Report - holytek.su/

Report Overview

Visited public
2023-11-27 19:19:43
Tags
URL
holytek.su/
Finishing URL
holytek.su/
IP / ASN
195.208.1.130
#48287 Jsc ru-center
Title
Деревообрабатывающие станки Holytek

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
holytek.su	unknown	2011-04-25	2015-04-04 18:04:06	2023-06-08 23:34:54	7.1 kB	999 kB	195.208.1.130
www.youtube.com	90	2005-02-15	2013-04-13 09:43:20	2023-11-27 05:11:10	790 B	69 kB	142.250.74.46
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-11-27 07:45:33	432 B	34 kB	142.250.74.170
bitrix.info	39143	2002-11-14	2014-07-18 19:10:26	2023-11-27 19:25:16	732 B	3.8 kB	54.76.98.210
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-27 07:14:04	2.1 kB	154 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-27 07:17:39	475 B	4.5 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-27 19:19:27	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:27	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:27	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-27 19:19:29	medium	Client IP	195.208.1.130	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	holytek.su/	ScriptElement	397 B	2024-08-20	2024-08-20
Pretty URL holytek.su/ IP 195.208.1.130 ASN #48287 Jsc ru-center Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:41 Last Seen2024-08-20 17:41 Times Seen1 Hash 33b141196f26e6f9f00d42b4e294eeb3 375cdcbf5b469cc988c792d08dcb4fc6cb084fb3 539ad8452e1337de90822ff13837a1bff2115ff46bd8dabc46be5e64850ff62b Loading...

	bitrix.info/ba.js	ScriptElement	6.7 kB	2023-03-07	2025-05-11
Pretty URL bitrix.info/ba.js IP 54.76.98.210 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-11 03:32 Times Seen1551 Hash 1704091e9eb2522effa5baa97cee26a0 5a4ee9ebe22e0e6c35de6ca6b7f8cbeea40c71d4 897c58672b375fd206d4df4ccd71a3fa3e29f739f4db5251b94895ad015f9710 Loading...

	www.youtube.com/s/player/63e90c30/www-widgetapi.vflset/www-widgetapi.js	ScriptElement	220 kB	2023-11-20	2023-11-28
Pretty URL www.youtube.com/s/player/63e90c30/www-widgetapi.vflset/www-widgetapi.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 23:28 Last Seen2023-11-28 22:50 Times Seen422 Hash fceea776bfd6daf3289ac3c210d34a84 6fa80b3b87143338b648cf35adbda2c2603d9c06 af82cd92cb1df231870f60b847a411fcc4adfffef67f01fff41885828edee2e3 Loading...

	www.youtube.com/player_api	ScriptElement	993 B	2023-11-20	2024-08-20
Pretty URL www.youtube.com/player_api IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 23:28 Last Seen2024-08-20 18:34 Times Seen439 Hash 5eb4fc44b364c555b6ef93b74949e31f 3f3bad529014099f7b460092bde1b19285a1c02b 0de2a176ad08f62d4eb01561e51936094f156760b03746e2f17e69345824f7b2 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 10:02 Times Seen25148 Hash 8101d596b2b8fa35fe3a634ea342d7c3 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Loading...

	holytek.su/bitrix/cache/js/s1/holytek/template_f60063c8e58fc5f74de44164a14b9a54/template_f60063c8e58fc5f74de44164a14b9a54_v1.js?1684143117344582	ScriptElement	345 kB	2023-11-27	2023-11-27
Pretty URL holytek.su/bitrix/cache/js/s1/holytek/template_f60063c8e58fc5f74de44164a14b9a54/template_f60063c8e58fc5f74de44164a14b9a54_v1.js?1684143117344582 IP 195.208.1.130 ASN #48287 Jsc ru-center Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 20:19 Last Seen2023-11-27 20:19 Times Seen1 Hash 4fc6d3012a557863710cdfe1b4aec8d9 12666cd46d0a22bb9ee855fb2b1f558f211ebf14 618fa05eb45313860afc02a5e3415e284e83567a1f5bcbee0ef65f5c47fdec37 Loading...

	holytek.su/	ScriptElement	459 B	2024-08-20	2024-08-20
Pretty URL holytek.su/ IP 195.208.1.130 ASN #48287 Jsc ru-center Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:41 Last Seen2024-08-20 17:41 Times Seen1 Hash bd49b2e2ca0465e14da3e6adfc40bef0 ec99aa32401928d4a0182f5a6b7eef6d88070a37 7c183d9f8370bd77302bf58d94f098281f2c01dd8054af6904a0ac5a8802f337 Loading...

	holytek.su/	ScriptElement	793 B	2024-08-20	2024-08-20
Pretty URL holytek.su/ IP 195.208.1.130 ASN #48287 Jsc ru-center Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 17:41 Last Seen2024-08-20 17:41 Times Seen1 Hash 89399486805c258c2f15263578b23a5a 2108ea0356c1970e4ebdf1081dd6b800ad1e6067 5b9ad714f0cdbdcbe5a371edd53524282b49f1c8c053dcbbceebb025390661dc Loading...

