r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20310
Expires: Sun, 29 Jan 2023 04:16:54 GMT
Date: Sat, 28 Jan 2023 22:38:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5684
Expires: Sun, 29 Jan 2023 00:13:08 GMT
Date: Sat, 28 Jan 2023 22:38:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Sat, 28 Jan 2023 23:53:04 GMT
Date: Sat, 28 Jan 2023 22:38:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 22:35:31 GMT
content-type: application/json
age: 173
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2Gw17uo9UKqLRM4WCVZ4Psaiy1SUhW3+GdqJBJ/chTKHO3tKp10MsVkJrYVxSvyy/gJnSeLgi/w=
x-amz-request-id: 2Z9S057K2391PPBF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 22:21:08 GMT
age: 1036
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 22:38:24 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
shopb.off-75.ml/assets/css/slick.css
104.21.24.108200 OK 483 B URL HTTP/1.1 shopb.off-75.ml/assets/css/slick.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (1330), with no line terminators
Hash 3822f6f5c8b3845581327951f38f0c46
84dc8aa8e65ac7201f757e39403395c7ccba7a46
9b1acb5ff7636d183b32b15fb5afff2cb2fe0472086993eb82a320128d1da154
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/slick.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=1776
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AO%2BzSVKccKe01M0fdERcbb7YT0Y0RRoW3qGc9LReeq6w0mAMR4pkl3dBAwAjalM5Sth8yPbqrm8B9x%2BURnSrFjqwyYCclJ5jc%2B28yJgZZ3DNHTJDmSjn6nfi3btAySqj4b8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db7fa90b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/font.awesome.css
104.21.24.108200 OK 6.9 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/font.awesome.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (30771)
Hash 021c54b80a7d8481ba5d753a13f3ee55
5f86bc81080d48de9967e86432479a5b4fa51d26
98cae6c56f0b5b9e5ec34dcedc0012180d2d4f888be915fa525a6a5e2d5ad7ef
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/font.awesome.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=42967
ETag: W/"91d72cc1713d61:0"
Last-Modified: Thu, 26 Mar 2020 13:23:36 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O6UEeiIEIgRSIHWPmlL0FC4aUtvHLmkN8ZRucr1m5dNUkB%2FLcPXL89g4L9sFGb8ejPLtakJ8VjuLXSGRcnMDR0wVTDCnZrh0XTuCFb2b3yLiWH02catD3lzZEc0RomQgepE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db7f9eb4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/owl.carousel.min.css
104.21.24.108200 OK 952 B URL HTTP/1.1 shopb.off-75.ml/assets/css/owl.carousel.min.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (3300), with CRLF line terminators
Hash c878bd6c1ecbdd4edc92cfdf8ce5e200
60b248a47ca6f9fbdd3e0bad7b1d0bd9fc995e43
897b2c8bd06de046e9f3b8b9ed8dd98aa2d49dd2e0087c2fc5faa415ad7518fb
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/owl.carousel.min.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAMJ89r29Bxeagey%2B1y3z0gmbR2FOAV8VrcbsPNMPmXN3ILRAXaM63x9y06UiJaiYLka7dV76VgEC3caGBoS%2Bhm9dO6cNIxbfdmgaCOk%2FYFFKGEgG0EMO1k6Ux495zDOtrc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db7ed30b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/magnific-popup.css
104.21.24.108200 OK 1.6 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/magnific-popup.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (5236), with no line terminators
Hash c2546a957ee5cf6d490d4f7f42ed294b
4351ba13233da4d07f823f10c729b656667c4884
56d1fa73346ecdd5a033f52cf8e25127c358b3396c6ffa9042e42525e5d7b480
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/magnific-popup.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=6951
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sHptUQd67YhiZLkQUzydp6NrVGVH3HDkX9joXBhO9%2F7j4vy483jiIorAV9uWhyTiN4UPFMjamYYHjlzRtxOVicshzlRfjgFDQSwnYzz8Vu8Ymk%2FtY4CpI5NEAfTq3xLcUfs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db7f12fac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/ionicons.min.css
104.21.24.108200 OK 8.1 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/ionicons.min.css
IP 104.21.24.108:0
File type Unicode text, UTF-8 text, with very long lines (50806), with CRLF line terminators
Hash eb0b784ba524289b0ac96834530d2de0
ad78c3c807c58c0a02c3205d08720b1d89b5b0a2
b9bf045412f00f9328a81ef7d465aa5212ac0c56cffdd8e6cb77a3d4e6c19ea3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/ionicons.min.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sy4Z2utaLm%2Bp3YkJ6PQ2QNQwtA23ICEy%2Fw6kIeehUM4YMMNu6Sv54kUKjytnFBpJzxWR352U5q%2B8siyh7a4I8kJGU3A49jhsLH6LO6djdbU6KTQj42nvD700gvMEUR%2B3Cqo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db8fc00b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/animate.css
104.21.24.108200 OK 3.9 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/animate.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (56218)
Hash 307a2f7ba550d93c5654aa89b311cac4
b90fa3dfd0b111aa472019227c51390a70a1ec85
e7ee17bca835d57e3397fc14edf28e80dc42dacec3b9c5b86b44e2021b754086
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/animate.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=75632
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8LF%2BVTd%2FbUKGg%2FJb%2Ft0y3V90hkM1GtZW0CODMewAqCif%2BYr77uVepal0t7QZRB3hLUYVwl%2FV1%2B6d8PPmh1iKAAq4pmXOD29jQi1%2ByKZD7ABXDk4F0kzKSr943YsLOz8ZCkE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db9fb0b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/jquery-ui.min.css
104.21.24.108200 OK 3.9 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/jquery-ui.min.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (1369), with CRLF line terminators
Hash 3a8eb66209db7a770ecc350d04b22f0e
d49e4583e70359c0fcb5cbd4979a45f053193ce1
bc65ec7c305f22f3f03b53b0aa1d72599b9abc31c983a68ea2cb0181acdaf33e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/jquery-ui.min.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wyjqfH4TM5g1YmMcKfiH7S%2BiQDbUfmSOj3mdglEQ86QlvxNMwCl8kkZaBm%2FOmJHzaBppIFGxDF2pOSQ1lHA7IcjnsOL04pQZtcBNUPnltYekBl4DiYKILcX2krbxAF88M7g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db9eee0b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/slinky.menu.css
104.21.24.108200 OK 756 B URL HTTP/1.1 shopb.off-75.ml/assets/css/slinky.menu.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (1908), with no line terminators
Hash 3169644ad168b936be4021e0b89962cb
efaabeed7101b80d48373d3595af18daa63109c3
3969aab3f6efaa62ad75b86da2db7fc4e17d3207b7437fb195c2486765fcf4dc
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/slinky.menu.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=2557
