fa_talay_dzhon_fah_talai_jone_kongka_herb_tailand.jpg?itok=9ZHzpDqz
200 OK 9.3 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskie_kapsuly_dlya_lecheniya_prostudy_i_grippa_fa_talay_dzhon_fah_talai_jone_kongka_herb_tailand.jpg?itok=9ZHzpDqz
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 250x250, components 3\012- data
Hash 2a847148c7da573cd33987a396e7db09
7c05e254334c8014260599f24e76029ee8830d5e
c5b2c09bb7d4a64541d53b9188a9555b41b9bb05014f953429e2f46d4917bd3d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskie_kapsuly_dlya_lecheniya_prostudy_i_grippa_fa_talay_dzhon_fah_talai_jone_kongka_herb_tailand.jpg?itok=9ZHzpDqz HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 9272
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 28 Mar 2020 09:20:16 GMT
ETag: "2438-5a1e6b9d75400"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_razogrevayushchiy_anticellyulitnyy_slim_krem_hot._isme_120_ml.jpg?itok=GVQlYBw-
200 OK 18 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_razogrevayushchiy_anticellyulitnyy_slim_krem_hot._isme_120_ml.jpg?itok=GVQlYBw-
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 286x286, components 3\012- data
Hash 1e78e56516939dff3f555c2fad782510
494b8a345d76a2660716cfc538673c683ae25f6b
81b896efe84ef2f5d455d63467de6bc2aad1630cecafc0a7293e9867e9a92286
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_razogrevayushchiy_anticellyulitnyy_slim_krem_hot._isme_120_ml.jpg?itok=GVQlYBw- HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 17552
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 17 Oct 2021 09:54:34 GMT
ETag: "4490-5ce896a5eea80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/427-1.jpg?itok=NoT-WB24
200 OK 26 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/427-1.jpg?itok=NoT-WB24
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash cd33da44252e73af14d3c280c351212f
4ce93af84c2f14646d7c49fbff0e4b292e5b37ce
ccf729983167f9dca94fd711fa726e84cd9515487b1b1d05ddf0a9c52139113a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/427-1.jpg?itok=NoT-WB24 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 25882
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 12:21:05 GMT
ETag: "651a-58097d3c6ee40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_kondicioner_protiv_vypadeniya_volos_kokliang.jpg?itok=0JaQUoAA
200 OK 17 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_kondicioner_protiv_vypadeniya_volos_kokliang.jpg?itok=0JaQUoAA
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 452x452, components 3\012- data
Hash 44cd88a495601935eb23c4d7fa4ea855
35b75d292707f19f770fff86b413157f86bf1944
a3750ded12e1b8eee2836765ed325f973d0e490d389593e8a2a891b014e6ebea
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_travyanoy_kondicioner_protiv_vypadeniya_volos_kokliang.jpg?itok=0JaQUoAA HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 16729
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:32:59 GMT
ETag: "4159-58096512e6cc0"
Accept-Ranges: bytes
www.googletagmanager.com/gtag/js?id=G-WJ3HHSHB91&l=dataLayer&cx=c
200 OK 80 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=G-WJ3HHSHB91&l=dataLayer&cx=c
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash d76de21c8dc9593ff0854026db4bfb13
7309f861e4f7898aed92f8e32eae36ad684e77cf
a998efab4b2e1134d921450a533afa51c0a77bdb960023bcf4189a8b35f8e747
GET /gtag/js?id=G-WJ3HHSHB91&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 17:39:18 GMT
expires: Fri, 01 Dec 2023 17:39:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79473
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_baktericidnyy_krem_ot_gerpesa_payayor_na_osnove_prirodnyh_trav.jpg?itok=B0lIpGqv
200 OK 35 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_baktericidnyy_krem_ot_gerpesa_payayor_na_osnove_prirodnyh_trav.jpg?itok=B0lIpGqv
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 09ef1d61f93bbf2f566886f216103c7b
60978735e9eb612e3301c676332d277ca75097ab
2b4e355bdb69b9ef66023e8084553ee659ae0b09529076e206cee064dec21ca2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_baktericidnyy_krem_ot_gerpesa_payayor_na_osnove_prirodnyh_trav.jpg?itok=B0lIpGqv HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 34570
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:36:47 GMT
ETag: "870a-580965ec56dc0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_tigrovyy_balzam_tiger_thai_balm_banna_50_gr.jpg?itok=a-82IpuL
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_tigrovyy_balzam_tiger_thai_balm_banna_50_gr.jpg?itok=a-82IpuL
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 250x250, components 3\012- data
Hash e3a6053d33e1f6fd3b06b83a194e34b5
cc86568cd10dea6694017c9af0075cc7e7fb16e9
264656242a7831eb4e9904d35bcbd052d4d929b9e8abbd9b6cdb8c1647d2cd70
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_tigrovyy_balzam_tiger_thai_balm_banna_50_gr.jpg?itok=a-82IpuL HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 12670
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sat, 28 Nov 2020 18:50:17 GMT
ETag: "317e-5b52f3f800c40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_173110695_246823176805005_2667203018726374579_n.jpg?itok=2rA9nU7U
200 OK 15 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_173110695_246823176805005_2667203018726374579_n.jpg?itok=2rA9nU7U
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash 13d80dfd73f03441cebb30c96b7cce3d
0ddd7fa5929112867d4ac95a090a7c7cebc6faa4
b1ee7c1ca2fab47fa422274f3ad1d1703df4a7a7f5266bccd75fb5d85991c7e1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_173110695_246823176805005_2667203018726374579_n.jpg?itok=2rA9nU7U HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 15230
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 11:36:17 GMT
ETag: "3b7e-5d4abedc28e40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/ozbm-630-630.png?itok=zPqL7ZK2
200 OK 184 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/ozbm-630-630.png?itok=zPqL7ZK2
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 480 x 480, 8-bit/color RGBA, non-interlaced\012- data
Size 184 kB (184374 bytes)
Hash d1eb34f2fcccacb9a13a2324e8f72aa4
e221daca0be3624b21a51478706c61bd00e35d1c
82514d8219c2e2baa7805817e12739767649206cb0d1e3035f904325de0ca6e3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/ozbm-630-630.png?itok=zPqL7ZK2 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 184374
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:40:51 GMT
ETag: "2d036-580966d5092c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_131539788_189946882785522_3733736685825021214_n.jpg?itok=IRkG6T5J
200 OK 22 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_131539788_189946882785522_3733736685825021214_n.jpg?itok=IRkG6T5J
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash a2556d9ae523e99ab27391a545e8d095
