r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7046
Expires: Fri, 03 Feb 2023 22:58:09 GMT
Date: Fri, 03 Feb 2023 21:00:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5806
Expires: Fri, 03 Feb 2023 22:37:29 GMT
Date: Fri, 03 Feb 2023 21:00:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17182
Expires: Sat, 04 Feb 2023 01:47:05 GMT
Date: Fri, 03 Feb 2023 21:00:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 20:36:11 GMT
content-type: application/json
age: 1472
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: a07KIXB4ppMswrEUKgUGOyHXH6AeLxGw+zjGAAEjDyrZTlD2JBQD9MjBndMuAdReWDNkpe2cFu8=
x-amz-request-id: Z5HDCY82MZPTTJC2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 20:52:33 GMT
age: 490
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 21:00:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
westdonnifacong.gq/ru/gazprom-bonuses/
104.21.23.238200 OK 3.7 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/
IP 104.21.23.238:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (314)
Hash f29dbf96dd533e61a18cbc451523c4a1
1c760ffa1107bfc32752633a41158c37469740fa
b3af4c71ae1f098d4559bb8fe147fd448ed39c976083347e4f1c12f86e222da6
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/ HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wf29cf2KR4af2b8EPcoh7dU28VqlySttPIT%2F5w0zvc0D7w4mFLGtdRa0Wc%2FGm%2F36iY4gfVMpgGzb8%2F%2F7RyhoKL8TMB0cTtNgobjv5JQbncdb7c5mZC1%2BdyQ%2B8ZZaPu6q%2FPYYY8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793e19040f3fb527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/js/jquery.mask.min.js
104.21.23.238200 OK 3.1 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/js/jquery.mask.min.js
IP 104.21.23.238:0
File type ASCII text, with very long lines (986)
Hash b2f3afc4f78c6a8513759b3082d16cde
7234fade8ce6c38c6c63dc9ba7e263f79055586c
72f76b760386a1ee96a9bee7436e6a87750b66aff00cd4fb0d835019f7f94385
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/js/jquery.mask.min.js HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:03 GMT
ETag: W/"5ee2445f-1cce"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vO1HQ%2BaX8%2Fqyizi41s5N%2FdDCjK1kUQ9vCGuT7g%2Bv3L6wS5ui3eWdegq7JEkxbeNYNa5eiBgZ8GE7FN1WXg6zsTagYVn8%2BIXvCtsAHfmBGPQcAMs%2B%2F2%2FsDqeYTeAdMvFZ9cUnKa8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e19077cd7fab4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 20:07:19 GMT
age: 3205
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
westdonnifacong.gq/ru/gazprom-bonuses/static/js/main.js
104.21.23.238200 OK 3.2 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/js/main.js
IP 104.21.23.238:0
File type Unicode text, UTF-8 text, with very long lines (310)
Hash 297a11413edd7589e7f01a50c4786a97
5e0c9269d3725552a2b0dd6338f65090cd0dc039
9f72a692694e49fe9c4896292ff2e76508c3ae92e22c9e696d686110678c0097
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/js/main.js HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:02 GMT
ETag: W/"5ee2445e-2aa1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kye%2BaoLbq8%2FsoG1niL6uw6kvokiEdimGVbQsXfwOTfk2E0877RONFY9Itpf%2FrAtEqQD5XPbNbPdhpAXapMiRe7YLiQxTL46i67xWcakYcznlLgCn5Wi3fFmeZcJ14C7N0DMq9Fg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e19077b9cb50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/js/comments.js
104.21.23.238200 OK 5.1 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/js/comments.js
IP 104.21.23.238:0
Hash c5dce89021fb61fd1d4d74db890fc4d7
565bcfbe20dd8daf9f020502a8a0ae66f3a5f8c1
298825593ff9000213f96f2ec14383c0c4b882f6b2e1bbd3b5f1468b093d20f3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/js/comments.js HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:01 GMT
ETag: W/"5ee2445d-4ad4"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlWWDtMjtFKEPTKiPhdpDBiogO6h9wqbjn3EZzqToF3v0YESPFcOxSio83ML5H9rtyIpl802WH6746U%2BPVWMLWRm9rCmo%2BUJdYU1PG3bAa1RGH5p3Nm5zRgo693CJ2ROOFYxgFs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e19077f850b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/css/main.css
104.21.23.238200 OK 5.1 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/css/main.css
IP 104.21.23.238:0
Hash 1fc232b3fab7f4d20aa0b8813e47bb1b
5e5f6b1f039dbdfe5f3dcafaadf858225c266b59
6bdf2d0f31bccfec6ef484ec444249a41dc1cd23f65285cc8c720d9035551ac7
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/css/main.css HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:44 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:01 GMT
ETag: W/"5ee2445d-74f1"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIDSG5G9O%2B4%2FcNRfutjS7LRE5tQVSUnJE8z94oPOqcjGPO1gwvl6VCKESYrANvC2HcM2co8m%2FSknhwvNOSQB8dVACCbeyP%2FrncXwsKGU6r2dRNdWWUUjDdPxoykBSo7CJh430tU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e19072ba9b527-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5530
Expires: Fri, 03 Feb 2023 22:32:54 GMT
Date: Fri, 03 Feb 2023 21:00:44 GMT