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBrbpB%2BHiJcvIr2ijQV10t%2Bnl6%2B2r1hSaSWzpYQCPGb3zsYP%2BeISV3QO%2FBsVg8BqeyTx0fG9MkBCl8hstYGn1Tq1grLyvaaTF0ZPYOGtcBhyIZOl%2F5Gm4N2nMxX2PcoDwX4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db9f3afac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/bootstrap.min.css
104.21.24.108200 OK 24 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/bootstrap.min.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (804)
Hash 6135caeaa4ece4f123378e2c05c46351
f4032d09a3e37e2d982ea173c62b51e5b9314316
d8f43cdeeeba70ceaf8ffba811a60f906733752f2cf7fc3ff01d1508eb35d9fd
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/bootstrap.min.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 03 Apr 2020 06:32:43 GMT
ETag: W/"114232ae819d61:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8vjUX7ERiuiwe04830dOmbGAaQuS%2FuFnxCCUJ3Z7mM%2FMnZ2hoT3BO6A2Mtpn%2BGu%2FS9cH3RHJgl4rVLiSNg%2B3x%2B1F%2F2aIVRv3qQJy3ZFNI6cWIqupi%2FrKMG%2Bceq5G9mMgmQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db78a9b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/vendor/modernizr-3.7.1.min.js
104.21.24.108200 OK 3.6 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/vendor/modernizr-3.7.1.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (8283)
Hash 902f81ef89b5c43a9be952bd28995f34
2eb749ecdecbe9946f21fba66f44f9416903c8fd
8fa10287d5a79a134a39158ccbacdfbc0de80e2973ca4a190d1d8e39e3846832
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/vendor/modernizr-3.7.1.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBNQHjT%2B9QDMFAgFGXk3ZfJiNY3bSjFsQATAi2wdTIuGMemKS00kL%2B8ZH%2FQWZUMRe28Iuer5XFcSBP1QYhL7kjvxk2yvwGTuNEYJ85L0BN52W39U1ECRvtGyZuPTUEZWdFU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db9ef90b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/plugins.css
104.21.24.108200 OK 52 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/plugins.css
IP 104.21.24.108:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 735dfeb5c7370a79b2c76b1dca4395dc
8b3ef8aa646c7f91278a20f4a1fe5a43dcccc658
177cbc7be3e08cf68f7182117cc49aae04b3e6339c97eee27d4eaa625033f793
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/plugins.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=119430
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqkUdqezhZIaZqb7fZY9ytG3yYZq1DErMztV2HAFQ%2BgtJkVemPMNdwd2HOBBwHecg0O%2F4f0WTRck%2BdtNjsVc6Z7IMPyGE8pRRco1nVS0JMxo3UfhwhdUg%2FRa9%2BT7yzQJg4E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db9fdc0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/css/style.css
104.21.24.108200 OK 28 kB URL HTTP/1.1 shopb.off-75.ml/assets/css/style.css
IP 104.21.24.108:0
File type ASCII text, with CRLF line terminators
Hash 89c3784723734aedc3aacf4ef138d0d1
aa6929871290798624259848b29f217f41deb242
5ddfab22b6c24b8a24489672457165c9abdc074134ba32c735f0e07a1c425706
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/css/style.css HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: status=cannot_optimize
ETag: W/"663c9b9b9d24d71:0"
Last-Modified: Mon, 29 Mar 2021 13:15:36 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7rhW8OQaqReqRx%2BZkZO%2B%2FAhRZb6TUBURZ57DJPuDVZ0FSm3wAKPxrX8UgYtZeYMt8iDXozmQNR2iWbIG5N0bFvayqou7XIbb6tCHVOrosS4s485foSJiAy2dwkQoJ3l6Qwc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37db9fc0b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/img/logo/logo.png
104.21.24.108200 OK 5.9 kB URL HTTP/1.1 shopb.off-75.ml/assets/img/logo/logo.png
IP 104.21.24.108:0
File type PNG image data, 115 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash 9740baf71f9fd51a3dc86430f5f49ea2
4617137861adc2341b3377817bf728c4c87e8b37
9e7bdb3c28f7bdd912a7b3f96918bac061ed5f64216c59fc265a83d023f66952
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/img/logo/logo.png HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: image/png
Content-Length: 5946
Connection: keep-alive
Last-Modified: Thu, 09 Apr 2020 09:53:37 GMT
ETag: "1fcab8bd54ed61:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3137
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gPDpLJfUe%2FZ4Zn5Da4PGQaDVYvhkvdNqWMc36OU0j2k%2FPHSkh90c6eTpzGYj2K8NYaapVZJ%2Fob7lpBQ9BIAj9Re%2FFu4rxvgcqfIrh1hk4ZQ%2B9w2zykYHv%2B2bI6l4PlJmpco%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dc38560b31-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19048
Expires: Sun, 29 Jan 2023 03:55:52 GMT
Date: Sat, 28 Jan 2023 22:38:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 21:49:03 GMT
age: 2961
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 22:38:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shopb.off-75.ml/
104.21.24.108200 OK 4.0 kB IP 104.21.24.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4118), with CRLF, LF line terminators
Hash 70c96028b1ceeffdd79c9aea8f4d9603
1f1c016ea35fc27c5574a3cbaf0878e92b1fb841
bc240d2c11f33807b7332772c3bac42458b20d2ec3cdf40097bb621ade2ec9b7
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET / HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
Set-Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; expires=Wed, 01-Feb-23 06:38:24 GMT; path=/; HttpOnly
ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; path=/; HttpOnly
la=com; expires=Sun, 12-Feb-2023 22:38:24 GMT; path=/
cid=1; expires=Sun, 12-Feb-2023 22:38:24 GMT; path=/
price=70-73; expires=Sun, 12-Feb-2023 22:38:24 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fOunpDwTrVbaCJbCgxbdkjXet0BY5MbehoQVc%2F6y5Rv0MiNgJkmIPof8uxO34%2BFRtARmjXIdJnSRL4ACh3s0NnoA%2FEESWZLNUrowTDOpVGZ28C2vkQ70pLL8qly7I6mMQdg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790d37d72e9b1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/popper.js
104.21.24.108200 OK 6.8 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/popper.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (19012), with no line terminators
Hash 222d0205ca54c1c2050c372878a4f9f4
621dfe3dc836b5580747cd70c135c812e1c67026
d8b28ecddb39276a29c0fee100f7745ff56f49227963460e09de126015dbd877
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/popper.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=19203
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2LD6LH4SJVtvJqkI%2Fe%2BwpKlsR99GjjDEeFo0YU%2F2T21FLwMe5jLKL96HCdOq3ALPF40luAzcLqugd2XDa6ErRNQdDeEa9QZ1clpfDN%2FBFgrdC3Qgyyf2RzNc4x2gvjaHME%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd7aabb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/bootstrap.min.js
104.21.24.108200 OK 13 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/bootstrap.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (48664)
Hash 8029f7d7dda62fb57a70a263aec6664f
0bc3537a8644a5614cbaa2edfecf3ef5b2126dc3
ef56ad2d76564d61260c29e220d536795e42349385bd87281c1afa9f3c5fc0e1