08565cebaaddb0dbcaeb65cacef230e385e11a72
0a9c38cbe94e18096bd8ca4cd23b81c91f7598a8b57b1ec75c4a808bdfdb253d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_131539788_189946882785522_3733736685825021214_n.jpg?itok=IRkG6T5J HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 22502
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 15:51:58 GMT
ETag: "57e6-5d4af8027a380"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/krem-ozbm.ru__3.png?itok=QCP4iTnH
200 OK 234 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/krem-ozbm.ru__3.png?itok=QCP4iTnH
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 480 x 480, 8-bit/color RGBA, non-interlaced\012- data
Size 234 kB (233963 bytes)
Hash aa3667ded0791dd90d12c8210b6ef20e
28e6bb2554241fcbf8bc18adeb63af8029ef243a
df7483a6ac7ea8f4a701f2ec4e31b9ff0273379450a48cf7ebfe904b4dcbcdae
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/krem-ozbm.ru__3.png?itok=QCP4iTnH HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/png
Content-Length: 233963
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:34:52 GMT
ETag: "391eb-5809657eaab00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_249163721_621252692657729_8391160334901518637_n.jpg?itok=8fS7TzVI
200 OK 9.2 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_249163721_621252692657729_8391160334901518637_n.jpg?itok=8fS7TzVI
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash 55942bfe9899292306f2963e66528a36
ef92f520611a0b8701a22176183e4d4c2a7ec677
78f98338f1ff63491a580291854bd553b3db3e399b9e79862cf20b0c5a706e8d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_249163721_621252692657729_8391160334901518637_n.jpg?itok=8fS7TzVI HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 9161
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 08:37:13 GMT
ETag: "23c9-5d4a96d5e2040"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_254024480_293829929264267_8389148026144999080_n.jpg?itok=euKvVx9g
200 OK 14 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_254024480_293829929264267_8389148026144999080_n.jpg?itok=euKvVx9g
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash faebe311fb9f591fcd4b32a8779b6cda
c2a3f6fbf2611b797dcbdb8aa82106ea5a1c0898
aa9d82756bc03a24779132d554831f3d6a8228a5d61134755eb74a1b55e90933
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_254024480_293829929264267_8389148026144999080_n.jpg?itok=euKvVx9g HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 14377
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 08:37:31 GMT
ETag: "3829-5d4a96e70c8c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_150320830_1845863872245751_1764600235640183077_n.jpg?itok=NYw7True
200 OK 13 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_150320830_1845863872245751_1764600235640183077_n.jpg?itok=NYw7True
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash d99ca2756fb46ead8e50922aeda33b4b
a7863948ab1a9273e88a4d2214e38c091d204323
51c54fac46a62b73d4cd44cfe435d4c8080ff192954190558fc01ad0193eed95
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_150320830_1845863872245751_1764600235640183077_n.jpg?itok=NYw7True HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 12842
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 18:21:37 GMT
ETag: "322a-5d4b197584e40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/43c5e8dd09de5934b638608f026d9393.jpg?itok=HxOKKj9a
200 OK 55 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/43c5e8dd09de5934b638608f026d9393.jpg?itok=HxOKKj9a
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 46ba04964e8f45464845e30a9e6ba96d
62247374fc8bbc36c8c6232367f0c1707ca64df3
cf4f4eacb5c3da2331950f4b025f2dfe696c7564f5ce3527883f84af6724648d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/43c5e8dd09de5934b638608f026d9393.jpg?itok=HxOKKj9a HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 54989
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Sep 2020 20:40:31 GMT
ETag: "d6cd-5ae4687b0adc0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/952a4a42624f7085c204683e79b9a4c9.jpg?itok=SMIY0RIH
200 OK 29 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/952a4a42624f7085c204683e79b9a4c9.jpg?itok=SMIY0RIH
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 452502b995e9322f09aa03d51d85a1a8
75c754d69ecb990db65d3335fc3ca254f7793906
b35e3e1b286ebb348c03f70e999ae793875f84c19521f341275e70075d90edaa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/952a4a42624f7085c204683e79b9a4c9.jpg?itok=SMIY0RIH HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 29246
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 07:51:21 GMT
ETag: "723e-589753b341040"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/34af7d28eb40f0446b83f869c8812c22.jpg?itok=K-37oQny
200 OK 80 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/34af7d28eb40f0446b83f869c8812c22.jpg?itok=K-37oQny
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 69ca0d01842e42fc34301f53268ed8d6
1fffc4b4030b2ca37b29a6995b8224eb56089d66
9c7b8dfe09238a537fc9e4f4515cfbc6e4ad1603ccff2db70d23ad23acc6fbf1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/34af7d28eb40f0446b83f869c8812c22.jpg?itok=K-37oQny HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 80032
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 08 Nov 2022 17:50:43 GMT
ETag: "138a0-5ecf92dd30ff6"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/d0ae3e626de20e56015f00c1b8a09478.jpg?itok=S9gdNozc
200 OK 68 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/d0ae3e626de20e56015f00c1b8a09478.jpg?itok=S9gdNozc
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 817f1d5f5b88bcdfad296e5ac6ac66ec
f3451ac924633cce06b164223a3737c6d4aa965a
1aae41281778776208cebc591d7eb748436ea0852aa19d14859445a375280ac4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/d0ae3e626de20e56015f00c1b8a09478.jpg?itok=S9gdNozc HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 68097
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 Mar 2021 19:33:04 GMT
ETag: "10a01-5bdd4ab0c9c00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_kokliang_protiv_vypadeniya_volos_200_ml_1.jpg?itok=pPZ0_Rz3
200 OK 20 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_kokliang_protiv_vypadeniya_volos_200_ml_1.jpg?itok=pPZ0_Rz3
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 480x480, components 3\012- data
Hash 0c9554eb805ea7ca8bcf9316b3da52b4
37474ab824fd15e8db6ad8dd7f9a2383450e1552
8f1393f590f13510897d57a4d99f5bf85238f9b3dc63c775a1db3fb6080ea28d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/large/public/tayskiy_travyanoy_shampun_kokliang_protiv_vypadeniya_volos_200_ml_1.jpg?itok=pPZ0_Rz3 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 19825
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 10:40:49 GMT