Connection: keep-alive
westdonnifacong.gq/ru/gazprom-bonuses/static/js/jquery.js
104.21.23.238200 OK 31 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/js/jquery.js
IP 104.21.23.238:0
File type ASCII text, with very long lines (65451)
Hash 176e4a2e6e7128bda339fb357f1ff5a9
bfccc14b2f09fd6e743ad7342f075969d284d665
ff9ca68f99f59799e93c455b61602f7e977f260dca389bc1c9b03740872504b2
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/js/jquery.js HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:01 GMT
ETag: W/"5ee2445d-15d83"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BTJtGkaVX4WEQyRojst4q%2BNOV%2B%2BBHieCCj%2Bmlk%2Bozd7Q1wJhFBQfZFPEOFDIQQNztAhLor7ycAHS9mSUPwwSk500Kfm%2BoBonNl%2FLB9rZ%2FStY2Oa3d0Bt%2FaODZT5uKvOluXebCkw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e19077af7b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
54.186.236.115101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.236.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4INPhhi2QC0Oa8n2nwOnJQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KE+SppTmGzgOqxk2XQxau9pjdbY=
westdonnifacong.gq/ru/gazprom-bonuses/static/css/vkcomments.css
104.21.23.238200 OK 134 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/css/vkcomments.css
IP 104.21.23.238:0
File type ASCII text, with very long lines (713)
Size 134 kB (134424 bytes)
Hash 9674159a2e120297f02f5be9d454c5e1
65a6d0adb230d8b83e5b6a83932ff6b17045718f
44a7d67d627fe839bdf91d829f2ac7ce30c4ab3910c638372b15d7c6df5fd726
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/css/vkcomments.css HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:44 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:01 GMT
ETag: W/"5ee2445d-b819f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Py8uFJIdgUP0UZYwOafbHZJP%2BgrLXJPqWJwVaZlMaX%2FAw6%2FzqxICn7etSHz7Qt03Mdnx9JWk0GTn%2BLoojK5ylHa6ESaeTitgONJiEc2djPs%2FRGX%2BSC9otHwPcbTMqMPwbwsRQvw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e19072db3b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/logo.svg
104.21.23.238200 OK 1.4 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/logo.svg
IP 104.21.23.238:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 0b46ec4922848952b3c314b5dda5adf7
eaf51bd8bf815fc6751bb72ae9664945d12eb1a2
e86e7fc6a4ed76b69724788b47a8c9be55a70f97fbd35e2ce8a06b5051def05a
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/logo.svg HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:45 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:10 GMT
ETag: W/"5ee24466-b8a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xz0MZYNPfqjDYQziwTIz33xkRdOrCQdxjbudXJqeR%2FuSghr6DRwqyEz9NeXvxlymZRRmWmQWJjtZzIq9LNG%2B8IHQN8bMl4LRhl%2BJJFBgiyxupGNNDWzdDTUXci9bwPZFYYc7pHs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e190d8b04b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/100k.png
104.21.23.238200 OK 412 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/100k.png
IP 104.21.23.238:0
File type PNG image data, 1834 x 1376, 8-bit/color RGBA, non-interlaced\012- data
Size 412 kB (412201 bytes)
Hash fe3b75c4ce19981faff345f66b857270
77c84dfef60baaaa131f60ab6de5682897569f95
2456481c2109915e06fd4b4bced4b182ad45ae067fd0b44f1c3c12ef0710e0db
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/100k.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:45 GMT
Content-Type: image/png
Content-Length: 412201
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2022 14:34:26 GMT
ETag: "61e57e72-64a29"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vh2%2FEliYYv2sd3i1xQoWZxIiBvW5kvF6Ak5GrKqVlM4ZEVgALWtO7gEiLsdqkZedcPiQLeyO5KuJYABUvZg4c9Aj0R7PtKdRVOSdNHUEKmKDlt%2BRucEBQWUcpa%2BwiwSjbjcApNw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e190d7df30b61-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/director.jpeg
104.21.23.238200 OK 35 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/director.jpeg
IP 104.21.23.238:0
File type JPEG image data, baseline, precision 8, 290x419, components 3\012- data
Hash 325700b94f9fdf671a0060e66152bafa
776b4870ddae61787f410e7decd14d3c21b55b68
2115af1ff3fca83eae2a1a9f908982d45f01e7b31fede74b7df0e07017540d38
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/director.jpeg HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:45 GMT
Content-Type: image/jpeg
Content-Length: 34857
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:10 GMT
ETag: "5ee24466-8829"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeFz%2BghzTRJMVjI4TdoFB9gMQurLgx%2FFOUiL8qPItSvqRm1KdyQC40osgs989hXhAf6AXj3EHfvIoDMMHnqLGkYXp%2FMH7JgEVe7B1Xbfr%2BW%2BxBqR5ppNK427EA8Frf1UAcKOnOQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e190d7c57b518-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Geometria.woff
104.21.23.238200 OK 47 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Geometria.woff
IP 104.21.23.238:0