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/bootstrap.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEwuPNH6RZPD0XNBO794%2B2Rj5klpeI%2FsqHttmQqvxocgc64RVpMVszDhlzuisi3x3R%2Bjg8t0daJehpoiS2CWpKDK%2BZn6aeEkq3WmfFqka5UwHcoWZKWpxDB9q0qgQwHbCMw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd78520b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/slick.min.js
104.21.24.108200 OK 11 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/slick.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (53179)
Hash bc5a9afd3eb28757ffe25f23deac31fd
966b4f6dc608d7a169ebce1e74c46c4d9b3f8fa8
f30f5e432bef7afaab8f9f0a2895a3df40318760c3c9833abaca1ddc7903b5ed
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/slick.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bsoeOaO0rvMLZV5OjwiIwHf3HF8Fwboh%2FI1eV3i4%2Bgkxso%2FlerNIUpUNJnHrJ8d%2B%2FSwQRrqaEC%2F1SXBskqPlcfIfA2qRW89%2ByhQoSV5QFukxMLxLWGstOk9ezLeCN%2B4v%2BJ0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd7c831bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/vendor/jquery-3.4.1.min.js
104.21.24.108200 OK 31 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/vendor/jquery-3.4.1.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (65451)
Hash 281e79c3468c820c3ed6b99e34a11ab6
844ce27bc796bdd5a4d8aa7615caa89abcf20ce4
1163e4002fb365ebb7e2d9302ab8a09501ce126646d50e2ae2d08a5c6aefc647
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/vendor/jquery-3.4.1.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GS8%2Bfw6d7q7dkAoMk8L%2FzHVXbxvEn26GUTqgLUhwWA39wbED%2BsYUjqLIp3AzfT6p5KT1jceBEm70d3VxTIA%2F3426v8OuGSxbFldTDmWvFWNMen5og2cJQMJwPK7wqq9Skg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd797e0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/jquery.magnific-popup.min.js
104.21.24.108200 OK 7.4 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/jquery.magnific-popup.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (20087)
Hash 46b6de0caa37a0a3d6633a9424d94be9
7d2e80a0f9185d7e34cd26d04ec1f03a3e1d7021
5e62b2534dbca380ec433e70d5a7ba06de4a5a5f28e3fca81cc8f37eb1b7d512
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/jquery.magnific-popup.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bCUkCHoUG3zpzjDdkNMBD%2BDtbtYW45Y4vFb%2FBh8Gp3pjfautImfkL189TvrAV%2FkWLba7KNCYuWJ4NzAEkjC%2BHXxO%2BQTWPNGgg1w7gDVhKJweDHNmnz0wsZCLIsYK%2BvYExkc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd7ab9b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/jquery.counterup.min.js
104.21.24.108200 OK 585 B URL HTTP/1.1 shopb.off-75.ml/assets/js/jquery.counterup.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (917), with CRLF line terminators
Hash c594ac9be1afbdb97f7113f79962e1cf
1ee4c2ab91fe051d4a5dedb8db641040333289bb
e6dea0c503d5b75705e1604e7ad96d4ee6edd4f5daeeb66cafc978286090a88b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/jquery.counterup.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FLgGuP5F2KJFDuNRikB%2FviTPpxff%2FMU0RM5mTsD4xc3iAuPy0cLjLOzeMzqtWyuEP9o47V6wy2AEGX1n6%2BTIS%2BNji%2FZyjFoMM6Hm%2Fok9%2FViIFLBWEUvenQ3c00quZGlSSwk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd785c0b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/owl.carousel.min.js
104.21.24.108200 OK 11 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/owl.carousel.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (32000), with CRLF line terminators
Hash d685cf636e44b5e5c1711eab7dab936e
486141b55ce56636090aec622c544bd0893bbf53
1b85526b2d10d25f61b7f358a89cacf1b1b18159252c32e07e3b6a74bab08d95
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/owl.carousel.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1uBGV%2B2WP3DbfgDHHGGIA%2FOqpfhO2jrHzqPEjKGQLvFY6XlEaFh5ULlHk1QixI4HuMMLOV5J9OaUJIkhB3HJix6N8osPHmx5IqRpqxp%2BPePKEHpR72CV3t78ewFwBDP2Ok%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd7a0dfac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/jquery.countdown.js
104.21.24.108200 OK 2.1 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/jquery.countdown.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (3351)
Hash feb1f59ecdf9219fea3c6b4a9cc2e7c5
01b347634ef2068d9a0aa082601a08d406d461e6
eb8b79a161b05cc8478c80002f779bbc5fc629d408c21d03195317afbe456525
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/jquery.countdown.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=4581
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BldVDvrv9XLuADSeK9iyPXm5lTkJIGXCZU5Mw14sruZfQyTgrJAihAUVQfa41jPfMLqq9D3IiMCFG3bfPavQfN3QUm6ScpiHdae2vnHRBzG8JtaC%2Fo2uVz7%2BloQa9KCACAA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd9cb01bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/jquery.ui.js
104.21.24.108200 OK 8.7 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/jquery.ui.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (30797)
Hash 5fea5084df337bc485afb6712e099242
5fe7f534b850afbaec55a1e38e7467d651eee3cb
042cbb07bfcda47aab87ca10222c41403636cb46492c7823e4198e0d98cc7960
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/jquery.ui.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=30940
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZOjAW5qHyVkKraamhQJy3ypZwnAMDkIFFkWDv4fj8fv%2FobYUw8LQGxvP7ZT3z84EmDDKaXnbNuijLvuAk0zHUlqCN2j4bIZh6aOKwePO7FCLZrQBM4nIn4G2C%2Bp5hQkLGeg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd99890b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/jquery.elevatezoom.js
104.21.24.108200 OK 6.1 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/jquery.elevatezoom.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (1282)
Hash 056c9d4f62bcf1c7a7a7542755e3b485
bd3854548f8de0a6e01e46be34a5d07b168627bf
7b4a43c2fa3e536a707c451fe53b45e7dc7e70e7216a6651083a49df59f9c75a
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/jquery.elevatezoom.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=60621
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FbpIdcJuj6998dFAkG%2FXNAWkkRnMlV1xSDi73NDmvTfgKdjmMH69fq%2B0vOiVhTzgBiL%2BbimJzJZVLHsKbInl1giVlclLtPI0HLmWvKH3nMYJRFyrapOElGTRqY3S6FQEuOI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd9accb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/isotope.pkgd.min.js
104.21.24.108200 OK 9.8 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/isotope.pkgd.min.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (32019), with CRLF line terminators
Hash 364e5529d8eb6811a0735a48e8096012
7182d0733438cdec5ae856662365ad128fc388d0
b5dbcee04b588774e0357e88a799a784285805e557aa0aa02299f494de225a01