ETag: "4d71-580966d320e40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/3a4e016cd9553aa4faf4e58e4a4b571f.jpg?itok=wbL2Omc_
200 OK 41 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/3a4e016cd9553aa4faf4e58e4a4b571f.jpg?itok=wbL2Omc_
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 80d403b3bf36d06055d8c62ecaf55b2d
3e83a159e8c5c6bef8d1da6f8ddfa724a95d8891
fc59664efa549c4d3824cb97b2f2d19c0a449b2d8666250cebb0d9b6d6119cb1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/3a4e016cd9553aa4faf4e58e4a4b571f.jpg?itok=wbL2Omc_ HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 40892
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 08:48:34 GMT
ETag: "9fbc-5897607d37c80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/6a5df4032ba657c6b43f0153619b9203.jpg?itok=TVClLvWx
200 OK 40 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/6a5df4032ba657c6b43f0153619b9203.jpg?itok=TVClLvWx
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 80698c60daf4f2cdea83ba092be1acde
5b6a28bece3478140caa520a2c373cadfc1c2ded
fe85f7f3302fdeb6da6be53bd14bc144b515cee1acd67281e70ccd641d326b7d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/6a5df4032ba657c6b43f0153619b9203.jpg?itok=TVClLvWx HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 39893
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 16 Aug 2020 21:28:25 GMT
ETag: "9bd5-5ad0555887040"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/96d6f240f59c1dc6da6715569c04fafd.jpg?itok=lPr6idIS
200 OK 43 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/96d6f240f59c1dc6da6715569c04fafd.jpg?itok=lPr6idIS
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 7f454ef88d07ad486fd8dc38cd62fd1d
81325801df0ef3d5ae4aaadfb2114db8f2121b88
c511dd06783411f72962090181c257886c1a15e8712392afe3279149bb6c62fa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/96d6f240f59c1dc6da6715569c04fafd.jpg?itok=lPr6idIS HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 43115
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 14 Aug 2020 16:15:22 GMT
ETag: "a86b-5acd8ba4bda80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/24a7fa9b34574bdaf93c06028ebcd588.jpg?itok=RWxWEHay
200 OK 119 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/24a7fa9b34574bdaf93c06028ebcd588.jpg?itok=RWxWEHay
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Size 119 kB (118983 bytes)
Hash df9f4b404a0e3b0aff71f8b7a845dc40
d5201c9a408ab616cd16d703a73628fe034c641a
2795767000805370997ec60e17cb1655166c8d050a987c40fc40b39f33eccb76
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/24a7fa9b34574bdaf93c06028ebcd588.jpg?itok=RWxWEHay HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 118983
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 09:05:09 GMT
ETag: "1d0c7-589764321fb40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/0dc56356b27654d6198f13b7f3253a61.jpg?itok=A3j3I6L7
200 OK 79 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/0dc56356b27654d6198f13b7f3253a61.jpg?itok=A3j3I6L7
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 8a4ea03937f6acc7bc0d42eed20d39ed
534d3c243cf6dda80faec6d35066ae56c9696371
7fa1118ddc1868ceab8264dacd0a6eda837f6a579c7220ce391a35570135b3a7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/0dc56356b27654d6198f13b7f3253a61.jpg?itok=A3j3I6L7 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 79021
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 09:27:24 GMT
ETag: "134ad-5897692b47700"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/1c7c5254d3224c111980993ef6762309.jpg?itok=nO6OlREZ
200 OK 47 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/1c7c5254d3224c111980993ef6762309.jpg?itok=nO6OlREZ
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash ba47a872360327d2257f65021a9bc0d2
1b6e491eb2b8057e1d093b3926d1ecc80875b2f3
4075a3a9182469f449cd9c176f6d31e21407cac9323c79d4d7e52a4776d1febd
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/1c7c5254d3224c111980993ef6762309.jpg?itok=nO6OlREZ HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 46841
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 20 May 2019 11:31:55 GMT
ETag: "b6f9-58950145420c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/013a02cc2669b08e309371a879b0b32a.jpg?itok=0wCMZ9pZ
200 OK 68 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/013a02cc2669b08e309371a879b0b32a.jpg?itok=0wCMZ9pZ
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 700ec924a3ee69d2ecb8ddb06334d302
1e34ecada24385f23844dc2cea95f4d7505861c5
5a8a73e1aa15a4c82a4aa2e7f4c70033f47eb650bab7eb87650e26601a0a6d4a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/013a02cc2669b08e309371a879b0b32a.jpg?itok=0wCMZ9pZ HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 68493
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Fri, 04 Dec 2020 18:50:16 GMT
ETag: "10b8d-5b5a7f27d0a00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/30fc7ed139ccd134b5ebd1a76e7290dd.jpg?itok=is4VtL8W
200 OK 122 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/30fc7ed139ccd134b5ebd1a76e7290dd.jpg?itok=is4VtL8W
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Size 122 kB (122000 bytes)
Hash ba392403c4db2eb19b6aa61431a40ac1
d0676682fec169ce136dfaccd51e70c5b2bdb82a
02ff23681e1de78ece3739d1df16a79c52464c87d15906dc7e516db880c8cc01
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/30fc7ed139ccd134b5ebd1a76e7290dd.jpg?itok=is4VtL8W HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:18 GMT
Content-Type: image/jpeg
Content-Length: 122000
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 08:50:03 GMT
ETag: "1dc90-589760d2184c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/462077150015fe7c74f8252041d0511d.jpg?itok=uAFhGepI
200 OK 56 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/462077150015fe7c74f8252041d0511d.jpg?itok=uAFhGepI
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 97f5b50f173d55b19ed4aa9d29671233
96fd78c3167c6d3c0dd80f37e5a28c3a6a8ce292
e7605142923743c8e2053386da8bd0bc9e0bd747161138a5e81271da514c22b4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/462077150015fe7c74f8252041d0511d.jpg?itok=uAFhGepI HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 56492
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 05 Jan 2021 20:40:45 GMT
ETag: "dcac-5b82d38878d40"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/72d1568821c363828c4a38a0538d9d4f.jpg?itok=Lq05QRgf
200 OK 47 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/72d1568821c363828c4a38a0538d9d4f.jpg?itok=Lq05QRgf
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash f653bc8836998fe4b1e2584f2d68c2de
870fe60422a75f11bb1f9bf878b9e6944c08dd8c
c67e63ed890ccf5b18b87994f150817b28404bf1193f9f575cc7c5bda6a37fee
