| shre.su/7VZ2 | 172.67.147.39 | 301 Moved Permanently | 0 B |
IP172.67.147.39:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /7VZ2 HTTP/1.1
Host: shre.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Mar 2023 13:39:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 02 Mar 2023 14:39:58 GMT
Location: https://shre.su/7VZ2
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6yf2Vcc9OvHKHuZslQlpzDxlTAmPo5ZZEa%2FysLyHDFN3rW35wLlTB6xQWdQhO1VP8edbbPy6Yxh64Zza%2F5xcKWKt49gqlNStScfkcpJ8fT0Sx%2BNVH7jhvILG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7a1a0c82dfd2b4f9-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashb44b6d7bebf34d0393567b22a63a93fa a1a85b268bc8073d8e4622ceb78b78a1b39af96a 4b69973af6e9c5a78d94e8661b08d9349176a515e7bfb3386b10ace4c6f1ae21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B69973AF6E9C5A78D94E8661B08D9349176A515E7BFB3386B10ACE4C6F1AE21"
Last-Modified: Tue, 28 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3184
Expires: Thu, 02 Mar 2023 14:33:02 GMT
Date: Thu, 02 Mar 2023 13:39:58 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashcf3bd7bf954753a40867593f59828a19 8812b6b5e4e0725e3a5a7700be3ef0b4c3db4e24 d74374d27bbe6df8c6d8f7da2e5db0e0b07efb07a711131b500bc66a12594b88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D74374D27BBE6DF8C6D8F7DA2E5DB0E0B07EFB07A711131B500BC66A12594B88"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10101
Expires: Thu, 02 Mar 2023 16:28:19 GMT
Date: Thu, 02 Mar 2023 13:39:58 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashbc86ef2a0cee04915bc360f5821adc8f 3658f9028cce204d38f7f48fcfaa2a8e4f54383a aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Retry-After, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Mar 2023 13:12:54 GMT
content-type: application/json
age: 1624
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash8a6910c4b385d6caba875fb44203db1b 848defdfa687238d0127ec3a018dc189a2fbaa86 11f09b2206ce9e486e3d044159c0f0d4bda658e14230ab8f71f136b802b422d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "11F09B2206CE9E486E3D044159C0F0D4BDA658E14230AB8F71F136B802B422D3"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2342
Expires: Thu, 02 Mar 2023 14:19:00 GMT
Date: Thu, 02 Mar 2023 13:39:58 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashb5ba6334e73496995e3e3a9ecd0eb323 ad80d3b7718c28364e8c2004fb38a13a1747e462 aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 0su8BF/tatLXHEVKnL3lbwm4GlqbkALcEl2jOLqm5syqDPxirJ/hU+z/5M/M3SjWKK8NY492HYw=
x-amz-request-id: 9BMH0PP5FZYNKA19
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Mar 2023 13:33:05 GMT
age: 413
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Mar 2023 13:39:58 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 192.229.221.95 | 200 OK | 280 B |
IP192.229.221.95:0
Hashc7c185b5ac3f0523a35398cee41ab105 7ca32b027f90431f1d496dd4e304acc16df7a7cc 7daa99e2054a8b83214dfc434a62003f9be522bef22be246ceeaef9bb0711652
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 155766
Cache-Control: max-age=159921
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:39:59 GMT
Etag: "63fe146a-118"
Expires: Sat, 04 Mar 2023 10:05:20 GMT
Last-Modified: Tue, 28 Feb 2023 14:49:14 GMT
Server: ECAcc (ska/F7A7)
X-Cache: HIT
Content-Length: 280
|
|
| ocsp.digicert.com/ | 192.229.221.95 | 200 OK | 280 B |
IP192.229.221.95:0
Hashc7c185b5ac3f0523a35398cee41ab105 7ca32b027f90431f1d496dd4e304acc16df7a7cc 7daa99e2054a8b83214dfc434a62003f9be522bef22be246ceeaef9bb0711652
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 155766
Cache-Control: max-age=159921
Content-Type: application/ocsp-response
Date: Thu, 02 Mar 2023 13:39:59 GMT
Etag: "63fe146a-118"
Expires: Sat, 04 Mar 2023 10:05:20 GMT
Last-Modified: Tue, 28 Feb 2023 14:49:14 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 280
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Cache-Control, Expires, Alert, Content-Type, Pragma, Retry-After, Last-Modified, Backoff, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Mar 2023 13:12:25 GMT
age: 1654
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash51e95d61b93964116033d39ca29d8e87 f4b94d787ce49da21c28fe7853b1a85d2b9494dc 083c886afce548aad4f54caa7f7766e38d9376d55077d4072dbddbdafa086f85
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "083C886AFCE548AAD4F54CAA7F7766E38D9376D55077D4072DBDDBDAFA086F85"
Last-Modified: Thu, 02 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6551
Expires: Thu, 02 Mar 2023 15:29:10 GMT
Date: Thu, 02 Mar 2023 13:39:59 GMT
Connection: keep-alive
|
|