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/isotope.pkgd.min.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: W/"0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Iz6p69bHvy45ZnFZM4IBq1Vlpk6tbSdeGJZoKLgSBTOE1iqZoaof90d%2BdXcyZMKmrpzkouL0deCr2mmSggtc8lEeLzlSijEubQEigY51Y903vntcnFzQjVIO%2BWn6vHG0NY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dd98660b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/slinky.menu.js
104.21.24.108200 OK 1.6 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/slinky.menu.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (4705), with no line terminators
Hash b46148fe7640c475663c2a250ea09661
29ee2268a8f7d005551dc6a16aaf49b90cea7043
0ade38d31543ebc438071f8e90b813a9c30ab2ac82cfaaa022cfd92f82cf62f8
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/slinky.menu.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=4783
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0C2PIe1wqbtpcZRQ0SH7lkzSFFQvXVz8kEQoKmIhhQ8whxtRELR4EOXDrbMkO2Rk9Fqn3grUPb8SXNjWU%2FO5T0vM388AqubsLNA%2FmtwlNU5vLl4qT74T2j0euORMqN7jlWg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37ddaa54fac0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/plugins.js
104.21.24.108200 OK 9.5 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/plugins.js
IP 104.21.24.108:0
File type Unicode text, UTF-8 text, with very long lines (10924)
Hash a6e620b04ea379073e9817bf033ac5fa
0a7e15b83c259670db9326e0c2f8140987c19348
b3b6f23fed2cf89fbe6e7961a8091e8760191a07b58af771425cc927eb0cde68
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/plugins.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
Cf-Polished: origSize=31307
ETag: W/"0c64a8b35b4d51:0"
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gai%2BgZl0K%2FxSf8eEKQMa6RPE349JdYW2TexxCzIvLAE%2FCJrgFH1MiAyN0iZWx8kqfu5PR6%2FCfqvTOag1kJYU8TGDiVGlnYuzdrFxv8e6KLa5EMtLY33EC%2BnY8qm3swVvs9U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37ddbce61bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
shopb.off-75.ml/assets/js/main.js
104.21.24.108200 OK 2.7 kB URL HTTP/1.1 shopb.off-75.ml/assets/js/main.js
IP 104.21.24.108:0
File type ASCII text, with very long lines (4828)
Hash ba1b2269e175ecc94283bcb8d77ed0c4
3198f4b8b70d45c29dc7e56a503eef6922c587a2
fd7ad239bc2dda0ff4cbcf2fc641d8cffcbc08032e14009a7dfc9eee89bca8b2
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/js/main.js HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cf-Bgj: minify
ETag: W/"569fda114c0d71:0"
Last-Modified: Wed, 13 Oct 2021 09:28:08 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3136
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PY7doY4RQyF6L2cbIbqyxQBRebR2ZJCumEP29ATackT6NTj084%2BTBI%2FFOdrSEkDYj%2Fq%2BJTf0mNkxm%2BofIVAwMcn9a01Nt2zpn2vXVsQ%2BXkzISNs7o6OyxbYIW6NI2%2BXzPqc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37ddb99c0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
54.148.77.40101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.77.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: b7J3AxuYcAH+sUtoGhcWug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KVqmm+lBMjcm2ywanIVmbJ9ORaU=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 22:38:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.24200 OK 1.7 kB IP 192.124.249.24:0
Hash 7692d7356d6971ba0949925897726f8c
a8896e818bb2b8fd45f955d504bf88dad4ca2918
2192e3fff72d1831579af3d11e884880d0fa2cffe6a78200e7aa2b28c153de63
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 68
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 22:38:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1731
Connection: keep-alive
X-Sucuri-ID: 15024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 20:19:17 GMT
Expires: Sun, 29 Jan 2023 20:19:17 GMT
ETag: "a8896e818bb2b8fd45f955d504bf88dad4ca2918"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
i.ytimg.com/vi/A3w_YzqPBJQ/maxresdefault.jpg
172.217.21.182200 OK 127 kB URL HTTP/2 i.ytimg.com/vi/A3w_YzqPBJQ/maxresdefault.jpg
IP 172.217.21.182:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3\012- data
Size 127 kB (126559 bytes)
Hash 9973b241bf5fa6d9769af8969aa14872
40c237e479bb3486ec214eb8f4a83188ea642434
2e6a1dfb69aef57fd0bab855a0b85d08c3575e5d78f9a344953d99abe75a4a4f
GET /vi/A3w_YzqPBJQ/maxresdefault.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 126559
date: Sat, 28 Jan 2023 22:38:25 GMT
expires: Sun, 29 Jan 2023 00:38:25 GMT
cache-control: public, max-age=7200
etag: "1556735521"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 22:38:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 22:38:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
media.wired.com/photos/5ed025ca9948303154121fc9/125:94/w_2393,h_1800,c_limit/Gear-All-Theraguns-SOURCE-Therabody.jpg
151.101.0.239200 OK 43 kB URL HTTP/1.1 media.wired.com/photos/5ed025ca9948303154121fc9/125:94/w_2393,h_1800,c_limit/Gear-All-Theraguns-SOURCE-Therabody.jpg
IP 151.101.0.239:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1647x1239, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a25ce428523c04b994e16fcd82deb22e
3f2b856912657546c0d882f9c11518695b02c6ee
78944564117b6369e111782855bce578ba7e821698018d84ebff215a5f19f04d
GET /photos/5ed025ca9948303154121fc9/125:94/w_2393,h_1800,c_limit/Gear-All-Theraguns-SOURCE-Therabody.jpg HTTP/1.1
Host: media.wired.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 43260
Content-Type: image/webp
Etag: "QT5v5FpAImphSAZbjmC676eAcD/7O0wRllRuP6W+Qu0"
Fastly-Io-Info: ifsz=407133 idim=2400x1800 ifmt=jpeg ofsz=43260 odim=1647x1239 ofmt=webp
Fastly-Stats: io=1
Fastly-Restarts: 1
Accept-Ranges: bytes
Date: Sat, 28 Jan 2023 22:38:25 GMT
Age: 1901071
X-Served-By: cache-iad-kjyo7100082-IAD, cache-bma1657-BMA
X-Cache: HIT, MISS
X-Cache-Hits: 2, 0
X-Timer: S1674945505.107697,VS0,VE95
experience: katra
server-timing: geo;desc="continent=EU;country=NO;pop=BMA"
cache-control: max-age=31536, must-revalidate, public
timing-allow-origin: *
vary: accept
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
142.250.74.35200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://shopb.off-75.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 14:34:21 GMT
expires: Fri, 26 Jan 2024 14:34:21 GMT
cache-control: public, max-age=31536000
age: 201844
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
images-na.ssl-images-amazon.com/images/I/61BvBb8QcOL._AC_SX425_.jpg
151.101.129.16200 OK 17 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/61BvBb8QcOL._AC_SX425_.jpg
IP 151.101.129.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x465, components 3\012- data
Hash b5c809b3dc089d820b650319f5783525
a3112a7628205b03ec6f314adf4c68a87cadccb8
0e59c3aea0fcb7027b2c5dd633129cb7386a4fb632c8f7c68e6e688f22e7fd76
GET /images/I/61BvBb8QcOL._AC_SX425_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