HTTP Transactions (24)

URL IP Response Size

holytek.su/

195.208.1.130

17 kB

URL User Request GET
holytek.su/
IP
195.208.1.130:0
ASN
#48287 Jsc ru-center

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (437), with CRLF, LF line terminators
Size
17 kB (17239 bytes)
Hash
5db047ff8a8e02813de0dbd556c1d9e6
fd4dfb715a40d37bc8a3eef5730360e5deea3407
7e1ba4e5929adf6df90d894558ffb2378c22393ce2abe019f4153693cb58bb8c

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET / HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 17239
Connection: keep-alive
X-Powered-By: PHP/7.4.14
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (08672fc633bc12980422f7d81a499168)
Set-Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df; path=/; domain=holytek.su; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

www.youtube.com/player_api

142.250.74.46

301 Moved Permanently

0 B

URL GET HTTP/1.1
www.youtube.com/player_api
IP
142.250.74.46:80
ASN
#15169 GOOGLE

Requested by
http://holytek.su/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /player_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 27 Nov 2023 19:19:25 GMT
Location: https://www.youtube.com/player_api
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js

142.250.74.170

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
http://holytek.su/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (32086)
Size
33 kB (33434 bytes)
Hash
8101d596b2b8fa35fe3a634ea342d7c3
d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

HTTP Headers

GET /ajax/libs/jquery/1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33434
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Nov 2023 15:37:33 GMT
expires: Fri, 22 Nov 2024 15:37:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 358912
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

holytek.su/bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159

195.208.1.130

200 OK

151 kB

URL GET HTTP/1.1
holytek.su/bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
ASCII text, with very long lines (3261)
Size
151 kB (151159 bytes)
Hash
ae15f671774bca907e17c9aeb6a222a7
326f43d9dbd360af789ec5edc7f80504370a538a
33e3546e66b068a0a0afbe59beb6c25d6fe7293121dc4fe207065dcd3ed7ff0d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159 HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: text/css
Content-Length: 151159
Connection: keep-alive
Last-Modified: Mon, 15 May 2023 09:31:57 GMT
ETag: "6461fc0d-24e77"
Accept-Ranges: bytes

holytek.su/bitrix/cache/js/s1/holytek/template_f60063c8e58fc5f74de44164a14b9a54/template_f60063c8e58fc5f74de44164a14b9a54_v1.js?1684143117344582

195.208.1.130

200 OK

345 kB

URL GET HTTP/1.1
holytek.su/bitrix/cache/js/s1/holytek/template_f60063c8e58fc5f74de44164a14b9a54/template_f60063c8e58fc5f74de44164a14b9a54_v1.js?1684143117344582
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
ASCII text, with very long lines (32377)
Size
345 kB (344582 bytes)
Hash
4fc6d3012a557863710cdfe1b4aec8d9
12666cd46d0a22bb9ee855fb2b1f558f211ebf14
618fa05eb45313860afc02a5e3415e284e83567a1f5bcbee0ef65f5c47fdec37

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /bitrix/cache/js/s1/holytek/template_f60063c8e58fc5f74de44164a14b9a54/template_f60063c8e58fc5f74de44164a14b9a54_v1.js?1684143117344582 HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: application/javascript
Content-Length: 344582
Connection: keep-alive
Last-Modified: Mon, 15 May 2023 09:31:57 GMT
ETag: "6461fc0d-54206"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/css/_normalize.css

195.208.1.130

200 OK

1.9 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/css/_normalize.css
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
ASCII text, with very long lines (1868), with no line terminators
Size
1.9 kB (1868 bytes)
Hash
db1aae18a50d64dc7d57cc30890fa4a9
e9e31a834b70c3e3af76caf0565f5b3cb3702bc1
04dcc0a9d5f7d79b8608c67e321cb97bdba721364d81aee3d4b45a35031ded5a