| push.services.mozilla.com/ | 34.216.140.79 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP34.216.140.79:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9Eq8C+BlOq420yPspLiGeQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k2yMpQ8E8YwRzMi5jd2zWA8FycI=
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 9.2 kB |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashcc51d225abc4038eda4e537cc63e08aa e9b4a0dee5137695b3ba1fc5f568a101ce163842 e1d875736d9298b06a47bef609c4f4c990d8a54711ef37170b50829b798c0344
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8984
Expires: Thu, 02 Mar 2023 16:09:45 GMT
Date: Thu, 02 Mar 2023 13:40:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash16d5f84e59c07ed63d44e8f2b7fb7cdd 13d26cbcc3521c23110ecda9c38b5330de7f82d1 91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8984
Expires: Thu, 02 Mar 2023 16:09:45 GMT
Date: Thu, 02 Mar 2023 13:40:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 64 kB |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash9b5eef666d91ea17e098e6c531e80992 1b55383fcb98baf9c11b7217306c3d3ecbc81784 226d84127403f05c93523c48f85cfbdb25f178744256823fa4f9ff06c229921b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8984
Expires: Thu, 02 Mar 2023 16:09:45 GMT
Date: Thu, 02 Mar 2023 13:40:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.33.119.27 | 200 OK | 503 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash16d5f84e59c07ed63d44e8f2b7fb7cdd 13d26cbcc3521c23110ecda9c38b5330de7f82d1 91aa320b6d0d19587bc36ae8c88457428fed9ab91e18031a5d9a30c49654069e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91AA320B6D0D19587BC36AE8C88457428FED9AB91E18031A5D9A30C49654069E"
Last-Modified: Thu, 02 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8984
Expires: Thu, 02 Mar 2023 16:09:45 GMT
Date: Thu, 02 Mar 2023 13:40:01 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4b6a552-99ee-4553-9f49-e91b95645e26.jpeg | 34.120.237.76 | 200 OK | 14 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4b6a552-99ee-4553-9f49-e91b95645e26.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash25cb830d4f133b58ecf680cadf8801d3 0b832c73eca6a196fe66c4b2f2a95c6440360295 960eef032353ba6c36f7495e1884222536af3c5577e880270be927374738361d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd4b6a552-99ee-4553-9f49-e91b95645e26.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13658
x-amzn-requestid: 66b11a7b-6720-4be4-a874-c52e7e2bc738
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHwNYGLUIAMFrqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc722-1159cbbf3448ee55435d73bf;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:44:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: IbJnp3QbzRlqH6eao_8qRAWnsZ0dsE5HmOn2Q8nNQPgJtyU8HslYCg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5c35539543902c678280929df206948c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 22:19:54 GMT
etag: "0b832c73eca6a196fe66c4b2f2a95c6440360295"
content-type: image/jpeg
age: 55207
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg | 34.120.237.76 | 200 OK | 3.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4726917eabc29a977873ad26e264e70d 4619a0418ee08d6618ead537f31823c98f355b5a d3c6b43d46ccff30f0003a063b6c4c78d4a782262bfdeb138e6c015555ce2dcb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3381
x-amzn-requestid: 8b89e7ab-b8b3-45cd-af3a-cc419e61f1fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A-PNPFynoAMFn8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fbf8ba-616bedc230d1c2b13a09beae;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 00:26:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 20gfRWuEZKeWijeUdUr10sCx8uqri-zpK-KTXBJrZaQOm3V1Gk8KQw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Mar 2023 11:34:31 GMT
age: 7530
etag: "4619a0418ee08d6618ead537f31823c98f355b5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc65f862a-23bb-447f-98c4-c7bdb442e1fe.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc65f862a-23bb-447f-98c4-c7bdb442e1fe.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashdf30be373b0d59ce754af229b2846059 8901a9ae409a2d84b5450599a529d8d27117385f 4fe8e7f3196851316e5cbcaff1f11fd296914ded9bc53ab4c772d99bc8c91905
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc65f862a-23bb-447f-98c4-c7bdb442e1fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10174
x-amzn-requestid: 477ce38b-e948-4349-9da5-699a19a1d41f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHuzAHBkIAMFQZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc4df-3c6ab62d47fe8d794da8ecb7;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: LJ38TALPaoEv_JDm5EZ2gzOwrfsk6OjRmvZu_seMp_ZwZrqargo7jA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 22:19:45 GMT
age: 55216