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/72d1568821c363828c4a38a0538d9d4f.jpg?itok=Lq05QRgf HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 47333
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Sep 2020 21:58:26 GMT
ETag: "b8e5-5aefcaae9e480"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/48c786ada1e323f5c187c33eeedda0d9.jpg?itok=CPtIw7BG
200 OK 66 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/48c786ada1e323f5c187c33eeedda0d9.jpg?itok=CPtIw7BG
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 86635f385abb43c2ec43656f1d9afc39
218997cfaf6dec74bacf199a3179f24b62bda8f8
81e295e98936e95b7a30ec3bc8564a6f4bc7158be38be3653cbdd388b103d43c
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/48c786ada1e323f5c187c33eeedda0d9.jpg?itok=CPtIw7BG HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 65687
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 09:02:53 GMT
ETag: "10097-589763b06c940"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/8820b5f5708876ffebac84f6a350a0ac.jpg?itok=k0TMMIfu
200 OK 47 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/8820b5f5708876ffebac84f6a350a0ac.jpg?itok=k0TMMIfu
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash ccf1b5aab03e481194c72ae0061ea293
7e54e2100bced445e30a97157b630dab75d16027
e2d382d70da48b1644033874c535c131172b9ca3cdc1f4fcdba63251a6be59e4
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/8820b5f5708876ffebac84f6a350a0ac.jpg?itok=k0TMMIfu HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 47313
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 25 Aug 2020 18:43:46 GMT
ETag: "b8d1-5adb815453c80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/3cfabd77948f89226dad6e519b688f51.png?itok=MITISA44
200 OK 324 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/3cfabd77948f89226dad6e519b688f51.png?itok=MITISA44
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size 324 kB (324164 bytes)
Hash 467c106dbb9b5ce6a707ba440f5a2c16
1ea1b9b2a7a433b2d5fc5bed5ccb608e9594e59c
9a99f97f736f862745057edec7019fe122304ca8a363916acef39f11d3eacdb3
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/3cfabd77948f89226dad6e519b688f51.png?itok=MITISA44 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/png
Content-Length: 324164
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 21 May 2023 11:17:14 GMT
ETag: "4f244-5fc324bd5480c"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/e657e31379c4e3c2cc68ea1e13ad3186.jpg?itok=xeErv1hc
200 OK 64 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/e657e31379c4e3c2cc68ea1e13ad3186.jpg?itok=xeErv1hc
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 227380105436185a45a8c07ecb694213
7d45e53c81d8144493ee3936ceb575961a76ad0a
858820ad571a24cfb0121c81feb8fd9b399d1d4e006d3d53f2240458eb3fbef8
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/e657e31379c4e3c2cc68ea1e13ad3186.jpg?itok=xeErv1hc HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 63617
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 06 Jun 2019 14:25:51 GMT
ETag: "f881-58aa87daa39c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/30dc42932ef4f47732e6b1391585714a.jpg?itok=3xHfJn4r
200 OK 40 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/30dc42932ef4f47732e6b1391585714a.jpg?itok=3xHfJn4r
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 1e0cca8de6ebf4e44f1a69f9919f456b
90d642b9d5926db236b8806378630588a59d4498
e2ce532940e21b3a84f630bda56c60a41345e9200873c2018b3bd3e085fe6b4a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/30dc42932ef4f47732e6b1391585714a.jpg?itok=3xHfJn4r HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 40461
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 08:54:05 GMT
ETag: "9e0d-589761b8e2540"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/a3bfc685bc016c53a1cddd5bc0d420f2.jpg?itok=najGzh0R
200 OK 78 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/a3bfc685bc016c53a1cddd5bc0d420f2.jpg?itok=najGzh0R
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 39386fd08d29e627af205606b465ed29
22bf5ac4a8e3c77466843948877bc5c32f9caf04
a13b448473d3dbf70c7a9e16139e8a5589a0b3139272896afcd2c8b4f71cdf17
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/a3bfc685bc016c53a1cddd5bc0d420f2.jpg?itok=najGzh0R HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 77944
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 04 Oct 2022 13:01:38 GMT
ETag: "13078-5ea350f878131"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/effcce1c71ab2c6e47bd1fda7dda79f8.jpg?itok=-J3UIYnZ
200 OK 89 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/effcce1c71ab2c6e47bd1fda7dda79f8.jpg?itok=-J3UIYnZ
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 1aac4f0744bf78439ed593f374d804ff
9c198b48c50ceda24353afc38c3c2ff07546afdc
8c73573d6eadee5f513623e49a063f4e47384fb5a9d845dd8e734b3ea08c2826
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/effcce1c71ab2c6e47bd1fda7dda79f8.jpg?itok=-J3UIYnZ HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 88691
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 21:03:02 GMT
ETag: "15a73-5c009305a0d80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/fa45e3930deec0554b118171b57dfdff.jpg?itok=XrgeA17k
200 OK 40 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/fa45e3930deec0554b118171b57dfdff.jpg?itok=XrgeA17k
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 7daa35c54fdab5a0be0d4b84670a6385
5e2f32ef6ea40b5ef7e65cdad973c8652e2933ce
07f6868b537d423902f415d828158d589f5b6ba60745104ae7a229002675d735
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/fa45e3930deec0554b118171b57dfdff.jpg?itok=XrgeA17k HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 40466
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 20 May 2019 11:54:42 GMT
ETag: "9e12-5895065cee480"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/bb8d9d932d2a8c85ecc6a99decb0b6a1.jpg?itok=7lUlvQKe
200 OK 89 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/bb8d9d932d2a8c85ecc6a99decb0b6a1.jpg?itok=7lUlvQKe
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 2f94238ca02318c0c7879ac249364da7
f63fcfb92f6b84eca7730fb84251a329ca7fca85
6dbf06dca99e43ee259f6623416000069e1cf19e0dac7de1a427d10c256faa36
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/bb8d9d932d2a8c85ecc6a99decb0b6a1.jpg?itok=7lUlvQKe HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 88626
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 08:20:44 GMT
ETag: "15a32-58975a4494f00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/3727fe306354a0cb260e93b870456414.jpg?itok=I0WRPCm6
200 OK 66 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/car_blog_512_x_512/public/blog_images/3727fe306354a0cb260e93b870456414.jpg?itok=I0WRPCm6
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 512x512, components 3\012- data
Hash 5414cb6df954c3754665da26d35c655c