x-amz-ir-id: 64dd7028-d7e1-44c0-8709-d25c9cdb1251
expires: Thu, 22 Jan 2043 05:47:29 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
access-control-allow-origin: *
last-modified: Wed, 15 Apr 2020 09:18:03 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
date: Sat, 28 Jan 2023 22:38:25 GMT
age: 147056
x-served-by: cache-iad-kiad7000077-IAD, cache-bma1670-BMA
x-cache: HIT from fastly, MISS from fastly
server-timing: provider;desc="fy"
content-length: 17324
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 22:38:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2
142.250.74.35200 OK 8.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 8668, version 1.0\012- data
Hash a242ba0df3a128a2cab929a8c45d5056
d70e2c70b21cbb66cd883ae56e2dedacefd81c7c
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
GET /s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://shopb.off-75.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8668
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 09:52:10 GMT
expires: Sat, 27 Jan 2024 09:52:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:07:02 GMT
content-type: font/woff2
age: 132375
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.35200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://shopb.off-75.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 04:05:29 GMT
expires: Tue, 23 Jan 2024 04:05:29 GMT
cache-control: public, max-age=31536000
age: 498776
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
images-na.ssl-images-amazon.com/images/I/616DSnxhViL._AC_SX425_.jpg
151.101.129.16200 OK 21 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/616DSnxhViL._AC_SX425_.jpg
IP 151.101.129.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x434, components 3\012- data
Hash 5d7df381216cfbf49dfa8a6587a00bba
00bf5790b5f9f19b0233bd4034cb9dfe60500046
1c7d732db4d149f16dbe3df318230d39807944f845a23a7e3f8f7cdb807e49f9
GET /images/I/616DSnxhViL._AC_SX425_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
x-amz-ir-id: b568cc54-0692-4a46-ad29-31676904d6f9
expires: Mon, 29 Dec 2042 03:39:55 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
access-control-allow-origin: *
last-modified: Wed, 03 Jun 2020 05:28:03 GMT
x-nginx-cache-status: HIT
accept-ranges: bytes
date: Sat, 28 Jan 2023 22:38:25 GMT
age: 2115581
x-served-by: cache-iad-kjyo7100144-IAD, cache-bma1670-BMA
x-cache: HIT from fastly, MISS from fastly
server-timing: provider;desc="fy"
content-length: 20819
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.35200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://shopb.off-75.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 02:42:35 GMT
expires: Wed, 24 Jan 2024 02:42:35 GMT
cache-control: public, max-age=31536000
age: 417350
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d2ade408af91f717110cf07d8d89c02a
997134ef254ea49d8aa40d48e55a715e06f9c315
81199c2fc337d94312e50e72a57ccf22e2f47060ddbd623ae9d836f24410a55a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 22:38:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
142.250.74.35200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://shopb.off-75.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 09:41:14 GMT
expires: Wed, 24 Jan 2024 09:41:14 GMT
cache-control: public, max-age=31536000
age: 392231
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
images-na.ssl-images-amazon.com/images/I/61froQBk11L._AC_SL1500_.jpg
151.101.129.16200 OK 77 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/61froQBk11L._AC_SL1500_.jpg
IP 151.101.129.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1408x1472, components 3\012- data
Hash 6c3a5cc56c75f81eee24a63a96cfadd4
1e98e28ef35b9b413656b476caba4a435c3cc45e
e219f20ba91304e79ff7e22a9ae278def49ca52dbffe1bb9e718b1faec2cc6a4
GET /images/I/61froQBk11L._AC_SL1500_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
x-amz-ir-id: 9fcb6b60-c012-498e-9d04-d0f2b2ba918e
expires: Wed, 31 Dec 2042 15:20:36 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
access-control-allow-origin: *
last-modified: Mon, 11 May 2020 09:32:15 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
date: Sat, 28 Jan 2023 22:38:25 GMT
age: 2013469
x-served-by: cache-iad-kiad7000141-IAD, cache-bma1670-BMA
x-cache: HIT from fastly, MISS from fastly
server-timing: provider;desc="fy"
content-length: 76679
X-Firefox-Spdy: h2
images-na.ssl-images-amazon.com/images/I/71WLFaESirL._AC_SX425_.jpg
151.101.129.16200 OK 22 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/71WLFaESirL._AC_SX425_.jpg
IP 151.101.129.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 425x440, components 3\012- data
Hash 56f8f5aa0fbb282f4d6f3740af259fb3
c367f7575189d2275205d41acb6cc28940fca57f
74f9abf59f2fee31d62e759b0975670854a37953ea9b3f6177f6e988bf0cdf0f
GET /images/I/71WLFaESirL._AC_SX425_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
x-amz-ir-id: e84d17e2-608a-40d4-99fa-664e04f48490
expires: Fri, 23 Jan 2043 09:51:04 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
access-control-allow-origin: *
last-modified: Mon, 24 Aug 2020 05:54:00 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
date: Sat, 28 Jan 2023 22:38:25 GMT
age: 46041
x-served-by: cache-iad-kiad7000044-IAD, cache-bma1670-BMA
x-cache: HIT from fastly, MISS from fastly
server-timing: provider;desc="fy"
content-length: 21712
X-Firefox-Spdy: h2
images-na.ssl-images-amazon.com/images/I/71k2DWp3yDL._AC_SX466_.jpg
151.101.129.16200 OK 13 kB URL HTTP/2 images-na.ssl-images-amazon.com/images/I/71k2DWp3yDL._AC_SX466_.jpg
IP 151.101.129.16:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 466x469, components 3\012- data
Hash dd628d6d333815d05c97ae2592d6542e
a1c33349cd5bded025695bd7b9a5657c6b906ee3
429ce991d2b173342fed4c56f1f406daa9c0326778f610817396263a553de860
GET /images/I/71k2DWp3yDL._AC_SX466_.jpg HTTP/1.1
Host: images-na.ssl-images-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/jpeg
x-amz-ir-id: 4041db85-ac4c-4461-b180-211a10091b4a
expires: Fri, 23 Jan 2043 11:17:13 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
access-control-allow-origin: *
last-modified: Sun, 19 Jul 2020 14:29:47 GMT
x-nginx-cache-status: MISS
accept-ranges: bytes
date: Sat, 28 Jan 2023 22:38:25 GMT
age: 40872
x-served-by: cache-iad-kcgs7200136-IAD, cache-bma1670-BMA
x-cache: HIT from fastly, MISS from fastly
server-timing: provider;desc="fy"
content-length: 13312
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 22:38:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sdk.51.la/js-sdk-pro.min.js?id=Je3ObktYRVDFSWjx&ck=Je3ObktYRVDFSWjx
47.253.50.2200 OK 13 kB URL HTTP/1.1 sdk.51.la/js-sdk-pro.min.js?id=Je3ObktYRVDFSWjx&ck=Je3ObktYRVDFSWjx