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/css/_normalize.css HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: text/css
Content-Length: 1868
Connection: keep-alive
Last-Modified: Tue, 26 Jun 2018 11:47:22 GMT
ETag: "5b3227ca-74c"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/css/_fonts.css

195.208.1.130

200 OK

809 B

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/css/_fonts.css
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
ASCII text, with very long lines (809), with no line terminators
Size
809 B (809 bytes)
Hash
6b8e842953777e0f0844a0c9402e3241
a5bd9c3d393303de4296388e6a0b32d9e0aec498
4b2b391cd54a30baa7055fc706c73c7fceb7b933d01ae526a396fb855291fd17

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/css/_fonts.css HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: text/css
Content-Length: 809
Connection: keep-alive
Last-Modified: Tue, 26 Jun 2018 11:46:34 GMT
ETag: "5b32279a-329"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/css/_jquery.mCustomScrollbar.css

195.208.1.130

200 OK

43 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/css/_jquery.mCustomScrollbar.css
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
ASCII text, with very long lines (42871), with no line terminators
Size
43 kB (42871 bytes)
Hash
c07c60c4a56213e4412085f08b6c7a92
24287aabf2304bbb3373d901e630fd41c9925e80
9f518aad8da5d9778917a6d683775b5730fcb1bf44dddb3c51ead95a959837c8

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/css/_jquery.mCustomScrollbar.css HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: text/css
Content-Length: 42871
Connection: keep-alive
Last-Modified: Tue, 26 Jun 2018 11:47:08 GMT
ETag: "5b3227bc-a777"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/img/logo_top.svg

195.208.1.130

200 OK

1.7 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/img/logo_top.svg
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.7 kB (1725 bytes)
Hash
c7c4487945f765a10b9b4c62aaacde84
89b20686440b7c344510b29e82a7c9f5bebe42d4
8c1d94ed79a266ea809946ac0241a528e9b2dcec1f227fdadc14c6bb240939d9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/img/logo_top.svg HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: image/svg+xml
Content-Length: 1725
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-6bd"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/img/logo_symbol.svg

195.208.1.130

200 OK

1.3 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/img/logo_symbol.svg
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.3 kB (1285 bytes)
Hash
d9c53cd322f3c7c7c73262fd144e7957
ea742b0f47d65eaff70afc5af2f400fc5107efc5
317bf5be38640075b3359b4b2919a778c3ec19cebd17a10a9ba9455b22f405ef

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/img/logo_symbol.svg HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: image/svg+xml
Content-Length: 1285
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-505"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/fonts/MuseoSansCyrl_100.woff

195.208.1.130

200 OK

45 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/fonts/MuseoSansCyrl_100.woff
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
Web Open Font Format, CFF, length 44936, version 1.23\012- data
Size
45 kB (44936 bytes)
Hash
d37fe2a7a3d8b484bc5db9b1f1e87ee5
bb058ff228bb2aa0e941255cd1c91bc192a254fd
ee672f065787ef6a01a6611cd21335acaa1d56c4fe7e14d05a9eb989cc5630c9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/fonts/MuseoSansCyrl_100.woff HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/local/templates/holytek/tpl/css/_fonts.css
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: application/font-woff
Content-Length: 44936
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-af88"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/img/backgrounds/bg_main-desktop.jpg

195.208.1.130

200 OK

290 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/img/backgrounds/bg_main-desktop.jpg
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2990x1250, components 3\012- data
Size
290 kB (290163 bytes)
Hash
df30cbcd08ff1050b3dc40162e28e9c0
fd0cb07a9b22aac647705f23d0aaf4891184183d
2784c1c073fe04df4bf81f4eae55e4954e2256443a60a858c52e940e886a6059

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/img/backgrounds/bg_main-desktop.jpg HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/bitrix/cache/css/s1/holytek/template_bd8dd505185ea53bb6c2425486fc3486/template_bd8dd505185ea53bb6c2425486fc3486_v1.css?1684143117151159
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: image/jpeg
Content-Length: 290163
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-46d73"
Accept-Ranges: bytes

bitrix.info/ba.js

54.76.98.210

200 OK

3.0 kB

URL GET HTTP/1.1
bitrix.info/ba.js
IP
54.76.98.210:80
ASN
#16509 AMAZON-02

Requested by
http://holytek.su/

File type
ASCII text, with very long lines (6659), with no line terminators
Size
3.0 kB (3008 bytes)
Hash
1704091e9eb2522effa5baa97cee26a0
5a4ee9ebe22e0e6c35de6ca6b7f8cbeea40c71d4
897c58672b375fd206d4df4ccd71a3fa3e29f739f4db5251b94895ad015f9710