a01baf9e89b2621110b981db9b9f070ada02078f
45100ddf4c967bd82e1aad917a3891353db44bf38f10cf777ff999f5fb9c769d
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/car_blog_512_x_512/public/blog_images/3727fe306354a0cb260e93b870456414.jpg?itok=I0WRPCm6 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 66297
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 22 May 2019 08:51:56 GMT
ETag: "102f9-5897613ddc300"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_95195698_674682333102292_468045538809923012_n.jpg?itok=Q9qUygjK
200 OK 20 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_95195698_674682333102292_468045538809923012_n.jpg?itok=Q9qUygjK
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash 4196295ba8b568c21f1873f357b7432b
dc0289610ebebb8d6acb0fcb64333400a5d2eaa5
47cbd3bef0674b7961c3ccc6557b9ecaa0234245c8530b8d8c2a0fc84fbe6c4a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_95195698_674682333102292_468045538809923012_n.jpg?itok=Q9qUygjK HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 20200
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 09:55:32 GMT
ETag: "4ee8-5d4aa85732d00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_175889312_4535529259797036_8499718295013717810_n.jpg?itok=tfVcH4qE
200 OK 16 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_175889312_4535529259797036_8499718295013717810_n.jpg?itok=tfVcH4qE
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash 161d97a285d2757f0fc4d12c8e8aa882
f39a0e1e945c8f23a9fef3f66585ec85008ca836
0aa446b60c6d3aad60393d357dedd1e1b499f633998f0ac78e824cb8a69c4124
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_175889312_4535529259797036_8499718295013717810_n.jpg?itok=tfVcH4qE HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 15531
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 08:54:06 GMT
ETag: "3cab-5d4a9a9bf4780"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_163385841_1528655230664438_3544439473615642714_n.jpg?itok=svq0Yjew
200 OK 15 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_163385841_1528655230664438_3544439473615642714_n.jpg?itok=svq0Yjew
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash c755a83e463928414712b351484a1c9b
ba3baa2f46d8743dc6c341c04c7de9b7687565f3
d453fc533a78d22879d8290898e4705649823b93d0137a81ba449257448b65aa
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_163385841_1528655230664438_3544439473615642714_n.jpg?itok=svq0Yjew HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 15428
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 10:35:14 GMT
ETag: "3c44-5d4ab136d9c80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/tayskaya_kosmetika_ozbm.ru_-_naturalnaya_produkciya_vysshego_kachestva_vse_v_nalichii_po_horoshim_cenam_0.jpg
200 OK 277 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/tayskaya_kosmetika_ozbm.ru_-_naturalnaya_produkciya_vysshego_kachestva_vse_v_nalichii_po_horoshim_cenam_0.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x951, components 3\012- data
Size 277 kB (276916 bytes)
Hash 958926b356982c9817d17ad50abad8eb
194cc0270f8b7662af6a730d11c15b8657b2910c
a59eeb5666409dabd751c26d3d31a36bd46b98d50cad4ae99e5539cd2619b5c5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/tayskaya_kosmetika_ozbm.ru_-_naturalnaya_produkciya_vysshego_kachestva_vse_v_nalichii_po_horoshim_cenam_0.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 276916
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 20 May 2019 09:01:23 GMT
ETag: "439b4-5894df9fabec0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_192656309_506003780835679_857744416459495425_n.jpg?itok=Dub3a2XD
200 OK 16 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_192656309_506003780835679_857744416459495425_n.jpg?itok=Dub3a2XD
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash 022f8aa9fc91ec1638047a27b1303b7d
c0801b160709dbe7626f973b9681faf69eefb679
88fc7258e50f9fab931e6d56c3de9e49d5eb1cab7f483fc8a9ab28f80eb4c533
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_192656309_506003780835679_857744416459495425_n.jpg?itok=Dub3a2XD HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 15809
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 04 Jan 2022 08:40:21 GMT
ETag: "3dc1-5d4bd966a2740"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_147858305_271015637705430_415557101002781654_n.jpg?itok=ZpQbVAk4
200 OK 15 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_147858305_271015637705430_415557101002781654_n.jpg?itok=ZpQbVAk4
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash c54b08438a347bde00e6d9a337e080cb
1bf1b786df8f6545d5864f1f46b64a3fbba43a4c
a1e59d37c9d21319be3a2707cb09f3dc16a18dc569a3afb092d8c199d886b106
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_147858305_271015637705430_415557101002781654_n.jpg?itok=ZpQbVAk4 HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 14924
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 09:59:34 GMT
ETag: "3a4c-5d4aa93dfcd80"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_129717720_310445696758015_5088152924354208824_n.jpg?itok=QYvE40mD
200 OK 17 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_129717720_310445696758015_5088152924354208824_n.jpg?itok=QYvE40mD
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash 5d666a7c36446d9ca2889247453176f9
8849503c3db4a050d0a263cb4de6e58d0945c165
db8a54ffb444a6cb8d6012adb2fbf091e9a2aa9ab56cd4d5022f1e65b2a21304
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_129717720_310445696758015_5088152924354208824_n.jpg?itok=QYvE40mD HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 16662
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 09:00:43 GMT
ETag: "4116-5d4a9c16904c0"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_236092760_2806718059619200_1534450311755080293_n.jpg?itok=BEJXBWFg
200 OK 22 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/styles/insta_widget/public/ozbm.ru_236092760_2806718059619200_1534450311755080293_n.jpg?itok=BEJXBWFg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 220x200, components 3\012- data
Hash 34445a9ce34a3df0df8ef53b22755dd8
cd73ce1a7e37bff3a93244d540922f84b93a0465
f23fa87827d03b866c4c24b59bce002d5984ac4a76a372278947c03245842d82
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/styles/insta_widget/public/ozbm.ru_236092760_2806718059619200_1534450311755080293_n.jpg?itok=BEJXBWFg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 22025
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 03 Jan 2022 09:56:07 GMT
ETag: "5609-5d4aa87893bc0"
Accept-Ranges: bytes
hannums.wikaba.com/i/paper_back.png
200 OK 23 kB URL GET HTTP/1.1 hannums.wikaba.com/i/paper_back.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 300 x 300, 8-bit colormap, non-interlaced\012- data
Hash 9f4bfc28ab459e9eb317f7fa6ccbbf5a