IP 47.253.50.2:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (34110)
Hash 29243483fe441404931c046d27be80a6
92a0c68b0169eff0addb8cc05a53f6e009d41d47
4865f22b0a68c6a0a6c2d3cbedb9a190ffbea105c4f1e2a5806172919456f3b1
GET /js-sdk-pro.min.js?id=Je3ObktYRVDFSWjx&ck=Je3ObktYRVDFSWjx HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 28 Jan 2023 22:38:25 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Tue, 10 Jan 2023 04:34:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63bceaef-861a"
Cache-Control: max-age=1296000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
manofmany.com/wp-content/uploads/2019/10/Theragun-Muscle-Recovery.jpg
104.22.7.127200 OK 204 kB URL HTTP/2 manofmany.com/wp-content/uploads/2019/10/Theragun-Muscle-Recovery.jpg
IP 104.22.7.127:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 900x600, components 3\012- data
Size 204 kB (204385 bytes)
Hash 9b3f06e46c5024a6312d60e90e3ba22a
384e3a3b661bbb8e0933e123099aa5357babd1a6
8934f5993dec272f1a60799d8ee025e2ce6337e7ca5108c49e44360800aeb113
GET /wp-content/uploads/2019/10/Theragun-Muscle-Recovery.jpg HTTP/1.1
Host: manofmany.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 22:38:25 GMT
content-type: image/jpeg
content-length: 204385
cf-bgj: imgq:100,h2pri
cf-polished: origSize=205953, status=webp_bigger
cache-control: max-age=315360000
etag: "5db4e03a-32481"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Sun, 27 Oct 2019 00:09:30 GMT
x-cache: PASS
x-cacheable: NO:Not Cacheable
x-frame-options: SAMEORIGIN
x-host: varnish-1
x-varnish: 7374213
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 790d37df2e3c1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e52867ddab85f7a4e372497c215bb9fb
fe5ffce8294b5946736c85164a490c7865e36277
f65b99fd9f2271b8ec8bcc3d83d7e32e8ee5c677d0ea1d590429633e2f45c688
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:25 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 21:01:28 GMT
Expires: Sat, 04 Feb 2023 21:01:27 GMT
Etag: "fe5ffce8294b5946736c85164a490c7865e36277"
Cache-Control: max-age=598381,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790d37e07dd91c06-OSL
shopb.off-75.ml/assets/fonts/ionicons.ttf?v=2.0.0
104.21.24.108200 OK 188 kB URL HTTP/1.1 shopb.off-75.ml/assets/fonts/ionicons.ttf?v=2.0.0
IP 104.21.24.108:0
File type TrueType Font data, 15 tables, 1st "FFTM", 14 names, Macintosh\012- data
Size 188 kB (188508 bytes)
Hash 24712f6c47821394fba7942fbb52c3b2
1b0a0de084905946a20300ca8c354865dec46764
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/fonts/ionicons.ttf?v=2.0.0 HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/assets/css/ionicons.min.css
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:25 GMT
Content-Type: application/octet-stream
Content-Length: 188508
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: "0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bw9dOTOna96u%2BBydof%2FRGPY3dWefG3gS%2B0dukYgAu3ozTrGSOzIRVIOVqmg9pAa%2BQ0p2zQmZc4fOfGeHG6X9S9%2B9sjO8wae2NDVDqIThXn9NXDLaAqXx04xilVCno1jISSs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37de6a370b31-OSL
alt-svc: h2=":443"; ma=60
ocsp.godaddy.com/
192.124.249.24200 OK 1.7 kB IP 192.124.249.24:0
Hash 7692d7356d6971ba0949925897726f8c
a8896e818bb2b8fd45f955d504bf88dad4ca2918
2192e3fff72d1831579af3d11e884880d0fa2cffe6a78200e7aa2b28c153de63
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 68
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 28 Jan 2023 22:38:25 GMT
Content-Type: application/ocsp-response
Content-Length: 1731
Connection: keep-alive
X-Sucuri-ID: 15024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 28 Jan 2023 20:19:17 GMT
Expires: Sun, 29 Jan 2023 20:19:17 GMT
ETag: "a8896e818bb2b8fd45f955d504bf88dad4ca2918"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 47aba93177f62c7aedd2105d739e75d2
eac97d053c4274ea4117f8da7485e887a927d9dd
aee4730b03e18b421941d9e85878ad94e3e740a0fe81c5b98106d866a567116a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=147843
Date: Sat, 28 Jan 2023 22:38:25 GMT
Etag: "63d54264-1d7"
Expires: Mon, 30 Jan 2023 15:42:28 GMT
Last-Modified: Sat, 28 Jan 2023 15:42:28 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1vVvUu6nnwZTWt-k0nhm9nKUOeid2xXbPmAAeZLKYO_nvAK6liyxow==
fonts.gstatic.com/s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2
142.250.74.35200 OK 25 kB URL HTTP/2 fonts.gstatic.com/s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 25372, version 1.0\012- data
Hash fe424f96cb627d8b835cb001af17f56e
c5b4368fed99812a99036fba86d01367b5549505
35c92598a5f32c018dc630f57b183b0284c211ce9c222e5b36840a62115262f1
GET /s/oswald/v49/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://shopb.off-75.ml
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25372
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 10:20:26 GMT
expires: Sun, 28 Jan 2024 10:20:26 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:24:05 GMT
content-type: font/woff2
age: 44279
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
shopb.off-75.ml/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
104.21.24.108200 OK 77 kB URL HTTP/1.1 shopb.off-75.ml/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.21.24.108:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://shopb.off-75.ml/assets/css/font.awesome.css
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:25 GMT
Content-Type: application/x-font-woff
Content-Length: 77160
Connection: keep-alive
Last-Modified: Mon, 16 Dec 2019 17:23:34 GMT
ETag: "0c64a8b35b4d51:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0LSr9zK3skyqfnVvW%2FjzXsneT70%2FFNZ47w%2BHGtHb8cx7X01aiLsLJqb9EGDbDOsgJqZxNC2x2j6ApjHP46uv1Lr463%2FQzeR81q7UiTyEn8XckUHvuFB%2BJ8adyPbBAGtci2A%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37debc3db4f9-OSL
alt-svc: h2=":443"; ma=60
www.theragun.com/dw/image/v2/BCWX_PRD/on/demandware.static/-/Sites-thg-master/default/dw9c4fe265/images/hi-res-transparent-bg/G3PRO_PDP_HERO_1.jpg
54.230.111.109301 Moved Permanently 0 B URL HTTP/2 www.theragun.com/dw/image/v2/BCWX_PRD/on/demandware.static/-/Sites-thg-master/default/dw9c4fe265/images/hi-res-transparent-bg/G3PRO_PDP_HERO_1.jpg
IP 54.230.111.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dw/image/v2/BCWX_PRD/on/demandware.static/-/Sites-thg-master/default/dw9c4fe265/images/hi-res-transparent-bg/G3PRO_PDP_HERO_1.jpg HTTP/1.1
Host: www.theragun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-length: 0
location: https://www.therabody.com/dw/image/v2/BCWX_PRD/on/demandware.static/-/Sites-thg-master/default/dw9c4fe265/images/hi-res-transparent-bg/G3PRO_PDP_HERO_1.jpg
server: CloudFront
date: Sat, 28 Jan 2023 19:59:37 GMT