File type Web Open Font Format, TrueType, length 46804, version 0.0\012- data
Hash 5b3095d4d47c44c339c00087e66242d8
4ca09b9930baa2c347992995887d06fe2971efa0
c7714c82617471d1fd838299c9a428b77a1be6189dea1d0fcd5e9c09e4989e05
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/fonts/Geometria.woff HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/static/css/main.css
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:45 GMT
Content-Type: application/font-woff
Content-Length: 46804
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 17:34:56 GMT
ETag: "5ee26b40-b6d4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEHN%2BICpQT7htDovrhBuFUA113VrmbRaXuVGcZ5cpjx4tkJrAZ0wNqjdgVbgTYP%2FAGT9z2gDFi22jVDCjIxt490ZYtZR2m%2FcEIB1iFrezdc9pCC4HkinQ4FRUdrCqLVvEr8GTzQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e190f0cd7b50f-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/5k.png
104.21.23.238200 OK 400 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/5k.png
IP 104.21.23.238:0
File type PNG image data, 1834 x 1376, 8-bit/color RGBA, non-interlaced\012- data
Size 400 kB (400468 bytes)
Hash 14bac6145e35693ceca52e0131e3d711
4154cfc42b3a428079d2639cb784a12aa9b39384
e55aae1e295fc3b9f0d803cdc18c50cf4b7a22addde964ff39b951833c3c0550
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/5k.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:45 GMT
Content-Type: image/png
Content-Length: 400468
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:09 GMT
ETag: "5ee24465-61c54"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TbZ%2FkcdWRqKTCOkMAKF4PDvWlqNNWtcCjhDFtx7rUvaL5lxtUZeUcufPgXl5OXcHImJCDmGNue%2BXdtaOrRJvH7RmjSpHwsL7VTXYPsUrerwimmHd4tjzMgEbB1NBOc0X2O5roJA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e190d8ea0b527-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/10k.png
104.21.23.238200 OK 408 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/10k.png
IP 104.21.23.238:0
File type PNG image data, 1834 x 1376, 8-bit/color RGBA, non-interlaced\012- data
Size 408 kB (407593 bytes)
Hash 85b9a2a0a5c44d20a7c801dd2329c3cf
8629a99fcde7c4554fc2b40a6ff2199d39bd78bf
0e8b1939358a6f7f565607570ca04a7f63edb981471954e3307d2acd9156e104
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/10k.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:45 GMT
Content-Type: image/png
Content-Length: 407593
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:08 GMT
ETag: "5ee24464-63829"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jiRU3%2BSihAF9EaEemTl8tARU8yqqjACwDE64PTCQo39Bw9ETL9YeCXLMnB33PHhVUUK9nsWghA8%2FOJebnCoyHJoBVJln6bgoOs%2FzIjE5tKbubLul7uMM9p8aIan%2FUJc%2BYNex%2BC0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e190d8e39b511-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/2k.png
104.21.23.238200 OK 401 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/2k.png
IP 104.21.23.238:0
File type PNG image data, 1834 x 1376, 8-bit/color RGBA, non-interlaced\012- data
Size 401 kB (400772 bytes)
Hash 365fa7031eec9ada9247a10d19f912ce
d9b9619ca5806b4667f32d344869ae53a5023229
748028bce805254572f0ca1ea2f6ad3c3879a0039f0e649244b4dca0d6b96058
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/2k.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:45 GMT
Content-Type: image/png
Content-Length: 400772
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:09 GMT
ETag: "5ee24465-61d84"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0QBSNT8Mr2OWA548ofzfBZhEwKRhs2ljW5r8b4NC0YThlVQbDq8NNCC%2Bz%2FCh3d9f5jLY2YtFUr%2Fjcaco4f0tn%2FOJU1S6jeC7I033w%2F8PXtV%2BZUzSJmen9UlCDKRxkweaXRrKf1I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e190d8a67fab4-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Geometria-Medium.woff
104.21.23.238200 OK 47 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Geometria-Medium.woff
IP 104.21.23.238:0
File type Web Open Font Format, TrueType, length 46808, version 0.0\012- data
Hash 31d95d36b9e3eb840c57f2f6caf058e6
a4555b76265cbbeb508aa6077279ad9b8b1d52c5
10a12049c7884bc104e4897672142d76d49a77ab7dc753ede70a4a013caf06ce
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/fonts/Geometria-Medium.woff HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/static/css/main.css
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: application/font-woff
Content-Length: 46808
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 17:34:55 GMT
ETag: "5ee26b3f-b6d8"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AAjl%2FON44Lfm%2B7eL68OCAcTkN%2BAwznRZmlKuR%2BHFux0taml42DlxkkXwXE%2Fpkk%2B%2F89g0nOIz%2BHHMwc7R%2F%2FFk%2FoH9NlkP6XWDRpf5JffcgdNyrrquWpNTaWRKm8Z950KM2xxyz2M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1910591e0b61-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3167
Expires: Fri, 03 Feb 2023 21:53:33 GMT
Date: Fri, 03 Feb 2023 21:00:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3167
Expires: Fri, 03 Feb 2023 21:53:33 GMT