b561af9c1e17763dcaed2c045f07f2ee4fe0ce37
173ad1e63d957a270abb9bf6d6083933f3a777284daf6e59a5a2a0ee8cb15af2
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/paper_back.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/png
Content-Length: 22644
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 20:12:18 GMT
ETag: "5874-5809e68faac80"
Accept-Ranges: bytes
hannums.wikaba.com/i/map_icon.png
200 OK 3.3 kB URL GET HTTP/1.1 hannums.wikaba.com/i/map_icon.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 34 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash b33b610b96ca0141dad6bce14bc6d39c
71358ca8229a32ffed0b03ff44803f32f6188861
270ea971ebec631f21f98b7669d2f4a69e0d8000be7c45604d46ad64ce570794
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/map_icon.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/png
Content-Length: 3320
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Wed, 30 Jan 2019 12:50:10 GMT
ETag: "cf8-580ac59a0e480"
Accept-Ranges: bytes
hannums.wikaba.com/sites/all/modules/fivestar/widgets/basic/star.png
200 OK 587 B URL GET HTTP/1.1 hannums.wikaba.com/sites/all/modules/fivestar/widgets/basic/star.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 16 x 48, 8-bit colormap, non-interlaced\012- data
Hash 59940156a86c1dfa62cbf68a3205dac2
63b4fbf5e2f6faaedd5ce14430bf451891aa4f10
b173dbf37b6ec8d339892539b434972bf881b906c34861a5359df10df88126d7
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/modules/fivestar/widgets/basic/star.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/modules/fivestar/widgets/basic/basic.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/png
Content-Length: 587
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 26 Jun 2017 04:43:30 GMT
ETag: "24b-552d597b0a080"
Accept-Ranges: bytes
hannums.wikaba.com/i/best.jpg
200 OK 32 kB URL GET HTTP/1.1 hannums.wikaba.com/i/best.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x140, components 3\012- data
Hash e82ee8f87b9375842473a3f7be47b964
ff175fd8cb0dcd7a7252bea2c2c227a139e51d16
93d520b3b1403ec178bf7b48b74079a27ed629acd8bd6e0e107e0c4bafebe939
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/best.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 31674
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 15:24:48 GMT
ETag: "7bba-588c6844b9000"
Accept-Ranges: bytes
fonts.googleapis.com/css?family=PT+Serif:400,400i,700,700i&subset=cyrillic
200 OK 40 kB URL GET HTTP/2 fonts.googleapis.com/css?family=PT+Serif:400,400i,700,700i&subset=cyrillic
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash 5b5bd0db7bdf0ecc687808ad8955b320
8ed8a867218df14024dd4e50787d125f07642c00
fa67b23268426edbeabf418bad1c92f99224a0744ac77fac10fa47c9e72392f5
GET /css?family=PT+Serif:400,400i,700,700i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 17:39:18 GMT
date: Fri, 01 Dec 2023 17:39:18 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hannums.wikaba.com/i/cosm.jpg
200 OK 39 kB URL GET HTTP/1.1 hannums.wikaba.com/i/cosm.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash 7eba3efeda30702927d2c942b90bb8d4
54f9b17e2a12ec70efe2c7534d800f31e6c6c11f
01742c1d095bae668fa5be6d76dda5c4965e9a86b52551a34d60ee0e056904c5
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/cosm.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 38752
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 14:54:27 GMT
ETag: "9760-588c617c14ec0"
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic
200 OK 315 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Size 315 kB (315275 bytes)
Hash 313b6aa7a73d100a2a30a1ae9684e1a7
b31f020fc37632e0ae4d3c37c3688cdf1e0bd504
a896cd6178735766365f24594b17cd046ce8e2959a270ae0a23734f79f3c2370
GET /css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 17:39:18 GMT
date: Fri, 01 Dec 2023 17:39:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hannums.wikaba.com/i/leaf.jpg
200 OK 59 kB URL GET HTTP/1.1 hannums.wikaba.com/i/leaf.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x140, components 3\012- data
Hash fa9c23b26b168d2e4417a572922addb3
24fe548581f98c43d11c0574ea0147d367bac3c1
6f159ffce3e66b09495512192fd9d177618ea353a7137ceae28953155917b829
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/leaf.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 58699
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 13:55:54 GMT
ETag: "e54b-588c5465d2e80"
Accept-Ranges: bytes
hannums.wikaba.com/i/cosm-2.jpg
200 OK 48 kB URL GET HTTP/1.1 hannums.wikaba.com/i/cosm-2.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x300, components 3\012- data
Hash a250bfe5cd74710a46878eef985ef38b
d3aba9b5fce544b53aa87b499442d8fb64caf594
a7b355fb87f20f5e8a244db57262b025ca2d428d6ca63a56f95fbe9f56dab222
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/cosm-2.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 48500
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 16:05:53 GMT
ETag: "bd74-588c717387a40"
Accept-Ranges: bytes
hannums.wikaba.com/i/shop.jpg
200 OK 235 kB URL GET HTTP/1.1 hannums.wikaba.com/i/shop.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1100x400, components 3\012- data
Size 235 kB (235095 bytes)
Hash 3e08e93e58c10708f7259193d5e63d5c
df84cd9096f870dec4058cc8f13b674ad2bd8d05
31b6b2f9efeb5dc7c8e9eedf10ebfc1b510298281fc9ba80e7a97caf92d98ea1
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/shop.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 235095
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 15:10:39 GMT
ETag: "39657-588c651b0d9c0"
Accept-Ranges: bytes
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Hash e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 14:58:12 GMT
expires: Thu, 28 Nov 2024 14:58:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 182467
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
200 OK 27 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 26640, version 1.0\012- data
Hash 2a5269c4257ebafd1110c7a7ca52a893
6d62fe7e6727de10721018e131ed30c6835f6bab
a1f50e52a7fda97827e6e3d2cd3bb2788a68a78296728fa2592be8e89d54b5b8
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26640
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:48:47 GMT
expires: Thu, 28 Nov 2024 21:48:47 GMT
cache-control: public, max-age=31536000
age: 157832
last-modified: Thu, 14 Sep 2023 01:00:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Hash e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 14:58:12 GMT
expires: Thu, 28 Nov 2024 14:58:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 182467
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 48 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Hash e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 14:58:12 GMT
expires: Thu, 28 Nov 2024 14:58:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