etag: "8901a9ae409a2d84b5450599a529d8d27117385f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2508da1-4567-4abe-a1fd-fb1112625c4e.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2508da1-4567-4abe-a1fd-fb1112625c4e.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash840d414b9e8187cdc769a303ae74967b 8f41fe3cbb20bd9e66eb39eedd284c2a18a63955 04d7871a2cff1b3a6020907137a7e7bc9b4873adc983ac0ab89d8c0f88ad108e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2508da1-4567-4abe-a1fd-fb1112625c4e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12271
x-amzn-requestid: de545cf0-f4a6-4cd6-81dd-7eb29bf92256
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHu76EA8IAMFiig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc518-7de203e72a78415a0780d6c8;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 4jz6gy6eI6O0Y94NdaLvc36dBI-W-gVcpxA21d8k5s1SuSCl0uXVYw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 21:57:42 GMT
age: 56539
etag: "8f41fe3cbb20bd9e66eb39eedd284c2a18a63955"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1c0168-4740-44b9-9660-75189c0d7b28.jpeg | 34.120.237.76 | 200 OK | 5.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1c0168-4740-44b9-9660-75189c0d7b28.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4620c9948405eff4716c7de8b0d04449 9a94a55a4617248262d589eb2b11a9075e6c874c 021284ada9d5c502588669f8cc96588c358b5e842c0f68dfeaedf1951d008eeb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b1c0168-4740-44b9-9660-75189c0d7b28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5249
x-amzn-requestid: 93d067ee-dc4b-421e-8178-efb03780c978
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHuxKH5joAMFV9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc4d3-4fc9b9ad7439876d36493211;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:34:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: A-0twk3dKt6f9e15kasICwkeDI_WPda131VVl78Veu1EjUcu2I1jFg==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 21:59:10 GMT
age: 56451
etag: "9a94a55a4617248262d589eb2b11a9075e6c874c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F749c9bae-5b66-459e-8826-3e69595a8135.jpeg | 34.120.237.76 | 200 OK | 11 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F749c9bae-5b66-459e-8826-3e69595a8135.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashfb6cf25f51d819358cb2cd6a11c033de eb41ce1c7d4e370d65806c3e33141037c6c5309b 06af18ff07ea35e35e9c527f6ea66aac5ec5b2363825814eaf7859c77ebf8e58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F749c9bae-5b66-459e-8826-3e69595a8135.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11181
x-amzn-requestid: dd1db412-2ebc-4cc6-88ca-279b2c3f3290
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BHusDE8gIAMF4gA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ffc4b3-4554a7d7379751795bf82cf7;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 21:33:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: RPMwfY1mxJgOe3Casd1kabgSVKhxH6SR9hZeGQGs_Ub54qftlY5YXg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Mar 2023 22:30:03 GMT
etag: "eb41ce1c7d4e370d65806c3e33141037c6c5309b"
content-type: image/jpeg
age: 54598
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| shre.su/7VZ2 | 172.67.147.39 | 403 Forbidden | 0 B |
IP172.67.147.39:0
NIDS | Severity | Alert | suricata | medium | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |
GET /7VZ2 HTTP/1.1
Host: shre.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 403 Forbidden
date: Thu, 02 Mar 2023 13:39:58 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHcxLFBoafmOclrKiSaAu9Q%2B4CFAaPs%2B6yUj%2B98ODbR%2BuHxmyWp2PX77%2F%2BrWAszfildbPsTBAg9DZXFrfx7VxepaMQ2I4WrpyeyyTDyZE7X79U7rv%2FCFBWuS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a1a0c847e4b1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit | 104.18.6.185 | 302 Found | 0 B |
URL HTTP/2challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit IP104.18.6.185:0
GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 02 Mar 2023 13:39:59 GMT
cache-control: max-age=300, public
location: /turnstile/v0/g/6756a6af/api.js?onload=_cf_chl_turnstile_l&render=explicit
vary: accept-encoding
server: cloudflare
cf-ray: 7a1a0c86befeb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/g/6756a6af/api.js?onload=_cf_chl_turnstile_l&render=explicit | 104.18.6.185 | 200 OK | 0 B |
URL HTTP/2challenges.cloudflare.com/turnstile/v0/g/6756a6af/api.js?onload=_cf_chl_turnstile_l&render=explicit IP104.18.6.185:0
GET /turnstile/v0/g/6756a6af/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Mar 2023 13:39:59 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a1a0c86ef33b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|