Date: Fri, 03 Feb 2023 21:00:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3167
Expires: Fri, 03 Feb 2023 21:53:33 GMT
Date: Fri, 03 Feb 2023 21:00:46 GMT
Connection: keep-alive
westdonnifacong.gq/ru/gazprom-bonuses/static/img/icons/comments_widget.png
104.21.23.238404 Not Found 116 B URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/icons/comments_widget.png
IP 104.21.23.238:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/icons/comments_widget.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/static/css/vkcomments.css
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTJz4HO3ieCH9yUojUsVwKdlhx0xv9hZpwGGlVYSf7oTpDQp9fV93QALOXTrrVtsCjDJ4P1BSGTif1WQu56ScYitiMmL%2FFDpbdIglC%2BosY0uT105oGV%2FEVwjye0W88HU1C9Wtog%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1912cd36b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 83565
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 82977
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e706db8a6107758a148463e916f2532d
4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81
673f18036a53f8ff297ef6a63fd094e7c41d90f3960f0e687a741cc7dd3f6172
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffda40dcf-1e5b-4e49-bd65-084935f52db9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6791
x-amzn-requestid: 665115ea-728e-4a55-aaf8-b09db3fa67a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffl96FIzIAMFYGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61d25-0abbd7262ca10b7a7d2bf9eb;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:15:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPgaBSGyLJQnN0ofVRFniW2LqzgKVWchSKYSjYCmuPtpL9Ner81ARQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:14:03 GMT
age: 82003
etag: "4b0b8cb5ced3e3e67b0320a3bbaecd2176e21b81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 20c6f462-0f1f-44d1-9b6b-6afbc4e79e8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpYpcELtIAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63da07d5-44cd803c0feba28919b0a9ec;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 06:33:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T3PhGRcHX1X2hn8K_4587fXBrEyuY5Em-b9Jg41uH4uyQXeFoRBIYg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:46:56 GMT
age: 83630
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 82852
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/painting.png
104.21.23.238200 OK 15 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/painting.png
IP 104.21.23.238:0
File type PNG image data, 415 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 503f78b31d31d8793d2382836be6fde8
2c3823bc025405d27902d3366d15a8716e95d48d
7dc426632da6b67c5147e2091130d9e03a28948cb9241b2047f4f33d822296a0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/painting.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: image/png
Content-Length: 14851
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:11 GMT
ETag: "5ee24467-3a03"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zxc95472XEWzD2BE8EdkVIU2%2BxA4GicIxcbThjSg1i5DsylyxJqK0Q3E64EJ0sJvFiZa10YjhZlpHHnj4ViWaW0NntQFH8Uv6pVSJxjPodKvM%2FinVt%2B5udFCbn%2BhBuGeNgyHnK0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1913888cfab4-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Roboto-Light.woff
104.21.23.238200 OK 281 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Roboto-Light.woff
IP 104.21.23.238:0
File type Web Open Font Format, TrueType, length 280972, version 0.0\012- data
Size 281 kB (280972 bytes)
Hash a79ff836df2a73abf2dacb1f1af2d225
2fa057b66d36d990a9e913af36af44f0f78dec04
527e57c2b8c55a00804198df15551bea4ce6a54773c70ce1071cbfdbbf38ce9c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/fonts/Roboto-Light.woff HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/static/css/main.css
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: application/font-woff
Content-Length: 280972
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 17:34:55 GMT
ETag: "5ee26b3f-4498c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ay8%2FJ7QtteVtN1%2BHCFlOoucD13RmplSeeEzHOQHE4NtvO8dqdfy%2BrRSx32bcoRfGVoOdrsrpkNQ3BJ70tZ6aEp%2FFGt73nOVLMTRK5mDhMFrP5iNs1xMiese%2BBNoY6mlPBS%2F%2Bx20%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1910e968b518-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/15k.png
104.21.23.238200 OK 406 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/15k.png
IP 104.21.23.238:0
File type PNG image data, 1834 x 1376, 8-bit/color RGBA, non-interlaced\012- data
Size 406 kB (406467 bytes)
Hash cec4919be1330fe80ad8f6100357d082
cadb8a8ac5a11e4b91b92492f735506280e67769
f4aa099e34bd36695f31b8fdc51711997215075317a676f2e672f6897b6e34c2
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/15k.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: image/png
Content-Length: 406467
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:08 GMT