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yhb5D4YS6HtDnhYr4OIz0mEje3BtxMe8sy-qxvhJTZOKSgPDjsmsxA==
age: 9528
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9b94d83ff5eeefb46a804a76f9ba3758
b6936065a659a4f5af5622ae28f6512922607d1b
50f47f9b07e52fea573f5ec1ec06733ce2c213c3d85c420ec700b59773a8d4bd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:25 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 27 Jan 2023 21:46:49 GMT
Expires: Fri, 03 Feb 2023 21:46:48 GMT
Etag: "b6936065a659a4f5af5622ae28f6512922607d1b"
Cache-Control: max-age=514702,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790d37e2eff11c06-OSL
ae01.alicdn.com/kf/HTB15kIYcBGE3KVjSZFhq6AkaFXaj.jpg_q50.jpg
184.24.44.46200 OK 24 kB URL HTTP/2 ae01.alicdn.com/kf/HTB15kIYcBGE3KVjSZFhq6AkaFXaj.jpg_q50.jpg
IP 184.24.44.46:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x1000, components 3\012- data
Hash b3cdab6611f5f3db1cd092a659ebb4fd
9f393ebae4600cdb7cea81cee46e16944c9c5491
b578f5c12937b3298f00261f3730f0c2befad56d3dab94e7444da817677c47eb
GET /kf/HTB15kIYcBGE3KVjSZFhq6AkaFXaj.jpg_q50.jpg HTTP/1.1
Host: ae01.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Akamai Image Server
last-modified: Wed, 03 Jun 2020 07:11:59 GMT
access-control-allow-origin: *
x-akamai-note: original-image
content-type: image/jpeg
content-length: 24459
cache-control: private, max-age=300
expires: Sat, 28 Jan 2023 22:43:25 GMT
date: Sat, 28 Jan 2023 22:38:25 GMT
from-req-dns-type: NA
network_info: NO_OSLO_50304
served-from: 95.101.11.156
timing-allow-origin: *
X-Firefox-Spdy: h2
ae01.alicdn.com/kf/Hd5c22b07a85e4542bb1755337682ac4ax/Meresoy-9-degree-s-hand-held-body-electric-professional-muscle-massage-gun-machine-3280rpm-setting-body.jpg_q50.jpg
184.24.44.46200 OK 24 kB URL HTTP/2 ae01.alicdn.com/kf/Hd5c22b07a85e4542bb1755337682ac4ax/Meresoy-9-degree-s-hand-held-body-electric-professional-muscle-massage-gun-machine-3280rpm-setting-body.jpg_q50.jpg
IP 184.24.44.46:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x800, components 3\012- data
Hash fc290e0353abe58ff0bae9be21b30099
5de11d6bf2001ffc04bf005ecdd434bc944fee98
cb130abad4b842489f0eaa261029dd350ffe1d6a510fbe42f06fb2483063c540
GET /kf/Hd5c22b07a85e4542bb1755337682ac4ax/Meresoy-9-degree-s-hand-held-body-electric-professional-muscle-massage-gun-machine-3280rpm-setting-body.jpg_q50.jpg HTTP/1.1
Host: ae01.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Akamai Image Server
last-modified: Mon, 07 Oct 2019 04:31:50 GMT
access-control-allow-origin: *
content-type: image/jpeg
content-length: 24374
cache-control: private, max-age=300
expires: Sat, 28 Jan 2023 22:43:26 GMT
date: Sat, 28 Jan 2023 22:38:26 GMT
from-req-dns-type: NA
network_info: NO_OSLO_50304
served-from: 95.101.11.156
timing-allow-origin: *
X-Firefox-Spdy: h2
www.therabody.com/dw/image/v2/BCWX_PRD/on/demandware.static/-/Sites-thg-master/default/dw9c4fe265/images/hi-res-transparent-bg/G3PRO_PDP_HERO_1.jpg
104.17.144.101200 OK 62 kB URL HTTP/2 www.therabody.com/dw/image/v2/BCWX_PRD/on/demandware.static/-/Sites-thg-master/default/dw9c4fe265/images/hi-res-transparent-bg/G3PRO_PDP_HERO_1.jpg
IP 104.17.144.101:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 1280x1498, components 3\012- data
Hash c13802bbab59cc3f8dbb6fc8c5426eb6
28184dac7e0d1890bcd210d7578bcf410fcf95dc
647f444e4803699b7ef18c1335975350b80249e2102695d2270ed2c73629b627
GET /dw/image/v2/BCWX_PRD/on/demandware.static/-/Sites-thg-master/default/dw9c4fe265/images/hi-res-transparent-bg/G3PRO_PDP_HERO_1.jpg HTTP/1.1
Host: www.therabody.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://shopb.off-75.ml/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 22:38:26 GMT
content-type: image/jpeg
content-length: 61865
last-modified: Fri, 20 May 2022 09:10:03 GMT
x-amz-expiration: expiry-date="Tue, 20 Jun 2023 00:00:00 GMT", rule-id="transform_cache_ttl"
etag: "c13802bbab59cc3f8dbb6fc8c5426eb6"
x-amz-meta-cleanquerystring:
cache-control: public, max-age=2592000
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rXTTf-RhHYLGkV_liB_PGubqi4AllpOw2qWYuO7bqfTdsnlxyl5D3Q==
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=86400; includeSubDomains
server: cloudflare
cf-ray: 790d37e34e04fab4-OSL
X-Firefox-Spdy: h2
collect-v6.51.la/v6/collect?dt=4
103.143.19.103200 0 B URL HTTP/1.1 collect-v6.51.la/v6/collect?dt=4
IP 103.143.19.103:0
ASN #4837 CHINA UNICOM China169 Backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 248
Origin: http://shopb.off-75.ml
Connection: keep-alive
Referer: http://shopb.off-75.ml/
HTTP/1.1 200
Server: CloudWAF
Date: Sat, 28 Jan 2023 22:38:26 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: HWWAFSESID=613b79a9cd60a8432a2; path=/
HWWAFSESTIME=1674945501253; path=/
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://shopb.off-75.ml
Access-Control-Allow-Credentials: true
www.armourupasia.com/wp-content/uploads/2019/04/hypervoltvstheragun1-1.jpeg
198.54.114.173200 OK 116 kB URL HTTP/2 www.armourupasia.com/wp-content/uploads/2019/04/hypervoltvstheragun1-1.jpeg
IP 198.54.114.173:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 116 kB (115594 bytes)
Hash 29976e96ec978c3bcb25b310eb03c2e9
f2f35ab3c5021e0b49fec40b77a8c4dbeaa77f8b
81c7010121d6a0ed28a6b7788f1e984ad082324861fdc9b3d1b6ae714fe1113c
GET /wp-content/uploads/2019/04/hypervoltvstheragun1-1.jpeg HTTP/1.1
Host: www.armourupasia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Sun, 28 Jan 2024 22:38:25 GMT
content-type: image/webp
last-modified: Fri, 19 Apr 2019 22:53:29 GMT
etag: "1c38a-5cba5169-0;;;"
accept-ranges: bytes
content-length: 115594
date: Sat, 28 Jan 2023 22:38:25 GMT
server: LiteSpeed
referrer-policy:
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
X-Firefox-Spdy: h2
shopb.off-75.ml/assets/img/slider/slider1.jpg
104.21.24.108200 OK 536 kB URL HTTP/1.1 shopb.off-75.ml/assets/img/slider/slider1.jpg
IP 104.21.24.108:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 1000x420, components 3\012- data
Size 536 kB (535852 bytes)
Hash 731fb0b676c2ceb34bb6b9203d9bfb9b
b8e475b10e9454c9f283dd1300ae5558694c36a8
8d117be8b50fa1625d6ddf336410931f77f1e0620e708abcd755b66638915bba
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/img/slider/slider1.jpg HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 22:38:25 GMT
Content-Type: image/jpeg
Content-Length: 535852
Connection: keep-alive
Last-Modified: Mon, 29 Mar 2021 10:07:57 GMT
ETag: "2263b648324d71:0"
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k4s0up%2F7QhNqAritfksJ49Aj10pw2i9RCw4Mqc0mD287AbVhGQ72Oiug18%2BjbVDweUOAgc3C92azZBmVwOSxRZaO48HKOPAGj4zucTMdmG7hmSIDsUjDA4azHxbvsHyzS%2B8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37dc385eb4f7-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4599