age: 182467
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
200 OK 27 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 26640, version 1.0\012- data
Hash 2a5269c4257ebafd1110c7a7ca52a893
6d62fe7e6727de10721018e131ed30c6835f6bab
a1f50e52a7fda97827e6e3d2cd3bb2788a68a78296728fa2592be8e89d54b5b8
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26640
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:48:47 GMT
expires: Thu, 28 Nov 2024 21:48:47 GMT
cache-control: public, max-age=31536000
age: 157832
last-modified: Thu, 14 Sep 2023 01:00:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
200 OK 35 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 35120, version 1.0\012- data
Hash dd986ff1050050613be051863773d677
51a12487fd51cc02ca54a984f82d63318807ca2e
d9784dbf11886ea032ffbd00f499d333519babe001eacc19df7ab89de17bec47
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35120
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Nov 2023 21:36:44 GMT
expires: Wed, 27 Nov 2024 21:36:44 GMT
cache-control: public, max-age=31536000
age: 244955
last-modified: Thu, 14 Sep 2023 01:03:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ptserif/v18/EJRVQgYoZZY2vCFuvAFWzr8.woff2
200 OK 33 kB URL GET HTTP/2 fonts.gstatic.com/s/ptserif/v18/EJRVQgYoZZY2vCFuvAFWzr8.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 33116, version 1.0\012- data
Hash 48b1fa647f5ccfa511cc07a10fc22e55
12e1e0d36983a8d900bc66b4784a6f9b9ace4b60
4271064a37f3ffc0aac5f3806db8a72acc23e19447d1804e4e80d8796cbf6330
GET /s/ptserif/v18/EJRVQgYoZZY2vCFuvAFWzr8.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33116
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 14:58:14 GMT
expires: Thu, 28 Nov 2024 14:58:14 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:52:25 GMT
content-type: font/woff2
age: 182465
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ptserif/v18/EJRVQgYoZZY2vCFuvAFSzr-tdg.woff2
200 OK 22 kB URL GET HTTP/2 fonts.gstatic.com/s/ptserif/v18/EJRVQgYoZZY2vCFuvAFSzr-tdg.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 22084, version 1.0\012- data
Hash cf40f5ee5e5f53f41a081ed4cdf72f13
08bdcbefd1893a139917da62e78c9a56b00762d2
089baa8e2efa0d4452f21704412d6f34aad7060c3aaa69cc7e661610f4048673
GET /s/ptserif/v18/EJRVQgYoZZY2vCFuvAFSzr-tdg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22084
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 01:33:35 GMT
expires: Fri, 29 Nov 2024 01:33:35 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 16:04:05 GMT
content-type: font/woff2
age: 144344
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
200 OK 30 kB URL GET HTTP/2 fonts.gstatic.com/s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 29588, version 1.0\012- data
Hash cd87c62c9c9c1728e4ce6069e20b1104
0480db0094dec698acf12620a246bd9134766119
bf23a7a4eebedbb87d4084a69496b29815914a18e339a00f5dc73a03c9c9328f
GET /s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29588
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 23:42:18 GMT
expires: Tue, 26 Nov 2024 23:42:18 GMT
cache-control: public, max-age=31536000
age: 323821
last-modified: Tue, 02 May 2023 15:28:35 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qWVyvHpA.woff2
200 OK 21 kB URL GET HTTP/2 fonts.gstatic.com/s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qWVyvHpA.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 20904, version 1.0\012- data
Hash 42550cab979c11daaeba81f0261fe14b
0a0189e1b342a4c124d2a8d8890b76bd7f9ba874
acf9911eaa381e18fbd67241d47323ca848dfa1fe1fd0e1c02ba90e319809649
GET /s/ptserif/v18/EJRSQgYoZZY2vCFuvAnt66qWVyvHpA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 20:16:30 GMT
expires: Thu, 28 Nov 2024 20:16:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:31:10 GMT
content-type: font/woff2
age: 163369
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/fonts/glyphicons-halflings-regular.woff2
200 OK 18 kB URL GET HTTP/3 cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/fonts/glyphicons-halflings-regular.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
GET /npm/bootstrap@3.4.1/dist/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 18028
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 3.4.1
x-jsd-version-type: version
etag: W/"466c-yjW2l9mcrk0bYPLWD803dxmH6wc"
accept-ranges: bytes
date: Fri, 01 Dec 2023 17:39:19 GMT
age: 3940207
x-served-by: cache-fra-etou8220062-FRA, cache-bma1662-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
200 OK 35 kB URL GET HTTP/2 fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 35120, version 1.0\012- data
Hash dd986ff1050050613be051863773d677
51a12487fd51cc02ca54a984f82d63318807ca2e
d9784dbf11886ea032ffbd00f499d333519babe001eacc19df7ab89de17bec47
GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35120
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Nov 2023 21:36:44 GMT
expires: Wed, 27 Nov 2024 21:36:44 GMT
cache-control: public, max-age=31536000
age: 244955
last-modified: Thu, 14 Sep 2023 01:03:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.woff2
200 OK 74 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 74316, version 329.30932\012- data
Hash 52134b924fd61958f88323845deffc64
cfccdf2c8be593220ea949989a5abc0b380ea2ac
658cf43db24e9d4c57890e958aa74656a13139754de24f19e706f0a355279e4d
GET /releases/v5.7.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:39:19 GMT
content-type: font/woff2
content-length: 74316
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "52134b924fd61958f88323845deffc64"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2BnsiYaqMDmECTOC7hpnzjU%2FX9t%2ByltsOAT1WX%2FIK9ZndVIU%2BYdoSm2QEVFE8%2BE5k0oZsDmoGVfswW1iaC%2Bw3YKNsWYZGvWEEMSYjrSWtl7EV8phQzlRL6M%2FBKymNa8NnaDQ%2FACk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ed1bdf0fd576a4-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
hannums.wikaba.com/i/beach-transparent.png
200 OK 21 kB URL GET HTTP/1.1 hannums.wikaba.com/i/beach-transparent.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 373 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash eebf1e320392d3481403afce79e8bd3a
8bfef817a8997a3e01f3b1d0a6c9557851100eee
ee5bbfa864ebc6c96d0c27f8f3f87bbad3eda524f05eb2f4cc5a101daf99fd47
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/beach-transparent.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/png
Content-Length: 20976
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 29 Jan 2019 21:32:04 GMT
ETag: "51f0-5809f863f3d00"
Accept-Ranges: bytes
hannums.wikaba.com/sites/all/libraries/slick/slick/fonts/slick.woff
200 OK 1.4 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/slick/slick/fonts/slick.woff
IP
Requested by http://hannums.wikaba.com/
File type Web Open Font Format, CFF, length 1380, version 1.0\012- data