ETag: "5ee24464-633c3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yvph7VEsCwiKpYzuv%2F9n5xV41ou4dYyjf0RlV3Z%2FWdcZAgWySld0Ak2uoVUU72cKtRobF1BQeGhLQ%2Fi%2BuVsC6l0n7j%2BQCs%2F6gKQeXuDsUc%2FVUKVV8S3WObgSWdRNadznSp9gOQY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1913bd0d0b61-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Roboto-Regular.woff
104.21.23.238200 OK 280 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/fonts/Roboto-Regular.woff
IP 104.21.23.238:0
File type Web Open Font Format, TrueType, length 280060, version 0.0\012- data
Size 280 kB (280060 bytes)
Hash 8c9e2179f46b280d31ee9422ce0e41e2
3a04db5ed2137206c5868cf94ccbe0cba4ae280f
4e88cc5d3ac1f10bfe52ba2325b1c1645e11406e17707931723d3ecdba2770d0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/fonts/Roboto-Regular.woff HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/static/css/main.css
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: application/font-woff
Content-Length: 280060
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 17:34:56 GMT
ETag: "5ee26b40-445fc"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHUB7FG%2FhwCewbMxQoOzWRjSpaVKmaIIIhs1jnKSLP2koxpTIupURI9gu1iZvWR4gJx%2FknpsBdmWmIHtZTGkb2GoOODwKiYWzoz5LP8HCHC8dwep4vPQzFjHTbw2cXhGElrJ3wo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1912789eb50f-OSL
alt-svc: h2=":443"; ma=60
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/photo_2019-07-31_19-27-54.jpg
104.21.23.238200 OK 476 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/photo_2019-07-31_19-27-54.jpg
IP 104.21.23.238:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1620x1080, components 3\012- data
Size 476 kB (475550 bytes)
Hash 5282da143863742cc1222b72302263fd
b61afc6c5d24be9a74bbdeb44907a7d91e9142f2
9532f6fda7dcdf034ad93792b90393bd0b51af1576bec5bbd7c08e9b39efc940
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/photo_2019-07-31_19-27-54.jpg HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: image/jpeg
Content-Length: 475550
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:12 GMT
ETag: "5ee24468-7419e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VT5FWNkEZVbwWsVqNMEokefVn7mmiL6WM1fUGrX8N7YGNF7b9OnXFYTjWrooyG24%2B4jKgGVb%2BCVmT%2Fx3pZGSCNmBrNiUJVPko85LY8kXpN8%2BTT0Xjkm0bA6h6DZxOj%2Fx2%2FyhM%2F4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1912ad0bb527-OSL
alt-svc: h2=":443"; ma=60
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash c7c7f7e2ba9383b933b2b398f64a8008
e3cc2dbbda9396eb9d845e3d3fd22bcef5a87ffa
c3c71fa9bf0b792cc884cc836df3139f7f8100584282912fe924fa8aadcb8a42
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 07 Feb 2023 19:49:26 GMT
ETag: "e3cc2dbbda9396eb9d845e3d3fd22bcef5a87ffa"
Last-Modified: Fri, 03 Feb 2023 19:49:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 354
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e191a0bd3fab8-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 1b395c3ad5cb594363470f047dde1548
18b535957b45ec668a55291dbfdc1af9a0ed35f6
428cfd706ae17d83547de9ad46660e02981a8001fb5d769d32248961690b6d28
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 07 Feb 2023 20:10:00 GMT
ETag: "18b535957b45ec668a55291dbfdc1af9a0ed35f6"
Last-Modified: Fri, 03 Feb 2023 20:10:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 586
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e191a5c09fab8-OSL
vk.com/images/camera_200.png?ava=1
87.240.137.164200 OK 23 kB URL HTTP/2 vk.com/images/camera_200.png?ava=1
IP 87.240.137.164:0
File type PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Hash 668f92e936e6c426400802fee4c711b9
83633a67b6758108d80a6f5ba67e49f8b12612bc
8efa03b9ff85c5e4e945f9bb66a8e576e9f57c66c5b404db35faab279a831d3b
GET /images/camera_200.png?ava=1 HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/png
content-length: 22867
last-modified: Tue, 22 Sep 2020 20:29:55 GMT
etag: "5f6a5ec3-5953"
expires: Fri, 10 Feb 2023 21:00:47 GMT
cache-control: max-age=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 1b395c3ad5cb594363470f047dde1548
18b535957b45ec668a55291dbfdc1af9a0ed35f6
428cfd706ae17d83547de9ad46660e02981a8001fb5d769d32248961690b6d28
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 07 Feb 2023 20:10:00 GMT
ETag: "18b535957b45ec668a55291dbfdc1af9a0ed35f6"
Last-Modified: Fri, 03 Feb 2023 20:10:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 586
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e191a6c1dfab8-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 1b395c3ad5cb594363470f047dde1548
18b535957b45ec668a55291dbfdc1af9a0ed35f6
428cfd706ae17d83547de9ad46660e02981a8001fb5d769d32248961690b6d28
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 07 Feb 2023 20:10:00 GMT
ETag: "18b535957b45ec668a55291dbfdc1af9a0ed35f6"
Last-Modified: Fri, 03 Feb 2023 20:10:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 586
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e191a79cab50f-OSL