Expires: Sat, 28 Jan 2023 23:55:05 GMT
Date: Sat, 28 Jan 2023 22:38:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4599
Expires: Sat, 28 Jan 2023 23:55:05 GMT
Date: Sat, 28 Jan 2023 22:38:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4599
Expires: Sat, 28 Jan 2023 23:55:05 GMT
Date: Sat, 28 Jan 2023 22:38:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4599
Expires: Sat, 28 Jan 2023 23:55:05 GMT
Date: Sat, 28 Jan 2023 22:38:26 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4599
Expires: Sat, 28 Jan 2023 23:55:05 GMT
Date: Sat, 28 Jan 2023 22:38:26 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8ddbb22-9894-4103-ab67-a72323ff97b2.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8ddbb22-9894-4103-ab67-a72323ff97b2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24a6f6affe931c41bfac1968026893dc
983e91c705e8f6d9ad3992d6905ebf5916095300
20ef8c4ff7035b897473712b6a2f614b0a551fb91c20314c3a3a19e09087ca0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8ddbb22-9894-4103-ab67-a72323ff97b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4539
x-amzn-requestid: 285ab725-3832-48f2-aa7a-99ecb6a3a533
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyd5FDxoAMFrlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3125-48c7a43e61f1ed6605e80668;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vXeF-sANwk_8VNxhGZdfyBqhGnd_6Mz8sG8Yt3OUyBr1398-IoiOAA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 14:57:15 GMT
age: 27671
etag: "983e91c705e8f6d9ad3992d6905ebf5916095300"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 9e03d89c-08a6-4632-964d-5edaacb5b373
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRheXFRgIAMF_ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d07c5b-543f883f46ad632115102abb;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 00:48:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y8iJSXT5t_9HVVEedvenmnFYpvRvMaeky39lV8PGjmPqqA_0UiiqOQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:12:15 GMT
age: 84371
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 18150
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a8d215-2977-45a6-a7ee-976f499397f9.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a8d215-2977-45a6-a7ee-976f499397f9.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b40aad973e1480deaad2d03e44bf338
09f0b92c397103a18408d01ec8bae135fcdc64ef
f0edf655c65a39dfb6b431b0862979b07e83f306e4330136aeb98e13cff36bd6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8a8d215-2977-45a6-a7ee-976f499397f9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10918
x-amzn-requestid: 61eec1e7-b131-43ea-9ee5-8f181d7aec93
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHwH3HloIAMFRFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc93cb-1402f8c719a98ac717fe1c94;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 01:39:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9LrDmGmNvqt_0_dD_NIw1LxGk1_EiEXhfgDZPsRB4JqHI5QMH84ddw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:46:54 GMT
age: 3092
etag: "09f0b92c397103a18408d01ec8bae135fcdc64ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88a27c66-393d-4cd0-b191-286277c9da31.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88a27c66-393d-4cd0-b191-286277c9da31.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1b66f2ccb0017b06d5e5903e00dede4
f3c7c1abdbab6510de54727cb68eedcc3103e1ce
44d84a015c27d9a298a2ef891e46f2fdd7764d45d914689e127244fef96ddd27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88a27c66-393d-4cd0-b191-286277c9da31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8149
x-amzn-requestid: 8c634b51-b124-4cf9-b20e-897babf98d0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: feRtIG3sIAMF-rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d59653-3f20abcd6c56307b1ebabf2b;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 21:40:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jpe_r8O7AjOS1Mg4kmgDCvxstulkpZI9DXkagbRPmrgyjgwVbDFuog==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:46:11 GMT
etag: "f3c7c1abdbab6510de54727cb68eedcc3103e1ce"
content-type: image/jpeg
age: 3135
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57ff6665d99a17d06b75c8fe64c90ab3
05648eed6830a794aa7e30ba4da526ed4c45b0ca
728b809756a0faff1a55bb03f13f33e31518f321e50dd944a0267d585c09264c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5198
x-amzn-requestid: 8117f45b-926a-4cbe-b152-dae983bc3526
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOYdlG6XIAMF_vA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf3abd-7ce531f65f66ac3a73970841;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:56:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9qRYwsM8g7XZPY2E-9puCMAp7VKUvdIiK8jA0wr0XSpnMScoQYCwGw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:46:47 GMT
age: 3099
etag: "05648eed6830a794aa7e30ba4da526ed4c45b0ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
shopb.off-75.ml/assets/img/favicon.ico
104.21.24.108404 Not Found 679 B URL HTTP/1.1 shopb.off-75.ml/assets/img/favicon.ico
IP 104.21.24.108:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash fc2b593e245e32a79fb1eeb072827dfe
fd894cfb2379286087ba55699619eabd808f2323
52372731405cfc18120d044b53ad6bea7b2caa59017ce3e702bb873c67498e98
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ml domain
GET /assets/img/favicon.ico HTTP/1.1
Host: shopb.off-75.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Cookie: security_session_verify=1758712f2e4ea1d4acb6a6a90f8e4c8a; ASP.NET_SessionId=copv0tr5wfquls2lfqvxuqnm; la=com; cid=1; price=70-73; __vtins__Je3ObktYRVDFSWjx=%7B%22sid%22%3A%20%22b4cf5d59-1bb6-54f3-9886-59494376e41a%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201674947309923%2C%20%22ct%22%3A%201674945509923%7D; __51uvsct__Je3ObktYRVDFSWjx=1; __51vcke__Je3ObktYRVDFSWjx=270da177-2c95-53b1-8082-41ff88e71c74; __51vuft__Je3ObktYRVDFSWjx=1674945509931
HTTP/1.1 404 Not Found
Date: Sat, 28 Jan 2023 22:38:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YR8KuWwtLEbG8%2BltMsqMh8sNfGLiWcpiCkPv%2BXDTCf0%2B%2FJc9Bhg6xwvsXThTptimqUuZbqrLBycYYhG11to%2Bi4W2rx1Uci4giwJcMV%2BDEknigORZ%2FiFMeKVLOvgFR0NgGbs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790d37e6c9300b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap
IP 142.250.74.138:0
GET /css?family=Oswald:200,300,400,500,600,700|Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://shopb.off-75.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 22:38:24 GMT
date: Sat, 28 Jan 2023 22:38:24 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2