Hash b7c9e1e479de3b53f1e4e30ebac2403a
af91c12f0f406a4f801aeb3b398768fe41d8f864
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/slick/slick/fonts/slick.woff HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/libraries/slick/slick/slick-theme.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: application/font-woff
Content-Length: 1380
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Oct 2017 07:49:28 GMT
ETag: "564-55a9fbb0c5200"
Accept-Ranges: bytes
hannums.wikaba.com/sites/all/libraries/slick/slick/ajax-loader.gif
200 OK 4.2 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/all/libraries/slick/slick/ajax-loader.gif
IP
Requested by http://hannums.wikaba.com/
File type GIF image data, version 89a, 32 x 32\012- data
Hash c5cd7f5300576ab4c88202b42f6ded62
7a1aa43614396382bb15e5fde574d9cdcd21698f
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/all/libraries/slick/slick/ajax-loader.gif HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/libraries/slick/slick/slick-theme.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/gif
Content-Length: 4178
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Oct 2017 07:49:28 GMT
ETag: "1052-55a9fbb0c5200"
Accept-Ranges: bytes
hannums.wikaba.com/i/delivery.jpg
200 OK 322 kB URL GET HTTP/1.1 hannums.wikaba.com/i/delivery.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x400, components 3\012- data
Size 322 kB (322285 bytes)
Hash 97fc91b56b5db56bbc0e6d53446a7e32
805a0f9dfc48b0987ce8de8aa7d1ba0c4230d3a4
aa4322dac27a672759ea6af41b54e28f87a74d7389e54ce5360890f3b6b70717
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/delivery.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 322285
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14 May 2019 08:28:34 GMT
ETag: "4eaed-588d4d191f080"
Accept-Ranges: bytes
hannums.wikaba.com/sites/default/files/ozbm_favicon.png
200 OK 1.9 kB URL GET HTTP/1.1 hannums.wikaba.com/sites/default/files/ozbm_favicon.png
IP
Requested by http://hannums.wikaba.com/
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash b0208bea61e718788d8197872ebfb33f
60ab97e4a40fc06d10cc442c3f668c0da196a152
f8d7f1f77074609a92f4adbcf3a76ef643f3b4659a14ceae092597d9972c1512
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /sites/default/files/ozbm_favicon.png HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:20 GMT
Content-Type: image/png
Content-Length: 1882
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Sun, 10 Mar 2019 07:36:59 GMT
ETag: "75a-583b885689cc0"
Accept-Ranges: bytes
use.fontawesome.com/releases/v5.7.0/webfonts/fa-brands-400.woff2
200 OK 72 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.0/webfonts/fa-brands-400.woff2
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 72120, version 329.30932\012- data
Hash ae990e80be9a9904db60b0d3d06adbc1
d9e9c4775f4910f9fae04600d9dab922848098cf
ed7514b6c3a5fdc386bff4dcccaee5e0c72e83cf31f90ff5ac4fb70e33fb6857
GET /releases/v5.7.0/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:39:20 GMT
content-type: font/woff2
content-length: 72120
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "ae990e80be9a9904db60b0d3d06adbc1"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EozjDDOiTSViWmt3pSwCtom4ufp12NAJGrphsGBPOdlFbBwwZjHLdDP%2BfVG%2F7LuObyh6IXmrDJj5xpDI5Afif1n68kysF9fjyM8%2FM%2F2AeRTB839dNYpjMPK%2BtCoLQFNKG0M1VmdX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ed1bdf2ff076a4-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
hannums.wikaba.com/i/leaf-full.jpg
200 OK 314 kB URL GET HTTP/1.1 hannums.wikaba.com/i/leaf-full.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1200x340, components 3\012- data
Size 314 kB (314196 bytes)
Hash fe889eba4b9c645babd83580f99a24a3
34ec1915039ee0241912f867c2b87d70cb042b83
20d42ec70598ac6c088d50c622a3e42f4cafbf01b6ab8309b1ec53b118892a79
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/leaf-full.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 314196
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 14:17:12 GMT
ETag: "4cb54-588c59289ea00"
Accept-Ranges: bytes
hannums.wikaba.com/i/beach.jpg
200 OK 39 kB URL GET HTTP/1.1 hannums.wikaba.com/i/beach.jpg
IP
Requested by http://hannums.wikaba.com/
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x140, components 3\012- data
Hash 668dde71cc9e3d5466fc420f1cf76fe1
995752037c07cb4f8078be4de1af1a30dd11840f
cc6631a09158f7ea693e79dcac4cc354de3d2e1daf9406430b9260c9cd87804a
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.wikaba .com Domain
GET /i/beach.jpg HTTP/1.1
Host: hannums.wikaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/sites/all/themes/ozbm/css/style.css?rwurij
Cookie: _ga_WJ3HHSHB91=GS1.1.1701452363.1.0.1701452363.0.0.0; _ga=GA1.1.702017165.1701452364
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:39:19 GMT
Content-Type: image/jpeg
Content-Length: 38940
Connection: keep-alive
Keep-Alive: timeout=60
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 May 2019 14:03:16 GMT
ETag: "981c-588c560b59100"
Accept-Ranges: bytes
use.fontawesome.com/releases/v5.7.0/css/all.css
200 OK 55 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.7.0/css/all.css
IP
Requested by http://hannums.wikaba.com/
Certificate IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (54456)
Hash 251d28bd755f5269a4531df8a81d5664
c0f035b41b23c6e8fab735f618aa3cff0897b4f9
afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae
GET /releases/v5.7.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hannums.wikaba.com
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 01 Dec 2023 17:39:18 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"251d28bd755f5269a4531df8a81d5664"
last-modified: Fri, 22 Sep 2023 01:45:47 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XtBA%2B5T2JfZ2aRTTnWLe6LpwJlIbsH2hjeBXF6GyCIlEpu%2FM5m7PwOErbcB15kTBUlp3vcQM1EA6Ks%2FO0wJrGLxoQRm6D%2FcMDNoqfsEYqavhyw6KO2bBeDv%2BwlFOxjyCmyQ5%2FrJA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ed1bd4db6176a4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
oss.maxcdn.com/libs/modernizr/2.6.2/modernizr.min.js?rwurij
0 B URL GET oss.maxcdn.com/libs/modernizr/2.6.2/modernizr.min.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /libs/modernizr/2.6.2/modernizr.min.js?rwurij HTTP/1.1
Host: oss.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
oss.maxcdn.com/libs/modernizr/2.6.2/modernizr.min.js?rwurij
0 B URL GET oss.maxcdn.com/libs/modernizr/2.6.2/modernizr.min.js?rwurij
IP
Requested by http://hannums.wikaba.com/
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /libs/modernizr/2.6.2/modernizr.min.js?rwurij HTTP/1.1
Host: oss.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hannums.wikaba.com/
Pragma: no-cache
Cache-Control: no-cache
91.201.40.28
142.250.74.168
0.0.0.0
0.0.0.0