sun9-70.userapi.com/c637221/v637221430/4f4f0/OZoGaLxRiik.jpg?ava=1
87.240.185.169200 OK 13 kB URL HTTP/2 sun9-70.userapi.com/c637221/v637221430/4f4f0/OZoGaLxRiik.jpg?ava=1
IP 87.240.185.169:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 400x400, components 3\012- data
Hash 4d499b7b3f64395ba2ada0318f90fb04
8f278c8c3407df5e59d0e032b006fca9420a48bd
1d766182ccc0f120993f83d3fb39cb923b20a00ac2896d557f9320e29e6ebfa6
GET /c637221/v637221430/4f4f0/OZoGaLxRiik.jpg?ava=1 HTTP/1.1
Host: sun9-70.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 12868
last-modified: Thu, 18 May 2017 08:58:04 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front220305
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 1b395c3ad5cb594363470f047dde1548
18b535957b45ec668a55291dbfdc1af9a0ed35f6
428cfd706ae17d83547de9ad46660e02981a8001fb5d769d32248961690b6d28
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 07 Feb 2023 20:10:00 GMT
ETag: "18b535957b45ec668a55291dbfdc1af9a0ed35f6"
Last-Modified: Fri, 03 Feb 2023 20:10:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 586
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e191a8c2afab8-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 1b395c3ad5cb594363470f047dde1548
18b535957b45ec668a55291dbfdc1af9a0ed35f6
428cfd706ae17d83547de9ad46660e02981a8001fb5d769d32248961690b6d28
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 07 Feb 2023 20:10:00 GMT
ETag: "18b535957b45ec668a55291dbfdc1af9a0ed35f6"
Last-Modified: Fri, 03 Feb 2023 20:10:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 586
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e191a89e9b50f-OSL
pp.userapi.com/c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 113ed1e12d267373bc7165dd43d2874d
7dc6259b31d87844e981a833079107d445b04b4f
4d215980822d00eac540b144287d4963223a2201c46008c66a96e3ab0b44d057
GET /c851328/v851328617/1300a0/-6pcbsCkBV4.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 12349
last-modified: Sat, 01 Jun 2019 19:40:37 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
sun9-6.userapi.com/c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1
87.240.185.133200 OK 14 kB URL HTTP/2 sun9-6.userapi.com/c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1
IP 87.240.185.133:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 3b7fa24f279e0a47c943a7aca5c41cc4
0e6f4707aba4ba42fd8a68f149c0441f27b3bfaa
72bfc9e56b1e290b558f541396eeda03815631f82253f90f383e5a7236934354
GET /c850128/v850128085/136aef/GXMVwqqYtgA.jpg?ava=1 HTTP/1.1
Host: sun9-6.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 14329
last-modified: Sat, 11 May 2019 06:25:15 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front221105
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x300, components 3\012- data
Hash 1815c13ed392857117402e56e70f1d97
9d11a2402e7926f56990ea4f6558b9ae1428f340
0a5cb0fad7b61743ef8b711e895200b595cf1b41238496fdf9546353ceef5e9f
GET /c836131/v836131893/3dbc/rM31jtMPQeo.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 11715
last-modified: Sun, 02 Oct 2016 20:26:26 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1
93.186.225.200200 OK 14 kB URL HTTP/2 pp.userapi.com/c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 1bbad063352babac3c093caef46d0acb
ed979e7de80945168a2d6dee7a5b0a492a072cc3
f1b5015d82543eb44542f5aae5548ae2c7518327a54a512a63c0d59e81795c60
GET /c841422/v841422872/afa6/7uOV04XAz5A.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 13522
last-modified: Thu, 27 Jul 2017 16:47:28 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1
93.186.225.200200 OK 15 kB URL HTTP/2 pp.userapi.com/c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 949417782b02a00b5990df62f1c322ac
2c2ac16826ff6d2519c00f6b2920d2e042350b71
417db116bed44730a91bbe80021e53a3401c5cc340747a95a2c86669613e09c1
GET /c841022/v841022500/554b6/Flh9w9t87mU.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 14611
last-modified: Wed, 27 Dec 2017 19:17:47 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1
93.186.225.200200 OK 34 kB URL HTTP/2 pp.userapi.com/1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x204, components 3\012- data
Hash 7c478721c3954aea3f2e7768e531cdb8
33bf54954988dadefb78dfbc0babcf2cfea5823a
e77075f0caef49dde7dd910e0da41c91ef912c77cd81d320afd65646993a29d2
GET /1zXHKoX__oHD0zFaTDVJOAz_J0V12bQ9WsAvDw/TRU-UZILQFA.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 33498
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 0c6e3ad5-9e46-4b4f-941a-c2fc7c684adb
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c5120/u98913860/a_3c510fcd.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c5120/u98913860/a_3c510fcd.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 200x186, components 3\012- data
Hash 5450f9f80f22a7352976aad7c436f583
26660fd9bc123e7e2d3561f3e8d119b18bee2714
280013fdd7d8d8b4a95505d558b625722e40c6fad6558dd2dbd7916bd43637b9