HTTP Headers

GET /ba.js HTTP/1.1
Host: bitrix.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.24.0
Last-Modified: Wed, 19 May 2021 09:38:44 GMT
ETag: W/"60a4dca4-1a03"
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: bx_user_id=d54e9fadd254be5e93c4bbbadcd4357e; expires=Thu, 24-Nov-33 19:19:25 GMT; path=/; domain=bitrix.info; SameSite=None; Secure
Access-Control-Allow-Origin: *
Expires: Wed, 29 Nov 2023 19:19:25 GMT
Cache-Control: max-age=172800
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip

holytek.su/local/templates/holytek/tpl/fonts/MuseoSansCyrl_900.woff

195.208.1.130

200 OK

46 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/fonts/MuseoSansCyrl_900.woff
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
Web Open Font Format, CFF, length 46296, version 1.23\012- data
Size
46 kB (46296 bytes)
Hash
89634cc2a6718eaae3b1eaea330796d2
5f21f790ff6caf6161ffaa9f4d5d7878fc962df7
fdc9458e9598705a65ea7f1132034ce244778b20086e5fade864191b78dfe4a4

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/fonts/MuseoSansCyrl_900.woff HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/local/templates/holytek/tpl/css/_fonts.css
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: application/font-woff
Content-Length: 46296
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-b4d8"
Accept-Ranges: bytes

fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2

142.250.74.131

200 OK

45 kB

URL GET HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://holytek.su/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45300, version 1.0\012- data
Size
45 kB (45300 bytes)
Hash
5fe660c3a23b871807b0e1d3ee973d23
62a9dd423b30b6ee3ab3dd40d573545d579af10a
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

HTTP Headers

GET /s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://holytek.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Nov 2023 21:50:08 GMT
expires: Thu, 21 Nov 2024 21:50:08 GMT
cache-control: public, max-age=31536000
age: 422957
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

holytek.su/local/templates/holytek/tpl/fonts/MuseoSansCyrl_300.woff

195.208.1.130

200 OK

48 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/fonts/MuseoSansCyrl_300.woff
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
Web Open Font Format, CFF, length 47592, version 1.23\012- data
Size
48 kB (47592 bytes)
Hash
6b7ee09dff8d58b157a764f38bb73ecc
f76bd26e6f579891a521df0725dd3025c282ca80
1178fe4aaea99c66e826ec86b17ed6fae59dd4ca20cb558a747463fa135718d8

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/fonts/MuseoSansCyrl_300.woff HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/local/templates/holytek/tpl/css/_fonts.css
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: application/font-woff
Content-Length: 47592
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-b9e8"
Accept-Ranges: bytes

fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0aExdGM.woff2

142.250.74.131

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizaRExUiTo99u79D0aExdGM.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://holytek.su/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28444, version 1.0\012- data
Size
28 kB (28444 bytes)
Hash
e996a4db02cc36705ce700e4b5d06b3a
c5fa1dff68d7d83689f58bc498caea9041cf7b75
7e9c22d02fc319b701844b334477a05fd32acee9668feb98672f6c27887f79cf

HTTP Headers

GET /s/ptsans/v17/jizaRExUiTo99u79D0aExdGM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://holytek.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28444
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Nov 2023 23:42:20 GMT
expires: Tue, 19 Nov 2024 23:42:20 GMT
cache-control: public, max-age=31536000
age: 589025
last-modified: Wed, 27 Apr 2022 16:45:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2

142.250.74.131

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://holytek.su/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 47048, version 1.0\012- data
Size
47 kB (47048 bytes)
Hash
87a1556b696ae2cb1a726bd8c4584a2f
1be0f6f39e0cf316f9827f945eeeaef8294cc37b
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1

HTTP Headers

GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://holytek.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47048
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Nov 2023 21:48:51 GMT
expires: Thu, 21 Nov 2024 21:48:51 GMT
cache-control: public, max-age=31536000
age: 423034
last-modified: Wed, 27 Apr 2022 16:55:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0OqtLQ0Z.woff2

142.250.74.131

200 OK

30 kB

URL GET HTTP/2
fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0OqtLQ0Z.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
http://holytek.su/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29928, version 1.0\012- data
Size
30 kB (29928 bytes)
Hash
609bea65e2bf8ee9b728a85a8f1b282c
a0d2fbcf012e6554fb8cb182994ec8eb744ab65d
1a045fdc088409e4e87d57617de7a9b613bf251c12997180910faeed8fa7aba1