GET /c5120/u98913860/a_3c510fcd.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 11494
last-modified: Thu, 26 May 2011 18:37:59 GMT
etag: "4dde9e07-2ce6"
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/50k.png
104.21.23.238200 OK 410 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/50k.png
IP 104.21.23.238:0
File type PNG image data, 1834 x 1376, 8-bit/color RGBA, non-interlaced\012- data
Size 410 kB (409661 bytes)
Hash 1db8d78a20183f8e0340b9f767115430
33a14c85251fad800777d2a336d98e64a241fd82
81ecd6a8325ad17751c81ede6532cf5108236aa41e7422301e5e342a4d6d46f5
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/50k.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: image/png
Content-Length: 409661
Connection: keep-alive
Last-Modified: Mon, 17 Jan 2022 14:33:23 GMT
ETag: "61e57e33-6403d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fvgm0MpbKvZGIxlPiELV5LzzfCIpVOvn8gg00C1FHQ0DLKif3WdHjlO%2F%2FD6iIE8yED0rSN9j5QmMcSUnO1p8alSvHdpvzdQ3HMVEqkZ5F9b%2F4SjKQ1EN%2BB%2FfbwSz0PP%2BOy98SY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e1915fa92fab4-OSL
alt-svc: h2=":443"; ma=60
pp.userapi.com/c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1
93.186.225.200200 OK 15 kB URL HTTP/2 pp.userapi.com/c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash a1b59f5e54d60317ea93b3de097f8ce8
33f46ab01057d234394f596c2b4d36ac3a87fff2
3349224fa7553bb09ea418bd74e6b18818745a0368fe8329f8c0f7cff12a546f
GET /c852016/v852016462/12a111/xZHL5x6QPc4.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 14808
last-modified: Wed, 29 May 2019 14:46:14 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1
93.186.225.200200 OK 8.5 kB URL HTTP/2 pp.userapi.com/c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 1217e77273c853b49988d5364b8a7a84
5ddc05ded07117b9d909d97880fdeecf9cdbd9f2
767da781fe013e58e40389c1e0c9f970af5c672fb545a82d77d0c2683a551032
GET /c636017/v636017094/2053f/y4dJiZWD188.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 8490
last-modified: Thu, 18 Aug 2016 08:08:53 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1
93.186.225.200200 OK 12 kB URL HTTP/2 pp.userapi.com/c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 976b15da33325e29e007d9996038da7c
61bce622bcb57879e004de2fa343f7fff845975f
89ec193043e9035a98baeabb6dd61afa33d873de137d21999ac8eee17f1c70a3
GET /c834303/v834303640/837de/rFa45evhyxY.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 11743
last-modified: Fri, 12 Jan 2018 22:35:08 GMT
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/20k.png
104.21.23.238200 OK 408 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/static/img/general/20k.png
IP 104.21.23.238:0
File type PNG image data, 1834 x 1376, 8-bit/color RGBA, non-interlaced\012- data
Size 408 kB (408148 bytes)
Hash f9a1aec6aded791dbbaa55fd31861148
a6884f2411170fc9b67363f1c6a107cba220252d
a30f5429c9b318c644dc16ab125fdcfa30a41803c902be1c00a34c882ea22a30
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/static/img/general/20k.png HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:46 GMT
Content-Type: image/png
Content-Length: 408148
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:49:08 GMT
ETag: "5ee24464-63a54"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OIKNXG%2FQz3XVY%2FdJyH2vbNnKcMaU5xBLOxXyKXO0DEopU2pwAeg%2Fo0Vd7ye24UrjWnIapuv2KxnQCGD1Kl2%2F0xzJT%2FCSDqn5zgzFeuQhIHSe1vEnD2EI6guk8FcQx7xbRXZupSY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e19146f77b511-OSL
alt-svc: h2=":443"; ma=60
pp.userapi.com/c10506/u144023376/a_2502ec1c.jpg?ava=1
93.186.225.200200 OK 18 kB URL HTTP/2 pp.userapi.com/c10506/u144023376/a_2502ec1c.jpg?ava=1
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 93", baseline, precision 8, 200x219, components 3\012- data
Hash a063df385c6d1177dab1657d104f2411
0b8222b5f44e8c3c253b801b55b180f74267e941
2145ae275b07f71a0b53223d057a11d136ca6eab0b96183060f1e95b559791a6
GET /c10506/u144023376/a_2502ec1c.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 17760
last-modified: Wed, 17 Aug 2011 04:15:08 GMT
etag: "4e4b404c-4560"
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
93.186.225.200200 OK 22 kB URL HTTP/2 pp.userapi.com/VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 4e46f637447bd6219dc602f1db24255a
b194602511439b2facc826f29971d2e42d5bcf4f
928f88a8a11b1fec7b2dd29727263e8ca4ac00b5bb0ccf5fe6b2d3be881caab9
GET /VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://westdonnifacong.gq/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 21798
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: 13c606a4-d51d-410b-99a3-7071707e33c3
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
93.186.225.200200 OK 16 kB URL HTTP/2 pp.userapi.com/qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 4915x4915, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Hash 55727fdc3464d4b2d6affa98f542aaae
d5ff2a848113ebd076545c277f66bea3b074ba9b
70a04afd372efe1e12a90b48befa2d7dacca831ae49d6f9f10c33e05a38a4f0b
GET /qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://westdonnifacong.gq/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 16149
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: d48848a3-cf8f-40eb-bb1d-fee69567c1d1
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
93.186.225.200200 OK 1.9 kB URL HTTP/2 pp.userapi.com/0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 862fc22714936eb5dea3faa36eaa9d88
c413a006ea2e569b2d4b1a05c7d00ff2b5083697
43943e557e935a8f6dfa1cb1c9f4607e49311f0a024846eefa8864269e58d38c
GET /0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://westdonnifacong.gq/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
content-length: 1914
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: b8e525dc-b8bc-4a55-babb-2c7220dc4246
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
westdonnifacong.gq/ru/gazprom-bonuses/favicon.ico
104.21.23.238200 OK 29 kB URL HTTP/1.1 westdonnifacong.gq/ru/gazprom-bonuses/favicon.ico
IP 104.21.23.238:0
File type MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 8b38834a18b7909179f07c72ad124940
e96193a1f16e638f249f864bc467302d1a325bfe
02c939860b26af1ce443d09a871ad73a92d69d97b13c3c90e2d0621f173a4f3f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.gq domain
GET /ru/gazprom-bonuses/favicon.ico HTTP/1.1
Host: westdonnifacong.gq
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://westdonnifacong.gq/ru/gazprom-bonuses/
Cookie: timer=161341; PHPSESSID=jnqsoe4k2tl0u6j6gonbp0qgaj
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 21:00:47 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 11 Jun 2020 14:48:55 GMT
ETag: W/"5ee24457-1cd6a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKP6Gj5%2Fapl0l8my%2FBiW1vcudTADx908B5EKZAK8JKaDO6GcPVck9PB366r%2F9ZmX7vFqLUd2VmlQf8Njaeldrhv9AXa62WMeAF%2F4IJnXwStMEnJAS9LtFT2sJvEuWX7bZ2ImDfU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793e191a3d470b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
pp.userapi.com/dGyuZQ9Q-JpbUVyBdLOmPxELlayZxrnZBzpocw/C28UUYxVdao.jpg
93.186.225.200200 OK 20 kB URL HTTP/2 pp.userapi.com/dGyuZQ9Q-JpbUVyBdLOmPxELlayZxrnZBzpocw/C28UUYxVdao.jpg
IP 93.186.225.200:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x300, components 3\012- data
Hash 90618bc3c059d98bf468367dd5548878
9ada5e3becdcd7d50bbf91fea7c9995b4397b342
a811c857bd6932762e2d7c4c1dabb148aced0eea9887769b0c31ef648535210d
GET /dGyuZQ9Q-JpbUVyBdLOmPxELlayZxrnZBzpocw/C28UUYxVdao.jpg HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://westdonnifacong.gq/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Fri, 03 Feb 2023 21:00:50 GMT
content-type: image/jpeg
content-length: 19480
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
request-id: d3cf49cf-90e5-485b-afef-562e6b75611e
expires: Sun, 05 Mar 2023 21:00:50 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
accept-ranges: bytes
X-Firefox-Spdy: h2
pp.userapi.com/c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1
93.186.225.200301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1
IP 93.186.225.200:0
GET /c847019/v847019473/1bea49/9NSXfX6Z8bw.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
location: /VWfqGdHQX0yjMwh58jpDpW5FM4x1O-uOs_W68A/bMipBTWZ_sU.jpg
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1
93.186.225.200301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1
IP 93.186.225.200:0
GET /c848732/v848732920/18919d/YSNIWV6uDfo.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
server: kittenx
date: Fri, 03 Feb 2023 21:00:50 GMT
content-type: image/jpeg
location: /dGyuZQ9Q-JpbUVyBdLOmPxELlayZxrnZBzpocw/C28UUYxVdao.jpg
expires: Sun, 05 Mar 2023 21:00:50 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1
93.186.225.200301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1
IP 93.186.225.200:0
GET /c846324/v846324005/1e0ea7/2ThiLiaJIRU.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
location: /qEqOBCztirt728uF6zkJ1jk4ZpPYZkE2A11bKw/OtCJDwqvEgc.jpg
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2
pp.userapi.com/c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1
93.186.225.200301 Moved Permanently 0 B URL HTTP/2 pp.userapi.com/c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1
IP 93.186.225.200:0
GET /c852032/v852032209/c4ff7/VwMNPPmrDkk.jpg?ava=1 HTTP/1.1
Host: pp.userapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://westdonnifacong.gq/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: kittenx
date: Fri, 03 Feb 2023 21:00:47 GMT
content-type: image/jpeg
location: /0tomcCqsmnvIoWXtqQ0oh0RsI7_ufIPalY1dhA/XSHq7x-LCyI.jpg
expires: Sun, 05 Mar 2023 21:00:47 GMT
cache-control: max-age=2592000
x-frontend: front613326
access-control-expose-headers: X-Frontend
strict-transport-security: max-age=15768000
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-headers: X-Quic
X-Firefox-Spdy: h2