HTTP Headers

GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0OqtLQ0Z.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://holytek.su
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 20 Nov 2023 23:43:49 GMT
expires: Tue, 19 Nov 2024 23:43:49 GMT
cache-control: public, max-age=31536000
age: 588936
last-modified: Wed, 27 Apr 2022 16:55:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bitrix.info/bx_stat

54.76.98.210

406 Not Acceptable

10 B

URL POST HTTP/1.1
bitrix.info/bx_stat
IP
54.76.98.210:80
ASN
#16509 AMAZON-02

Requested by
http://holytek.su/

File type
JSON data\012- , ASCII text, with no line terminators
Size
10 B (10 bytes)
Hash
190f0ca90ef9d8f401ed505b8e377411
12ad51bbdfcc081a984bbff898a0d47cc29a61dc
bb54369234516c2f2469a9989fce0f73145879defec57a2b276b5b1e0bf92336

HTTP Headers

POST /bx_stat HTTP/1.1
Host: bitrix.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 362
Origin: http://holytek.su
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 406 Not Acceptable
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.24.0
Access-Control-Allow-Origin: http://holytek.su

www.youtube.com/s/player/63e90c30/www-widgetapi.vflset/www-widgetapi.js

142.250.74.46

200 OK

68 kB

URL GET HTTP/3
www.youtube.com/s/player/63e90c30/www-widgetapi.vflset/www-widgetapi.js
IP
142.250.74.46:443
ASN
#15169 GOOGLE

Requested by
http://holytek.su/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
ASCII text, with very long lines (530)
Size
68 kB (68238 bytes)
Hash
fceea776bfd6daf3289ac3c210d34a84
6fa80b3b87143338b648cf35adbda2c2603d9c06
af82cd92cb1df231870f60b847a411fcc4adfffef67f01fff41885828edee2e3

HTTP Headers

GET /s/player/63e90c30/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 68238
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 08:57:39 GMT
expires: Tue, 26 Nov 2024 08:57:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Nov 2023 02:45:49 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 37306
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

holytek.su/local/templates/holytek/tpl/img/favicon-16x16.png

195.208.1.130

200 OK

1.3 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/img/favicon-16x16.png
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1283 bytes)
Hash
e1ee07404e3b5b98def890a8a26b1759
1e4948fc9c28f133d751667096bb5bc938af67b4
85cc408c0ad92e3564f6c3511b855914e54e8e9aa196a365e449131eca2cb84f

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/img/favicon-16x16.png HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: image/png
Content-Length: 1283
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-503"
Accept-Ranges: bytes

holytek.su/local/templates/holytek/tpl/img/apple-touch-icon-152x152.png

195.208.1.130

200 OK

3.1 kB

URL GET HTTP/1.1
holytek.su/local/templates/holytek/tpl/img/apple-touch-icon-152x152.png
IP
195.208.1.130:80
ASN
#48287 Jsc ru-center

Requested by
http://holytek.su/

File type
PNG image data, 152 x 152, 8-bit/color RGB, non-interlaced\012- data
Size
3.1 kB (3146 bytes)
Hash
c53e4339a940eba5d7809e45fac4a231
d1b57b04dc1bd61b2c21a2b61d81de279ac7a464
c62708e24db943595a982809373e50dea8e50888aac205a702781aafd4cd6787

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /local/templates/holytek/tpl/img/apple-touch-icon-152x152.png HTTP/1.1
Host: holytek.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Cookie: PHPSESSID=upo7NxZAXfLQW5leINOq5gQdYXrQz2Df
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 27 Nov 2023 19:19:25 GMT
Content-Type: image/png
Content-Length: 3146
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2017 09:40:55 GMT
ETag: "59f996a7-c4a"
Accept-Ranges: bytes

fonts.googleapis.com/css?family=PT+Sans:400,400italic,700&subset=latin,cyrillic

142.250.74.106

200 OK

3.9 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=PT+Sans:400,400italic,700&subset=latin,cyrillic
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://holytek.su/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (4008), with no line terminators
Size
3.9 kB (3912 bytes)
Hash
ceac8138be934558fcdb0ba090756c60
19cc16b31999bb86169932856c20699fbadc29f2
cb4939d7f17ad22986ac010ac46b1b35a40cb2d17dcdad740c0ac45f6cb3b708

HTTP Headers

GET /css?family=PT+Sans:400,400italic,700&subset=latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://holytek.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 27 Nov 2023 19:19:25 GMT
date: Mon, 27 Nov 2023 19:19:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP