Report - cs-legion.clan.su/load/8

Report Overview

Submitted URL
cs-legion.clan.su/load/8
IP
195.216.243.130
ASN
#57724 Ddos-guard Ltd
Submitted
2022-11-26 04:43:27
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	445 B	168 kB	142.250.74.163
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.35
vkontre1.my1.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	638 B	1.0 kB	193.109.246.56
radikal.ua	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	290 B	311 B	138.201.173.78
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	729 B	23.36.76.226
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.255.30
www.whitegadget.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	372 B	93 B	103.224.182.253
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	8.9 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
csternopil.at.ua	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	650 B	38 kB	195.216.243.25
www.permvelikaya.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	294 B	565 B	82.146.44.71
clun-legionteam.narod.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	277 B	83 kB	193.109.247.227
permvelikaya.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	290 B	873 B	82.146.44.71
cs-real.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	293 B	120 B	23.110.224.178
ahmadyusrie.files.wordpress.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	702 B	157 kB	192.0.72.20
qcs.su	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	268 B	386 B	92.53.96.174
immortal-tm.ucoz.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	80 kB	195.216.243.221
cs-monitor.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	628 B	4.2 kB	77.222.54.210
ua.snapsnap.io	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	4.6 kB	104.21.46.37
img-kiev.fotki.yandex.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	302 B	43 B	77.88.21.31
cs9969.vk.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	658 B	1.1 kB	87.240.137.164
photobucket.com	14012	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	714 B	2.5 kB	54.230.111.114
coolboys.at.ua	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	622 B	108 kB	193.109.246.15
www.uaplay.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	284 B	723 B	81.177.140.11
lifeless-team.ucoz.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	626 B	3.3 kB	195.216.243.218
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	2.0 kB	151.101.86.133
www.csomsk.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	273 B	441 B	195.216.243.23
counter.yadro.ru	7275	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	1.7 kB	88.212.202.52
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
s30.ucoz.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	8.4 kB	195.216.243.130
cs-strikez.clan.su	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	1.4 MB	193.109.246.46
img507.imageshack.us	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	287 B	320 B	38.99.77.17
img2.cda.pl	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	377 B	146.59.70.156
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	58 kB	34.120.237.76
absoluteroute.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	403 B	140 kB	193.200.64.20
vh380.timeweb.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	258 B	92.53.96.174
cs-legion.clan.su	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	16 kB	533 kB	195.216.243.130
ural-cs.clan.su	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	630 B	24 kB	195.216.243.26
themes.googleusercontent.com	9661	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	509 B	61 kB	142.250.74.33
rot.spotsniper.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	740 B	716 B	31.172.81.159
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408 B	1.2 kB	142.250.74.164
www.csfight.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	570 B	746 B	5.187.5.214
csomsk.ru	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	274 B	1.1 kB	195.216.243.23
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	724 B	3.8 kB	104.18.20.226
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	984 B	143.204.42.88

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	cs-legion.clan.su/load/8	Phishing
2022-11-26	medium	cs-legion.clan.su/load/8	Phishing
2022-11-26	medium	cs-legion.clan.su/?59JKIRiWkM4yaHK1zt94EBTHiOu4JxI6cY9PSXyCb3c6dXTkK6xS4%3B81Hv4cvLiAGPMbVlx7RG6x4YClAH%21aQz%5EC9y4%217C%3BaAa1ZxbuOfnnvayBZS7k8e945gXwAQI1VewF3RfOl0M%5ER0SVpOF%5ExkrKR0iUYwEtkJEMxBkVDwa2gxuf5rT0hhHTiB5ActTJb%5EmKwYaITuhVDu%3BcDuJKWe4VZTwoo	Phishing
2022-11-26	medium	cs-legion.clan.su/?IAPiSQtFzXAqT7nZ2YHOUAjZ1blfUcraRUsieZrVuwmW4%3Be%5Ev2%3B6xsqVWQ0y%5ExH5XT9dj8%21QH8WAk2dh20HNTLe9%21nNA3YTLgOCt7%5ERQsrtWFkh%3BlAcY6YmJuCsVrxOm6uTWIXFOrGWZrhnT9WiY8H4mhezFULNzKf63%21st%5EwCx3n3UMSjCNwFZX1APfBtR1k6znwzrda%21HbaO71LhKN6G6thm03%5E%3Boo	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/src/jquery-1.12.4.min.js	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/src/ulightbox/ulightbox.min.js	Phishing
2022-11-26	medium	cs-legion.clan.su/enemy/strely.js	Phishing
2022-11-26	medium	cs-legion.clan.su/enemy/cookieenemy.js	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/src/uwnd.min.js	Phishing
2022-11-26	medium	cs-legion.clan.su/enemy/strely.js	Phishing
2022-11-26	medium	cs-legion.clan.su/mchat/	Phishing
2022-11-26	medium	cs-legion.clan.su/enemy/cookieenemy.js	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/img/icon/social/fb.svg	Phishing
2022-11-26	medium	cs-legion.clan.su/?VdS86dM68%21n0OU3%5ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%3BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%21QdaeU	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/src/uwnd.min.js?2	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/img/icon/social/u.svg	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/img/icon/social/vk.svg	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/img/icon/social/ya.svg	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/img/icon/social/gp.svg	Phishing
2022-11-26	medium	cs-legion.clan.su/.s/img/icon/social/ok.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	cs-legion.clan.su/load/8	743 B	2023-03-11	2023-03-11
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-03-11 20:28:08 Times Seen1 Hash 4d0f2b6aab84dd5b55637177d3e96db2 7b4d1fb542d0e5124d2d5b710445e8b8ac652374 181a94fee110074b33f1cf934b1f2f221a5484155b15751c0915a3f291a22e2e Loading...

	cs-legion.clan.su/mchat/	271 B	2023-03-07	2023-04-08
Pretty URL cs-legion.clan.su/mchat/ IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:59 Last Seen2023-04-08 22:59:17 Times Seen69 Hash 7f6c8875e5bd924f0b3e44fb02f6e8f3 8462791c315515b7302a8388883d81a9c057a7dc 3a0dc4e7ca7a7aa57fa9013d8c16e2798fa8947791867664308c180475402577 Loading...

	cs-legion.clan.su/?VdS86dM68%21n0OU3%5ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%3BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%21QdaeU	224 B	2023-03-07	2024-04-24
Pretty URL cs-legion.clan.su/?VdS86dM68%21n0OU3%5ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%3BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%21QdaeU IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:44 Last Seen2024-04-24 13:56:02 Times Seen83 Hash 72c97871e6f2bb7dac08250a88927425 547b31569435e2df436c9b108a4500962c7a82a6 ffc2812d6882ba202a26172aab29455538f0a8540cc4b9ee0bb39b5b15224d0b Loading...

	cs-legion.clan.su/load/8	1.2 kB	2023-03-11	2023-03-11
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-03-11 20:28:08 Times Seen1 Hash 9685ff5d2bd1b178d53703608ff12ea4 1ef877199bb3cd8b4595eea6c0ce4d6ff45eeb00 68ad0891ac5a3dfc1ad5801c795ce917f7db07a0c922240c1df5c6f8af218f74 Loading...

	cs-legion.clan.su/load/8	14 B	2023-03-07	2024-04-14
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:59 Last Seen2024-04-14 22:39:54 Times Seen335 Hash d758e957ca65a07184e568a83a351faf 0322a9c4e29aaaaa681908c9f3d99de1f93b9ddf 7fb68d55dfcf5ba40586422d6af2c611b6c9666a4d4d8471383d81b6d595a12a Loading...

	cs-legion.clan.su/load/8	210 B	2023-03-11	2023-03-11
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-03-11 20:28:08 Times Seen1 Hash e1a10a9c971605769b0a45989767de41 579456cd1dda80a779ee2bdd8dbb81d4bc5bcbc4 32be5dd153154231a6a0dc2bb87926bb5c7894ad5577c3c4f60bbc3b1f48d0a8 Loading...

	s30.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.30685217236044	0 B	2023-03-07	2024-04-26
Pretty URL s30.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.30685217236044 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 21:34:39 Times Seen37101521 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cs-legion.clan.su/load/8	1.4 kB	2023-03-11	2023-09-30
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-09-30 15:12:32 Times Seen2 Hash faa45f3dcd5809ba2fa7d44a512d60d9 f1ec5ae7863f74714ae8bfa7824bf113e153d071 ea2f3ba2edd58db6aad0a90cd2cf3e3e3d0ddec854f20dd3eb302a4f54ad734e Loading...

	cs-legion.clan.su/load/8	320 B	2023-03-07	2024-04-24
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:35 Last Seen2024-04-24 15:06:36 Times Seen191 Hash 543ad72529c301498acdf8a557f0c10d 588eabff56ba720a0afda8e4aa3c31b60d0af913 97aa4143bd407d8bcde9ad8f84d8b081fe5f746c834b2486b353aaf87ed6955a Loading...

	cs-legion.clan.su/load/8	455 B	2023-03-11	2023-03-11
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-03-11 20:28:08 Times Seen1 Hash 5ef5846cda5d9cb69cd3b0c2ad005022 f888d7bda8bde3ebd13799a1c54f073cfaaa26d9 0f2a4fd610c06aec1ac90e46a33fd59598175353abcc0b6fab4b3b5d31689d1b Loading...

	cs-legion.clan.su/?IAPiSQtFzXAqT7nZ2YHOUAjZ1blfUcraRUsieZrVuwmW4%3Be%5Ev2%3B6xsqVWQ0y%5ExH5XT9dj8%21QH8WAk2dh20HNTLe9%21nNA3YTLgOCt7%5ERQsrtWFkh%3BlAcY6YmJuCsVrxOm6uTWIXFOrGWZrhnT9WiY8H4mhezFULNzKf63%21st%5EwCx3n3UMSjCNwFZX1APfBtR1k6znwzrda%21HbaO71LhKN6G6thm03%5E%3Boo	811 B	2023-03-07	2023-03-29
Pretty URL cs-legion.clan.su/?IAPiSQtFzXAqT7nZ2YHOUAjZ1blfUcraRUsieZrVuwmW4%3Be%5Ev2%3B6xsqVWQ0y%5ExH5XT9dj8%21QH8WAk2dh20HNTLe9%21nNA3YTLgOCt7%5ERQsrtWFkh%3BlAcY6YmJuCsVrxOm6uTWIXFOrGWZrhnT9WiY8H4mhezFULNzKf63%21st%5EwCx3n3UMSjCNwFZX1APfBtR1k6znwzrda%21HbaO71LhKN6G6thm03%5E%3Boo IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2023-03-29 21:31:56 Times Seen41 Hash 4a33e7cd7558f3f5a86d0fc27aee8c90 50fc0ad44d3917690997ca278091e53d0d575362 d6304d22c2821d367e3697cb9fa4e6dbeb093b8634fccd35312664d30d72b330 Loading...

	cs-legion.clan.su/load/8	217 B	2023-03-07	2024-04-25
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2024-04-25 19:43:33 Times Seen932 Hash 643968481bd70d1b90acb3623acc1cbf a48c24f35825a4f9a22bb98e54b972ab914d0da6 1cc7811671da38d961a9ab7caf93a642e6b64d30f56cfe7e94370f25f190df2c Loading...

	cs-legion.clan.su/load/8	2.1 kB	2023-03-07	2023-03-17
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:44 Last Seen2023-03-17 12:26:11 Times Seen1 Hash cb28b4cb71847677e849159e9062b3f0 c4c8860f29d73d4100a04d13d43bc1f045b6f3f2 e14d45e1cde8b38f78845ac62262b245979bd8f3fe0915838dfd0fb5cccc7bf9 Loading...

	cs-legion.clan.su/.s/src/uwnd.min.js	210 kB	2023-03-07	2023-11-09
Pretty URL cs-legion.clan.su/.s/src/uwnd.min.js IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-11-09 11:57:45 Times Seen1943 Hash 0e2dd07983ad50fa9205b6a9d24bc79f 8eafe02a75c83f60d40d1cee73e2770805e54a9e 8993dbc5102beb8dc4ebfef06873c26198d0f2913627399034816b16715336ad Loading...

	cs-legion.clan.su/load/8	2.3 kB	2023-03-11	2023-03-11
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-03-11 20:28:08 Times Seen1 Hash d1f96764f5caac55893214b8eeb55e2d f3c745b1e24f7acddcaa26129624a852d9f939d2 c5d928d353dd3662ac8b0c234d9c72777cd6caf650907b032e18865c60f6f5d0 Loading...

	cs-legion.clan.su/load/8	1.7 kB	2023-03-11	2023-03-11
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-03-11 20:28:08 Times Seen1 Hash d25c2bf008936045b4d107e253d40cdd e4f6be5fe578fa933c88532d01730e4cc0778877 341a55d0e437d58b6533d5dea7ef6f1d47d74fd4d45b5c08243798f7166499ff Loading...

	cs-legion.clan.su/load/8	82 B	2023-03-11	2023-09-30
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:08 Last Seen2023-09-30 15:12:32 Times Seen2 Hash 0dad797ee0b694476060e894e8c125d9 38cf2901c1734c861ea273ead91827732a7f9350 695a408fb53b18b265a8a0dffe8029db19b3e557491a2c74d41e085ae0a59477 Loading...

	rot.spotsniper.ru/?src=ujs6	1 B	2023-03-07	2024-04-26
Pretty URL rot.spotsniper.ru/?src=ujs6 IP 31.172.81.159 ASN #44066 diva-e Datacenters GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:53 Last Seen2024-04-26 20:42:31 Times Seen21513 Hash 7215ee9c7d9dc229d2921a40e899ec5f b858cb282617fb0956d960215c8e84d1ccf909c6 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068 Loading...

	cs-legion.clan.su/load/8	209 B	2023-03-07	2024-04-25
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2024-04-25 19:43:33 Times Seen936 Hash ebe6bc0803293713c0cd5ccbb6858263 f7e12e4099d0b1539e6424fb35bed336f953239d de6c089a2079a7e9d7740a581839e60f99fc2b345f909a63fb8edce6e90dca4a Loading...

	cs-legion.clan.su/load/8	834 B	2023-03-07	2023-03-17
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:21 Last Seen2023-03-17 12:26:11 Times Seen1 Hash ec76061dc582f7bc36902e0a765a303f 1c671f99bf12c9cac6e8de037f41d1f5eff6583c d67ba6ac6078a8e2d78e6ce8b166eaab791d844a52083e320f864bf07eb234cb Loading...

	cs-legion.clan.su/.s/src/jquery-1.12.4.min.js	97 kB	2023-03-07	2024-04-26
Pretty URL cs-legion.clan.su/.s/src/jquery-1.12.4.min.js IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 20:28:10 Times Seen118758 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	absoluteroute.com/bens/vinos.js?23433&u=null&a=0.17155989712077147	140 kB	2023-03-11	2023-03-11
Pretty URL absoluteroute.com/bens/vinos.js?23433&u=null&a=0.17155989712077147 IP 193.200.64.20 ASN #6681 Rozetka Sp. z o.o. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:09 Last Seen2023-03-11 20:28:09 Times Seen1 Hash 402b5a5cbb7bcc4746961ba498b7a892 d7d8ac24a7ee216815c32a88b89c19ab7377f734 c9d0c561949f5548766ebf9d80d23ed5e9277a0aaa568e1687d035d069dfdc81 Loading...

	www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru	905 B	2023-03-08	2023-03-11
Pretty URL www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:00 Last Seen2023-03-11 23:51:15 Times Seen1 Hash 4a8898ed87f1f5c7606716f0464a5563 362a86316feaa91c330e8baf0a36d39d3e68ae45 5d6e10a1df7b6d083ba90e4acf1873d194ca3e3a30cb5da6397093a47f29db79 Loading...

	cs-legion.clan.su/?59JKIRiWkM4yaHK1zt94EBTHiOu4JxI6cY9PSXyCb3c6dXTkK6xS4%3B81Hv4cvLiAGPMbVlx7RG6x4YClAH%21aQz%5EC9y4%217C%3BaAa1ZxbuOfnnvayBZS7k8e945gXwAQI1VewF3RfOl0M%5ER0SVpOF%5ExkrKR0iUYwEtkJEMxBkVDwa2gxuf5rT0hhHTiB5ActTJb%5EmKwYaITuhVDu%3BcDuJKWe4VZTwoo	1.2 kB	2023-03-11	2023-03-11
Pretty URL cs-legion.clan.su/?59JKIRiWkM4yaHK1zt94EBTHiOu4JxI6cY9PSXyCb3c6dXTkK6xS4%3B81Hv4cvLiAGPMbVlx7RG6x4YClAH%21aQz%5EC9y4%217C%3BaAa1ZxbuOfnnvayBZS7k8e945gXwAQI1VewF3RfOl0M%5ER0SVpOF%5ExkrKR0iUYwEtkJEMxBkVDwa2gxuf5rT0hhHTiB5ActTJb%5EmKwYaITuhVDu%3BcDuJKWe4VZTwoo IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:28:09 Last Seen2023-03-11 20:28:09 Times Seen1 Hash 6476de5f53cbf5e628d0aadf1a775d06 9b85687f0451f324d887b7c785cb20be785f5003 a3bb8205e84df20818e8c2f67233a90239ebeaa7c0ea3c3817740cc069601db7 Loading...

	cs-legion.clan.su/.s/src/ulightbox/ulightbox.min.js	22 kB	2023-03-07	2024-01-27
Pretty URL cs-legion.clan.su/.s/src/ulightbox/ulightbox.min.js IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2024-01-27 00:58:17 Times Seen13 Hash 15034a8dbe3e2923bfccb8b7521379de f864a37e5bfe9b2ff516bedaf6f59ab7e5387c89 eb2476907f027bd6dcf4f61cecffcd85dd4aaf66ee6615d32fba5359615edad7 Loading...

	cs-legion.clan.su/load/8	319 B	2023-03-07	2023-04-05
Pretty URL cs-legion.clan.su/load/8 IP 195.216.243.130 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-04-05 02:07:30 Times Seen91 Hash 3b4f4ff3893180cb906d3fa740bb5b93 44aedaacef51eeb63c93827bbec6a0dc96132d61 59f57c47e99cc24e24adbcd2855e26f0569c53727530906e07f051f648dfd4b4 Loading...

		Size	First Seen	Last Seen
	#1 Write - 60d1141f9cafe62a0ba95dcdf7deebf9	273 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 20:28:09 Last Seen2023-03-11 20:28:09 Times Seen1 Hash 60d1141f9cafe62a0ba95dcdf7deebf9 49ea409365efa53b86806060153c46ac1c7945e3 58549fc5046af850c255ec326d3cd7d12d9c70580d8039669664f888e975256c Loading...

	#2 Write - 8b0fe86547ea1099fa2f32bd4c526c44	152 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:33:44 Last Seen2024-04-25 19:43:35 Times Seen1065 Hash 8b0fe86547ea1099fa2f32bd4c526c44 c180eadc55e8f386b0df85d043c4e682fb52ffb8 6887ab5beb82890d571c8f7c9d474bde94d3912e2b59247bab0fe77d408a026a Loading...

HTTP Transactions (132)

URL IP Response Size

cs-legion.clan.su/load/8

195.216.243.130

301 Moved Permanently

178 B

URL HTTP/1.1
cs-legion.clan.su/load/8
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /load/8 HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://cs-legion.clan.su/load/8
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2345
Expires: Sat, 26 Nov 2022 05:22:21 GMT
Date: Sat, 26 Nov 2022 04:43:16 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 439
Cache-Control: max-age=107717
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:43:16 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 10:38:33 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 04:19:12 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1444
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4573
Expires: Sat, 26 Nov 2022 05:59:29 GMT
Date: Sat, 26 Nov 2022 04:43:16 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: daRAJq3nykvER37R8v8wYVkwoYHE09gUay6EG0udoLBex2OBR0lR/8nt4jo3xIvhg0VZAk916LM=
x-amz-request-id: S8Y1GM82FKJN5V9X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 03:44:05 GMT
age: 3551
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 04:43:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cs-legion.clan.su/load/8

195.216.243.130

200 OK

21 kB

URL HTTP/1.1
cs-legion.clan.su/load/8
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1874)
Size
21 kB (21066 bytes)
Hash
a5c3d5acdcd8d251dff354203a08fdbf
e18c798e5234bd0410622f7bfddd2f786dc8b3b1
5ce890a2e6833ade41203e255e598d352ebdf0862699d66320ba072fe65a1885

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /load/8 HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: 6cs-legionuCoz=; path=/; expires=Thu, 26-Nov-2020 04:43:17 GMT; Secure; HttpOnly; domain=.cs-legion.clan.su
6cs-legionuCoz=; path=/; expires=Thu, 26-Nov-2020 04:43:17 GMT; Secure; HttpOnly; domain=.cs-legion.clan.su
6cs-legionuzll=1669437797; path=/; expires=Sun, 26-Nov-2023 04:43:17 GMT; Secure; domain=.cs-legion.clan.su
6cs-legionpushi=1; path=/; expires=Sun, 27-Nov-2022 03:43:17 GMT; Secure
Pragma: no-cache
Vary: host
Last-Modified: Sun, 19 Feb 2012 20:55:20 GMT
Cache-Control: no-cache,no-store, private
Content-Encoding: gzip

cs-legion.clan.su/?59JKIRiWkM4yaHK1zt94EBTHiOu4JxI6cY9PSXyCb3c6dXTkK6xS4%3B81Hv4cvLiAGPMbVlx7RG6x4YClAH%21aQz%5EC9y4%217C%3BaAa1ZxbuOfnnvayBZS7k8e945gXwAQI1VewF3RfOl0M%5ER0SVpOF%5ExkrKR0iUYwEtkJEMxBkVDwa2gxuf5rT0hhHTiB5ActTJb%5EmKwYaITuhVDu%3BcDuJKWe4VZTwoo

195.216.243.130

200 OK

1.2 kB

URL HTTP/1.1
cs-legion.clan.su/?59JKIRiWkM4yaHK1zt94EBTHiOu4JxI6cY9PSXyCb3c6dXTkK6xS4%3B81Hv4cvLiAGPMbVlx7RG6x4YClAH%21aQz%5EC9y4%217C%3BaAa1ZxbuOfnnvayBZS7k8e945gXwAQI1VewF3RfOl0M%5ER0SVpOF%5ExkrKR0iUYwEtkJEMxBkVDwa2gxuf5rT0hhHTiB5ActTJb%5EmKwYaITuhVDu%3BcDuJKWe4VZTwoo
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
1.2 kB (1158 bytes)
Hash
6476de5f53cbf5e628d0aadf1a775d06
9b85687f0451f324d887b7c785cb20be785f5003
a3bb8205e84df20818e8c2f67233a90239ebeaa7c0ea3c3817740cc069601db7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /?59JKIRiWkM4yaHK1zt94EBTHiOu4JxI6cY9PSXyCb3c6dXTkK6xS4%3B81Hv4cvLiAGPMbVlx7RG6x4YClAH%21aQz%5EC9y4%217C%3BaAa1ZxbuOfnnvayBZS7k8e945gXwAQI1VewF3RfOl0M%5ER0SVpOF%5ExkrKR0iUYwEtkJEMxBkVDwa2gxuf5rT0hhHTiB5ActTJb%5EmKwYaITuhVDu%3BcDuJKWe4VZTwoo HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache

cs-legion.clan.su/_st/my.css

195.216.243.130

200 OK

568 B

URL HTTP/1.1
cs-legion.clan.su/_st/my.css
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
568 B (568 bytes)
Hash
d5d662b4e3bb7de70ccba7a21d410d6b
7a90f192fae61e04b5e75888a3eb02cdce9f274c
e273745ed93ec659eeaf8bf04e2dee7900b08258d5eeda9cd63966f597ba33d7

HTTP Headers

GET /_st/my.css HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/css
Last-Modified: Fri, 12 Apr 2013 21:56:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"516882fc-9c1"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

cs-legion.clan.su/.s/src/base.min.css

195.216.243.130

200 OK

6.1 kB

URL HTTP/1.1
cs-legion.clan.su/.s/src/base.min.css
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (24443), with no line terminators
Size
6.1 kB (6143 bytes)
Hash
629527310ba26cfc236c016e14662321
7a87daed5934db9729f12653e67c8de9d4365d58
134e836199a74c0b501c4e1a46dd3625f4696dc608d1052136ee455c2c2d2509

HTTP Headers

GET /.s/src/base.min.css HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/css
Last-Modified: Tue, 11 Oct 2022 13:44:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6345734a-5f7b"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

cs-legion.clan.su/?IAPiSQtFzXAqT7nZ2YHOUAjZ1blfUcraRUsieZrVuwmW4%3Be%5Ev2%3B6xsqVWQ0y%5ExH5XT9dj8%21QH8WAk2dh20HNTLe9%21nNA3YTLgOCt7%5ERQsrtWFkh%3BlAcY6YmJuCsVrxOm6uTWIXFOrGWZrhnT9WiY8H4mhezFULNzKf63%21st%5EwCx3n3UMSjCNwFZX1APfBtR1k6znwzrda%21HbaO71LhKN6G6thm03%5E%3Boo

195.216.243.130

200 OK

811 B

URL HTTP/1.1
cs-legion.clan.su/?IAPiSQtFzXAqT7nZ2YHOUAjZ1blfUcraRUsieZrVuwmW4%3Be%5Ev2%3B6xsqVWQ0y%5ExH5XT9dj8%21QH8WAk2dh20HNTLe9%21nNA3YTLgOCt7%5ERQsrtWFkh%3BlAcY6YmJuCsVrxOm6uTWIXFOrGWZrhnT9WiY8H4mhezFULNzKf63%21st%5EwCx3n3UMSjCNwFZX1APfBtR1k6znwzrda%21HbaO71LhKN6G6thm03%5E%3Boo
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
811 B (811 bytes)
Hash
4a33e7cd7558f3f5a86d0fc27aee8c90
50fc0ad44d3917690997ca278091e53d0d575362
d6304d22c2821d367e3697cb9fa4e6dbeb093b8634fccd35312664d30d72b330

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /?IAPiSQtFzXAqT7nZ2YHOUAjZ1blfUcraRUsieZrVuwmW4%3Be%5Ev2%3B6xsqVWQ0y%5ExH5XT9dj8%21QH8WAk2dh20HNTLe9%21nNA3YTLgOCt7%5ERQsrtWFkh%3BlAcY6YmJuCsVrxOm6uTWIXFOrGWZrhnT9WiY8H4mhezFULNzKf63%21st%5EwCx3n3UMSjCNwFZX1APfBtR1k6znwzrda%21HbaO71LhKN6G6thm03%5E%3Boo HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache

cs-legion.clan.su/.s/src/layer6.min.css

195.216.243.130

200 OK

5.3 kB

URL HTTP/1.1
cs-legion.clan.su/.s/src/layer6.min.css
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (22098), with no line terminators
Size
5.3 kB (5340 bytes)
Hash
2580ce15af347707c568243d05cb6810
fba774a14a47017071aae048807d212e37c1d04d
a78ab9553bd3baefd4148deb2aa641aa76f12729c341fbb9f05ad2c571391723

HTTP Headers

GET /.s/src/layer6.min.css HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/css
Last-Modified: Tue, 11 Oct 2022 12:50:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"63456687-5652"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

cs-legion.clan.su/.s/src/jquery-1.12.4.min.js

195.216.243.130

200 OK

34 kB

URL HTTP/1.1
cs-legion.clan.su/.s/src/jquery-1.12.4.min.js
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (32077)
Size
34 kB (33793 bytes)
Hash
eed194bd33958fd0768352b877915a40
db7a4073a53efb53155652219d948940efe6baa7
9eaac8a63f3851efef83bd151a558f6c8d8e6bb75c7725625cf8892b6312aa06

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/src/jquery-1.12.4.min.js HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/javascript
Last-Modified: Thu, 01 Sep 2022 17:43:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6310ef5c-17b8b"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

cs-legion.clan.su/.s/src/ulightbox/ulightbox.min.js

195.216.243.130

200 OK

7.6 kB

URL HTTP/1.1
cs-legion.clan.su/.s/src/ulightbox/ulightbox.min.js
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (22291), with no line terminators
Size
7.6 kB (7632 bytes)
Hash
3bb3aaa5262067cec461b32298975b05
4e11bfe49cd05fcdbd1e692fc87788da07e62161
61fa91bb508bfda7ee487ffaf0e38aa71cfab1ce78bb108d6c6140dc9b35ab22

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/src/ulightbox/ulightbox.min.js HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/javascript
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-5713"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

cs-legion.clan.su/.s/src/ulightbox/ulightbox.min.css

195.216.243.130

200 OK

1.4 kB

URL HTTP/1.1
cs-legion.clan.su/.s/src/ulightbox/ulightbox.min.css
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (4552), with no line terminators
Size
1.4 kB (1359 bytes)
Hash
9c03edbcbefe3eea8902981444de96f7
ca39997a1765ab084fb7e6740858176b9385c4ca
8487aa6ee4bd261bdf1f5b681cf96d347cd980ed45183c5a2a9571db6c891a08

HTTP Headers

GET /.s/src/ulightbox/ulightbox.min.css HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/css
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-11c8"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

cs-legion.clan.su/.s/src/social.css

195.216.243.130

200 OK

610 B

URL HTTP/1.1
cs-legion.clan.su/.s/src/social.css
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (442)
Size
610 B (610 bytes)
Hash
af855dcd18719bcf0da15a9029755af1
d74d0ed8d96f2ebe46a7671564bf80eea6865103
9add1a323772a7c09260b63a21732472cb0204105c1d2bee763ea1429f0e26e9

HTTP Headers

GET /.s/src/social.css HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/css
Last-Modified: Wed, 01 Dec 2021 11:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"61a758f3-9b8"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

cs-legion.clan.su/enemy/strely.js

195.216.243.130

404 Not Found

2.7 kB

URL HTTP/1.1
cs-legion.clan.su/enemy/strely.js
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (348)
Size
2.7 kB (2656 bytes)
Hash
7d61f3d2524ddb2261ce5294fcffacd9
9215626f645f1310a7ade9e639b3694377b4e945
de2aeab2cb5c63bc0d2c3cf9eb5bf6a19fe9e7ac1e9c9e2b362f8bb0501e4c16

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /enemy/strely.js HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip

cs-legion.clan.su/enemy/cookieenemy.js

195.216.243.130

404 Not Found

2.7 kB

URL HTTP/1.1
cs-legion.clan.su/enemy/cookieenemy.js
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (348)
Size
2.7 kB (2656 bytes)
Hash
7d61f3d2524ddb2261ce5294fcffacd9
9215626f645f1310a7ade9e639b3694377b4e945
de2aeab2cb5c63bc0d2c3cf9eb5bf6a19fe9e7ac1e9c9e2b362f8bb0501e4c16

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /enemy/cookieenemy.js HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip

cs-legion.clan.su/.s/src/uwnd.min.js

195.216.243.130

200 OK

57 kB

URL HTTP/1.1
cs-legion.clan.su/.s/src/uwnd.min.js
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65536), with no line terminators
Size
57 kB (56796 bytes)
Hash
20adfead3a54ad11599adb1bab3d6fc6
23bb516448d5c643cb186ad9aec426388aa79dfd
b49b11429b509cf608a66bbcebc13cf63fa444b998c1a678d1bebfe33f7c2ff4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/src/uwnd.min.js HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/javascript
Last-Modified: Mon, 25 Apr 2022 10:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"626678ba-3334b"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

s30.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.30685217236044

195.216.243.130

200 OK

0 B

URL HTTP/1.1
s30.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.30685217236044
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=0&r=0.30685217236044 HTTP/1.1
Host: s30.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15

ahmadyusrie.files.wordpress.com/2009/02/wallpaper_counterstrike_01.jpg

192.0.72.20

301 Moved Permanently

162 B

URL HTTP/1.1
ahmadyusrie.files.wordpress.com/2009/02/wallpaper_counterstrike_01.jpg
IP
192.0.72.20:0
ASN
#2635 AUTOMATTIC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /2009/02/wallpaper_counterstrike_01.jpg HTTP/1.1
Host: ahmadyusrie.files.wordpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ahmadyusrie.files.wordpress.com/2009/02/wallpaper_counterstrike_01.jpg

cs-legion.clan.su/.s/img/fr/ajax3.gif

195.216.243.130

200 OK

1.1 kB

URL HTTP/1.1
cs-legion.clan.su/.s/img/fr/ajax3.gif
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 16 x 16\012- data
Size
1.1 kB (1079 bytes)
Hash
d700ad83d0a3c70488805e3ed515bf15
2e48c5d8842adf6064eeb4d08cead686595dde40
9777513b1dee8fbb0942cc13160510ff06cd1e868bd5dd24d060930871443ce6

HTTP Headers

GET /.s/img/fr/ajax3.gif HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/gif
Content-Length: 1079
Last-Modified: Mon, 21 Nov 2022 12:37:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "637b7116-437"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/enemy/foot.png

195.216.243.130

200 OK

570 B

URL HTTP/1.1
cs-legion.clan.su/enemy/foot.png
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 60 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
570 B (570 bytes)
Hash
bf010c21bf8e5c4a9b803300bd794b35
55ee9e5d0807c7029458d335a169c489f9fcd043
5b50e23bf94f30dccae174b87f6ac2bc11daa0168e40118e87e6ada2f63d0030

HTTP Headers

GET /enemy/foot.png HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/png
Content-Length: 570
Last-Modified: Thu, 02 Feb 2012 19:15:26 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4f2ae0ce-23a"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/enemy/block_foot.png

195.216.243.130

200 OK

1.7 kB

URL HTTP/1.1
cs-legion.clan.su/enemy/block_foot.png
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 205 x 25, 8-bit/color RGB, non-interlaced\012- data
Size
1.7 kB (1671 bytes)
Hash
7ec0a56b322f06be0133c80d52763c01
de5ffb20962ea38ae8dd86432994e567269b78ce
88074d1f16dc0cacfdf0c8fe0c4ce80c39378abb23df7d9d40cf32a2001865f5

HTTP Headers

GET /enemy/block_foot.png HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/png
Content-Length: 1671
Last-Modified: Thu, 02 Feb 2012 19:14:56 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4f2ae0b0-687"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/enemy/up.png

195.216.243.130

200 OK

3.3 kB

URL HTTP/1.1
cs-legion.clan.su/enemy/up.png
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3274 bytes)
Hash
2021bfecac38efb29e62a19578ea0dfc
2faab958243c3ca4ec2ac4bf9537c7e2b3c1c4ee
73cc5a7c329dce8008a96b255ac7941b7811a6a82158a127d914d6b03bd45df3

HTTP Headers

GET /enemy/up.png HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/png
Content-Length: 3274
Last-Modified: Thu, 02 Feb 2012 19:15:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4f2ae0ed-cca"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/enemy/logo.png

195.216.243.130

200 OK

958 B

URL HTTP/1.1
cs-legion.clan.su/enemy/logo.png
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 500 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
958 B (958 bytes)
Hash
d7fe8b70abf6a368ae8684889fa5fa54
c90497981cb02bd4b6fdd49d0f1f5212da2d962f
7f1dc08a6f8f9b83c73662bf99d68f58a4ffc621f878f13d567fbd217330fb87

HTTP Headers

GET /enemy/logo.png HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/png
Content-Length: 958
Last-Modified: Thu, 02 Feb 2012 19:15:26 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4f2ae0ce-3be"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
30f833b25d6e5af2229d9584c6f6cf97
ee79c3fa994d53c1d0687ca61353d63cce459e25
1bc091991c4663dbc86ae735e47ddc3e887a24661050ad9f24b8d458bfd11a6b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:43:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

photobucket.com/albums/f287/Tidus000/20061110-counterstrike16frontei5cop.jpg

54.230.111.114

301 Moved Permanently

167 B

URL HTTP/1.1
photobucket.com/albums/f287/Tidus000/20061110-counterstrike16frontei5cop.jpg
IP
54.230.111.114:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /albums/f287/Tidus000/20061110-counterstrike16frontei5cop.jpg HTTP/1.1
Host: photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://photobucket.com/albums/f287/Tidus000/20061110-counterstrike16frontei5cop.jpg
X-Cache: Redirect from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bPjJLZrwFSIGrPoLD1Se7bRB4zUwpUOEfl4h079To9t_QolPxf1YXg==
Cache-Control: no-cache
server: Photobucket
Vary: Origin

cs-legion.clan.su/777.gif

195.216.243.130

200 OK

34 kB

URL HTTP/1.1
cs-legion.clan.su/777.gif
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 88 x 31\012- data
Size
34 kB (33736 bytes)
Hash
dd80fb5793077e0e58b923d7a3a921ee
e5cbe31ce35a7c400b8e84dd9fd5473017c058f7
9a44967b08a5d9b697ca56be3155a52eea863b4c19527aed1ed75b73837505e8

HTTP Headers

GET /777.gif HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/gif
Content-Length: 33736
Last-Modified: Sun, 12 Feb 2012 11:34:50 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4f37a3da-83c8"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru

142.250.74.164

200 OK

579 B

URL HTTP/2
www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (905), with no line terminators
Size
579 B (579 bytes)
Hash
fe0e23ea2d335147e24f50690aa39c7c
ef74d6655ba8efb294f7ed55e6be16d315381edd
fcccb37edb611bf2580bf74646d25e4fb3660d305c66de3c8571bedfc2dac228

HTTP Headers

GET /recaptcha/api.js?onload=reCallback&render=explicit&hl=ru HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Sat, 26 Nov 2022 04:43:17 GMT
date: Sat, 26 Nov 2022 04:43:17 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 579
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

coolboys.at.ua/_ld/3/49846.jpg

193.109.246.15

301 Moved Permanently

178 B

URL HTTP/1.1
coolboys.at.ua/_ld/3/49846.jpg
IP
193.109.246.15:0
ASN
#204343 Compubyte Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /_ld/3/49846.jpg HTTP/1.1
Host: coolboys.at.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://coolboys.at.ua/_ld/3/49846.jpg
X-Frame-Options: SAMEORIGIN

vkontre1.my1.ru/images/widget_logo.gif

193.109.246.56

301 Moved Permanently

178 B

URL HTTP/1.1
vkontre1.my1.ru/images/widget_logo.gif
IP
193.109.246.56:0
ASN
#204343 Compubyte Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /images/widget_logo.gif HTTP/1.1
Host: vkontre1.my1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://vkontre1.my1.ru/images/widget_logo.gif
X-Frame-Options: SAMEORIGIN

www.csfight.net/img/cso/wallpaper_1_1280.jpg

5.187.5.214

401 Unauthorized

172 B

URL HTTP/1.1
www.csfight.net/img/cso/wallpaper_1_1280.jpg
IP
5.187.5.214:0
ASN
#44066 diva-e Datacenters GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
172 B (172 bytes)
Hash
28c5f434e4ab2e2a682400cb005fb08b
57b3c46199c99c6a3e6442a31519b097126c61fc
9371176869a945e2958e43b349397210a1b72b83f11c67e02e0be1f950254ef2

HTTP Headers

GET /img/cso/wallpaper_1_1280.jpg HTTP/1.1
Host: www.csfight.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 172
Connection: keep-alive
WWW-Authenticate: Basic realm="Restricted Content"

qcs.su/img/monitoring-1.gif

92.53.96.174

301 Moved Permanently

169 B

URL HTTP/1.1
qcs.su/img/monitoring-1.gif
IP
92.53.96.174:0
ASN
#9123 TimeWeb Ltd.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
130d1009f10d4fb1cede97de52442d1f
20a7a05cc7df967bae4e1b71f5e8f299eb556003
c389e590871a87f27ad27393cf7f2947c3ede6ba1cca818cbcff4131e0d0eac4

HTTP Headers

GET /img/monitoring-1.gif HTTP/1.1
Host: qcs.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx/1.22.1
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://vh380.timeweb.ru/parking/?ref=qcs.su

ural-cs.clan.su/_ld/4/50839974.jpg

195.216.243.26

301 Moved Permanently

178 B

URL HTTP/1.1
ural-cs.clan.su/_ld/4/50839974.jpg
IP
195.216.243.26:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /_ld/4/50839974.jpg HTTP/1.1
Host: ural-cs.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:19 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://ural-cs.clan.su/_ld/4/50839974.jpg
X-Frame-Options: SAMEORIGIN

csternopil.at.ua/1243023842_bfa7775673bd.jpg

195.216.243.25

301 Moved Permanently

178 B

URL HTTP/1.1
csternopil.at.ua/1243023842_bfa7775673bd.jpg
IP
195.216.243.25:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /1243023842_bfa7775673bd.jpg HTTP/1.1
Host: csternopil.at.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://csternopil.at.ua/1243023842_bfa7775673bd.jpg
X-Frame-Options: SAMEORIGIN

cs-legion.clan.su/enemy/strely.js

195.216.243.130

404 Not Found

2.7 kB

URL HTTP/1.1
cs-legion.clan.su/enemy/strely.js
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (348)
Size
2.7 kB (2656 bytes)
Hash
7d61f3d2524ddb2261ce5294fcffacd9
9215626f645f1310a7ade9e639b3694377b4e945
de2aeab2cb5c63bc0d2c3cf9eb5bf6a19fe9e7ac1e9c9e2b362f8bb0501e4c16

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /enemy/strely.js HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip

www.uaplay.com/images/files/wimg_2202_1.jpg

81.177.140.11

403 Forbidden

592 B

URL HTTP/1.1
www.uaplay.com/images/files/wimg_2202_1.jpg
IP
81.177.140.11:0
ASN
#8342 JSC RTComm.RU

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (504), with no line terminators
Size
592 B (592 bytes)
Hash
f87a84c6321648091e45721b7943b28d
f00ff8b890ef4ae2a1fc0dd011da57bda92a72ba
cab55a9f0f425c2becdde45e26c62f111f2bc039fb7d3b600dfa141fb32e10d1

HTTP Headers

GET /images/files/wimg_2202_1.jpg HTTP/1.1
Host: www.uaplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 403 Forbidden
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 592
Connection: keep-alive

csomsk.ru/1-ucoz/news-new/123.png

195.216.243.23

200 OK

792 B

URL HTTP/1.1
csomsk.ru/1-ucoz/news-new/123.png
IP
195.216.243.23:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
792 B (792 bytes)
Hash
26a36c5119cbdcc64ebade2c5f8c389d
b27a1189715248aee5d8b8e3f15c9ca93ad8ccc3
6d2c6a179add2f39a67fe52b2159c17834c7587034cba3e3d54f532341805c6e

HTTP Headers

GET /1-ucoz/news-new/123.png HTTP/1.1
Host: csomsk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:15 GMT
Content-Type: image/png
Content-Length: 792
Last-Modified: Fri, 25 Mar 2011 07:13:48 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d8c40ac-318"
Expires: Fri, 16 Dec 2022 04:43:15 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/CS_KapTuHKu/1326309576_86193546.jpg

195.216.243.130

200 OK

103 kB

URL HTTP/1.1
cs-legion.clan.su/CS_KapTuHKu/1326309576_86193546.jpg
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 85", baseline, precision 8, 800x640, components 3\012- data
Size
103 kB (102591 bytes)
Hash
2f252fb521c92f369991bf287c721639
ec677a5c702610154807ad2e8a586aa153755baf
afaa084f926c230c6a128a462db0f0e2cb13d014e75615abebc22eda72666752

HTTP Headers

GET /CS_KapTuHKu/1326309576_86193546.jpg HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/jpeg
Content-Length: 102591
Last-Modified: Sun, 19 Feb 2012 10:36:56 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4f40d0c8-190bf"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

radikal.ua/data/upload/4efc3/0fccf/adf5d988e9.gif

138.201.173.78

302 Found

0 B

URL HTTP/1.1
radikal.ua/data/upload/4efc3/0fccf/adf5d988e9.gif
IP
138.201.173.78:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /data/upload/4efc3/0fccf/adf5d988e9.gif HTTP/1.1
Host: radikal.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 302 Found
Date: Sat, 26 Nov 2022 04:43:17 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
X-Powered-By: PHP/7.1.33
Location: https://ua.snapsnap.io/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cs-legion.clan.su/mchat/

195.216.243.130

200 OK

6.0 kB

URL HTTP/1.1
cs-legion.clan.su/mchat/
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (506)
Size
6.0 kB (6031 bytes)
Hash
d7018a038ffc9faf705f351e1f3fca30
dce8fbd889dd6ab840aa641134cf1729df1b1a2e
83b144972ad083a5ec6aa1e76e4ad552e101bc0512e1ab1a2309a84488a68eba

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /mchat/ HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: 6cs-legionuCoz=; path=/; expires=Thu, 26-Nov-2020 04:43:17 GMT; Secure; HttpOnly; domain=.cs-legion.clan.su
Pragma: no-cache
Cache-Control: no-cache,no-store, private
Content-Encoding: gzip

www.csfight.net/img/cso/wallpaper_1_1280.jpg

5.187.5.214

401 Unauthorized

172 B

URL HTTP/1.1
www.csfight.net/img/cso/wallpaper_1_1280.jpg
IP
5.187.5.214:0
ASN
#44066 diva-e Datacenters GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
172 B (172 bytes)
Hash
28c5f434e4ab2e2a682400cb005fb08b
57b3c46199c99c6a3e6442a31519b097126c61fc
9371176869a945e2958e43b349397210a1b72b83f11c67e02e0be1f950254ef2

HTTP Headers

GET /img/cso/wallpaper_1_1280.jpg HTTP/1.1
Host: www.csfight.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 172
Connection: keep-alive
WWW-Authenticate: Basic realm="Restricted Content"

cs-legion.clan.su/enemy/cookieenemy.js

195.216.243.130

404 Not Found

2.7 kB

URL HTTP/1.1
cs-legion.clan.su/enemy/cookieenemy.js
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (348)
Size
2.7 kB (2656 bytes)
Hash
7d61f3d2524ddb2261ce5294fcffacd9
9215626f645f1310a7ade9e639b3694377b4e945
de2aeab2cb5c63bc0d2c3cf9eb5bf6a19fe9e7ac1e9c9e2b362f8bb0501e4c16

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /enemy/cookieenemy.js HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip

www.permvelikaya.ru/wp-content/uploads/2009/07/cs.jpg

82.146.44.71

301 Moved Permanently

264 B

URL HTTP/1.1
www.permvelikaya.ru/wp-content/uploads/2009/07/cs.jpg
IP
82.146.44.71:0
ASN
#29182 JSC IOT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
264 B (264 bytes)
Hash
e6b8900d03392ab39827577b536efba8
7b5c5300ed5441d40403d3bbc7e9c9e7f636edd7
b9bae3ae78b8ad04d2152d92626bc1bd25d69de14e11eca0c91196dc2eb37278

HTTP Headers

GET /wp-content/uploads/2009/07/cs.jpg HTTP/1.1
Host: www.permvelikaya.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Nov 2022 04:43:17 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Location: http://permvelikaya.ru/wp-content/uploads/2009/07/cs.jpg
Content-Length: 264
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

cs-legion.clan.su/.s/img/icon/social/fb.svg

195.216.243.130

200 OK

611 B

URL HTTP/1.1
cs-legion.clan.su/.s/img/icon/social/fb.svg
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
611 B (611 bytes)
Hash
d178cc46dcbcf2b6f19445674fe3fe58
26f9747489d9e796926f7bbe11817c420afda3af
a9265d79c9ff74d4deeab5dce9643ed838018a6b4346605e002867858534f4bf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/img/icon/social/fb.svg HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/.s/src/social.css
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/svg+xml
Content-Length: 611
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-263"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

lifeless-team.ucoz.ru/knopka.GIF

195.216.243.218

301 Moved Permanently

178 B

URL HTTP/1.1
lifeless-team.ucoz.ru/knopka.GIF
IP
195.216.243.218:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /knopka.GIF HTTP/1.1
Host: lifeless-team.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://lifeless-team.ucoz.ru/knopka.GIF
X-Frame-Options: SAMEORIGIN

immortal-tm.ucoz.ru/Config/lose_cw.png

195.216.243.221

301 Moved Permanently

178 B

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/lose_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Config/lose_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://immortal-tm.ucoz.ru/Config/lose_cw.png
X-Frame-Options: SAMEORIGIN

immortal-tm.ucoz.ru/Config/nich_cw.png

195.216.243.221

301 Moved Permanently

178 B

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/nich_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Config/nich_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://immortal-tm.ucoz.ru/Config/nich_cw.png
X-Frame-Options: SAMEORIGIN

immortal-tm.ucoz.ru/Config/add_cw.png

195.216.243.221

301 Moved Permanently

178 B

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/add_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Config/add_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://immortal-tm.ucoz.ru/Config/add_cw.png
X-Frame-Options: SAMEORIGIN

cs-strikez.clan.su/imeges/csstrikez88.gif

193.109.246.46

200 OK

54 kB

URL HTTP/1.1
cs-strikez.clan.su/imeges/csstrikez88.gif
IP
193.109.246.46:0
ASN
#204343 Compubyte Limited

File type
GIF image data, version 89a, 88 x 31\012- data
Size
54 kB (54135 bytes)
Hash
d2ddb55552d30ac95410a7399f16a02d
49d21f60082ea3b92044f20a44808a9a036d6d37
8d48c160ef0c873d67721d2e057a55fbbc62560e7d415c6dc87f356be58ef03d

HTTP Headers

GET /imeges/csstrikez88.gif HTTP/1.1
Host: cs-strikez.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/gif
Content-Length: 54135
Last-Modified: Thu, 21 Jan 2010 14:46:47 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4b5868d7-d377"
Expires: Fri, 16 Dec 2022 04:43:18 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-strikez.clan.su/_ld/34/91973963.png

193.109.246.46

200 OK

52 kB

URL HTTP/1.1
cs-strikez.clan.su/_ld/34/91973963.png
IP
193.109.246.46:0
ASN
#204343 Compubyte Limited

File type
PNG image data, 425 x 176, 8-bit/color RGB, non-interlaced\012- data
Size
52 kB (51641 bytes)
Hash
39c7d80254b654cdefc4c0027ca060be
4f762274cfe509794c26ade2a7ebd93eeee286fe
b3f1c8d266174328c485c8d21eeca3936bbad8b90311316d21bdb17fd7c649cc

HTTP Headers

GET /_ld/34/91973963.png HTTP/1.1
Host: cs-strikez.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/png
Content-Length: 51641
Last-Modified: Sat, 19 Nov 2011 09:04:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4ec7710b-c9b9"
Expires: Fri, 16 Dec 2022 04:43:18 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

immortal-tm.ucoz.ru/Config/add_clan.png

195.216.243.221

301 Moved Permanently

178 B

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/add_clan.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Config/add_clan.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://immortal-tm.ucoz.ru/Config/add_clan.png
X-Frame-Options: SAMEORIGIN

cs-legion.clan.su/?VdS86dM68%21n0OU3%5ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%3BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%21QdaeU

195.216.243.130

200 OK

800 B

URL HTTP/1.1
cs-legion.clan.su/?VdS86dM68%21n0OU3%5ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%3BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%21QdaeU
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
800 B (800 bytes)
Hash
84818fa8ddb832157c904b7d1014ac6e
2778f5c3a050fc23ddd178131d2462e750545b2a
e2b790a0b7e4a8fd905333ccca596908c3803ccc24d7997c85fcd0383ccef2d6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /?VdS86dM68%21n0OU3%5ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%3BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%21QdaeU HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Content-Encoding: gzip

cs-monitor.ru/images/banner-1.gif

77.222.54.210

301 Moved Permanently

169 B

URL HTTP/1.1
cs-monitor.ru/images/banner-1.gif
IP
77.222.54.210:0
ASN
#44112 SpaceWeb Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
bd6987d71fad7058a993a9028dc40454
3ed872fa3a00837bb008ad9d201850e2ea57a79f
f0e759f444eb3a324b621f0548919424455e81441d42ea6bc6bcd2b24fce1b92

HTTP Headers

GET /images/banner-1.gif HTTP/1.1
Host: cs-monitor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx/1.16.1
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://cs-monitor.ru:443/images/banner-1.gif

cs-strikez.clan.su/_ld/48/23288121.jpg

193.109.246.46

200 OK

81 kB

URL HTTP/1.1
cs-strikez.clan.su/_ld/48/23288121.jpg
IP
193.109.246.46:0
ASN
#204343 Compubyte Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 600x800, components 3\012- data
Size
81 kB (80856 bytes)
Hash
684c1b4e44f0092703a5399d590c4775
888b838780887148e36290eb0a35fcd781064e72
cf1ce7ea182d386eda792604d2f0dbe66046f933dc5e4e7671026c6d228fe136

HTTP Headers

GET /_ld/48/23288121.jpg HTTP/1.1
Host: cs-strikez.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/jpeg
Content-Length: 80856
Last-Modified: Sat, 31 Dec 2011 09:22:05 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4efed43d-13bd8"
Expires: Fri, 16 Dec 2022 04:43:18 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

clun-legionteam.narod.ru/default.jpg

193.109.247.227

200 OK

83 kB

URL HTTP/1.1
clun-legionteam.narod.ru/default.jpg
IP
193.109.247.227:0
ASN
#204343 Compubyte Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 800x600, components 3\012- data
Size
83 kB (82892 bytes)
Hash
8a49c30337505104a8d97be5dca4e63a
c7564d1cb48e9f794c592998c504a82037632f3a
ea21c7353f88eed242ca3cdffcb6b2f6c5c601fc94101f683daea7246c97564f

HTTP Headers

GET /default.jpg HTTP/1.1
Host: clun-legionteam.narod.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/jpeg
Content-Length: 82892
Last-Modified: Fri, 05 Apr 2013 19:52:22 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "515f2b76-143cc"
Accept-Ranges: bytes

permvelikaya.ru/wp-content/uploads/2009/07/cs.jpg

82.146.44.71

404 Not Found

580 B

URL HTTP/1.1
permvelikaya.ru/wp-content/uploads/2009/07/cs.jpg
IP
82.146.44.71:0
ASN
#29182 JSC IOT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (316)
Size
580 B (580 bytes)
Hash
e8f2eec286462a50a247e511de3551ae
9c3a62e2f58aa1888184fbf3991fb7d1e54ab096
4fdd8279481bedb55e6264739889881245c0835861121a5ee9b3d87a06ae2f3a

HTTP Headers

GET /wp-content/uploads/2009/07/cs.jpg HTTP/1.1
Host: permvelikaya.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 404 Not Found
Date: Sat, 26 Nov 2022 04:43:17 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 580
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

immortal-tm.ucoz.ru/Config/win_cw.png

195.216.243.221

301 Moved Permanently

178 B

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/win_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /Config/win_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: https://immortal-tm.ucoz.ru/Config/win_cw.png
X-Frame-Options: SAMEORIGIN

cs-legion.clan.su/.s/src/uwnd.min.js?2

195.216.243.130

200 OK

57 kB

URL HTTP/1.1
cs-legion.clan.su/.s/src/uwnd.min.js?2
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65536), with no line terminators
Size
57 kB (56796 bytes)
Hash
20adfead3a54ad11599adb1bab3d6fc6
23bb516448d5c643cb186ad9aec426388aa79dfd
b49b11429b509cf608a66bbcebc13cf63fa444b998c1a678d1bebfe33f7c2ff4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/src/uwnd.min.js?2 HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/mchat/
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/javascript
Last-Modified: Mon, 25 Apr 2022 10:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"626678ba-3334b"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

s30.ucoz.net/adv/dummy/000/css/style.css

195.216.243.130

200 OK

1.6 kB

URL HTTP/1.1
s30.ucoz.net/adv/dummy/000/css/style.css
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
1.6 kB (1564 bytes)
Hash
50406c447ccad47ca9e5d53eff612ffb
16e3921585135a87a1066689c9c67a312d96c92d
01a0732bba96fb38be885a1d233fecf52e32c7e07e48cd05f6f07a3690ea304c

HTTP Headers

GET /adv/dummy/000/css/style.css HTTP/1.1
Host: s30.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/css
Last-Modified: Tue, 26 Mar 2019 14:28:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5c9a36fb-19eb"
Content-Encoding: gzip

ahmadyusrie.files.wordpress.com/2009/02/wallpaper_counterstrike_01.jpg

192.0.72.20

200 OK

156 kB

URL HTTP/2
ahmadyusrie.files.wordpress.com/2009/02/wallpaper_counterstrike_01.jpg
IP
192.0.72.20:0
ASN
#2635 AUTOMATTIC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1024x768, components 3\012- data
Size
156 kB (156229 bytes)
Hash
bb55cc61791ca70b215ce9c77bef86bb
ec151080f777a05435ad409d4b85a3f465541303
501f749c0a6e7f75c67c5b72b8ef48b67bc3108ea43ed81d17e93a5e5f6f3397

HTTP Headers

GET /2009/02/wallpaper_counterstrike_01.jpg HTTP/1.1
Host: ahmadyusrie.files.wordpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 04:43:17 GMT
content-type: image/jpeg
content-length: 156229
last-modified: Sat, 21 Feb 2009 07:29:04 GMT
expires: Sun, 01 Jan 2023 10:04:38 GMT
x-orig-src: 01_mogdir
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: https://ahmadyusrie.wordpress.com
vary: Origin
x-nc: MISS arn 20 np
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:43:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cs-real.com/uploads/posts/2010-11/1290776665_44.jpeg

23.110.224.178

403 Forbidden

0 B

URL HTTP/1.1
cs-real.com/uploads/posts/2010-11/1290776665_44.jpeg
IP
23.110.224.178:0
ASN
#395954 LEASEWEB-USA-LAX-11

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/posts/2010-11/1290776665_44.jpeg HTTP/1.1
Host: cs-real.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 403 Forbidden
Transfer-Encoding: chunked
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 26 Nov 2022 04:43:16 GMT

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
9ce91b8ecb2fbc580ea86b07a5be1123
3a8deac871a345616f13dac75b09dcad4bbabbe3
3fb5551e56e660c3737c96cc0d3a4841ee750dc08764d608cd3afa07dbbd874b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3FB5551E56E660C3737C96CC0D3A4841EE750DC08764D608CD3AFA07DBBD874B"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17128
Expires: Sat, 26 Nov 2022 09:28:45 GMT
Date: Sat, 26 Nov 2022 04:43:17 GMT
Connection: keep-alive

ocsp.globalsign.com/gsrsaovsslca2018

151.101.86.133

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
151.101.86.133:0
ASN
#54113 FASTLY

File type
data
Size
1.4 kB (1432 bytes)
Hash
edc3bbf5917aeb5dc2bff06c26d54024
1e697ac0c287dfbf0f07e4b10b43440d62383171
8da5cec2fa849038dabea4e235fedc79bc4e70c3b462a15e82c033cedd5c4b55

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Wed, 30 Nov 2022 03:57:00 GMT
ETag: "1e697ac0c287dfbf0f07e4b10b43440d62383171"
Last-Modified: Sat, 26 Nov 2022 03:57:01 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 26 Nov 2022 04:43:17 GMT
Age: 2776
X-Served-By: cache-qpg1250-QPG, cache-bma1672-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 4, 2
X-Timer: S1669437798.712251,VS0,VE0

cs-legion.clan.su/.s/img/icon/social/u.svg

195.216.243.130

200 OK

612 B

URL HTTP/1.1
cs-legion.clan.su/.s/img/icon/social/u.svg
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
612 B (612 bytes)
Hash
1e726893f02be39b70d24d502a3a9998
98c6fcf43a67426ed7e9c7a839e8115494ca8072
d0608cf0c4aff79f20a198427f7df73300d643face9bea72b8d406b432b84df9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/img/icon/social/u.svg HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/.s/src/social.css
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/svg+xml
Content-Length: 612
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-264"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/.s/img/icon/social/vk.svg

195.216.243.130

200 OK

772 B

URL HTTP/1.1
cs-legion.clan.su/.s/img/icon/social/vk.svg
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
772 B (772 bytes)
Hash
7c4eb8cae0b565c023c4406add5f8041
079ce5d3277df672b57a73476a28d0bf0b1c1fe2
05a3f8587400860aa87bb18c9a9cd5b22a45ca4fc4a37a7922d29e48549b2fc9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/img/icon/social/vk.svg HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/.s/src/social.css
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/svg+xml
Content-Length: 772
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-304"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/.s/img/icon/social/ya.svg

195.216.243.130

200 OK

660 B

URL HTTP/1.1
cs-legion.clan.su/.s/img/icon/social/ya.svg
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
660 B (660 bytes)
Hash
7676c3eee5bd955efe08fd05367a443b
595e4e8dbf5ff472606434d0f45806d088de4c0c
b72d3f61ac56b4aa27bad5769589705004aff1f0ad341785ca72dc46ba16de5b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/img/icon/social/ya.svg HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/.s/src/social.css
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/svg+xml
Content-Length: 660
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-294"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/.s/img/icon/social/gp.svg

195.216.243.130

200 OK

550 B

URL HTTP/1.1
cs-legion.clan.su/.s/img/icon/social/gp.svg
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (534), with no line terminators
Size
550 B (550 bytes)
Hash
10d296226de121de55180e5b1b7d9d49
5980293f4f290734d09459d068a8c3996e43fe40
a657a4d5d05c6cd9b9f881ab6941e71f725c7eb451c9f37ceb514e45fdfd441d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/img/icon/social/gp.svg HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/.s/src/social.css
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/svg+xml
Content-Length: 550
Last-Modified: Fri, 01 Feb 2019 12:57:26 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c544236-226"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/.s/img/icon/social/ok.svg

195.216.243.130

200 OK

1.9 kB

URL HTTP/1.1
cs-legion.clan.su/.s/img/icon/social/ok.svg
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.9 kB (1858 bytes)
Hash
08bbc2fa9b08463b0d061041d62b408e
370c53ccc3edd296cd35fb9e3de20dabfdae78d9
e1369586f1d82834ecc0ccab2f5f1a6f7565f2c715243d956bd7eb1404c8fba9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /.s/img/icon/social/ok.svg HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/.s/src/social.css
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/svg+xml
Content-Length: 1858
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-742"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-legion.clan.su/.s/img/stars/3/12.png

195.216.243.130

200 OK

1.2 kB

URL HTTP/1.1
cs-legion.clan.su/.s/img/stars/3/12.png
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 12 x 36, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1161 bytes)
Hash
350693463200bbe9388eec7d1a208289
9a310a7dd3c068636b224d253e0df9ce09784df2
aa22bfd07d6d73ee1e2fc304bf81625c716e83f81e1dfc044560b54595bdec28

HTTP Headers

GET /.s/img/stars/3/12.png HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/png
Content-Length: 1161
Last-Modified: Mon, 21 Nov 2022 12:37:43 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "637b7117-489"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs-strikez.clan.su/_ld/34/48773922.png

193.109.246.46

200 OK

313 kB

URL HTTP/1.1
cs-strikez.clan.su/_ld/34/48773922.png
IP
193.109.246.46:0
ASN
#204343 Compubyte Limited

File type
PNG image data, 565 x 800, 8-bit/color RGBA, interlaced\012- data
Size
313 kB (312792 bytes)
Hash
65a697969b12305faccc7daa351a6bf7
74200aca70cf6ad945c7caf6b365e456a8b1f6e0
286ff309b4d5ee4a8759023eca12ea883df38a542b1566de60f96af44ba37d97

HTTP Headers

GET /_ld/34/48773922.png HTTP/1.1
Host: cs-strikez.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/png
Content-Length: 312792
Last-Modified: Sat, 19 Nov 2011 20:23:23 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4ec8103b-4c5d8"
Expires: Fri, 16 Dec 2022 04:43:18 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

img507.imageshack.us/img507/6960/image004l.jpg

38.99.77.17

404 Not Found

168 B

URL HTTP/1.1
img507.imageshack.us/img507/6960/image004l.jpg
IP
38.99.77.17:0
ASN
#36323 EZRI-36323

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
168 B (168 bytes)
Hash
341d15013ba4391483b2d5e34cbc5c5c
986399b390a9aaa9a33e459099aaf9f1dbc227ab
376f5045e4dd8bf68ac9e374518a01c18b2fdf76344f2cc08cac143acc4f3cb8

HTTP Headers

GET /img507/6960/image004l.jpg HTTP/1.1
Host: img507.imageshack.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 404 Not Found
Server: nginx/1.2.8
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4d661d999b855142d472fd230fb4ab3
b4be1feeaccc98768ec3393929772bd8f75deed7
97a1c1b509250dd99cde7f76b53a43b7ee415011744414d83f5980df2e11dc60

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:43:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 04:08:54 GMT
cache-control: public,max-age=3600
age: 2063
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff

142.250.74.33

200 OK

60 kB

URL HTTP/2
themes.googleusercontent.com/static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff
IP
142.250.74.33:0
ASN
#15169 GOOGLE

File type
Web Open Font Format, TrueType, length 60332, version 1.1\012- data
Size
60 kB (60332 bytes)
Hash
0d6d6ae28614efe13ec053eaeef473c1
20cd1c419ba0763bb4bbb1435bc0aed00452af2e
5dfdd878d2d6bdd50f37fde1800a044753dd00bac3c3a30a35f999b422a48ee1

HTTP Headers

GET /static/fonts/ptsans/v5/LKf8nhXsWg5ybwEGXk8UBQ.woff HTTP/1.1
Host: themes.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cs-legion.clan.su
Connection: keep-alive
Referer: https://s30.ucoz.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
timing-allow-origin: *
content-length: 60332
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 15:09:24 GMT
expires: Wed, 22 Nov 2023 15:09:24 GMT
cache-control: public, max-age=31536000
age: 308033
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: font/woff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ural-cs.clan.su/_ld/4/50839974.jpg

195.216.243.26

200 OK

23 kB

URL HTTP/1.1
ural-cs.clan.su/_ld/4/50839974.jpg
IP
195.216.243.26:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 400x267, components 3\012- data
Size
23 kB (22690 bytes)
Hash
90ce285bc02363c8b96f516bffa10be0
dff402703c950d06148e629797c31978ebb5c032
8e29965ce3e79c59f93dcf0e2ec73e66b67021a08833df4d4f7096afd6dc662c

HTTP Headers

GET /_ld/4/50839974.jpg HTTP/1.1
Host: ural-cs.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:19 GMT
Content-Type: image/jpeg
Content-Length: 22690
Last-Modified: Wed, 23 Nov 2011 06:54:20 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4ecc989c-58a2"
Expires: Fri, 16 Dec 2022 04:43:19 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

csternopil.at.ua/1243023842_bfa7775673bd.jpg

195.216.243.25

200 OK

38 kB

URL HTTP/1.1
csternopil.at.ua/1243023842_bfa7775673bd.jpg
IP
195.216.243.25:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Size
38 kB (37707 bytes)
Hash
63615ac46ca2849631898951dfa4ce5f
ff2a2d4168c2fe49f4a03be5f048600123aa3bfc
531bad3d6f9c48fb1770a2a86de5f298765d498227824560ea74047b642b6f8b

HTTP Headers

GET /1243023842_bfa7775673bd.jpg HTTP/1.1
Host: csternopil.at.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/jpeg
Content-Length: 37707
Last-Modified: Sat, 23 Jan 2010 18:13:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4b5b3c65-934b"
Expires: Fri, 16 Dec 2022 04:43:18 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

immortal-tm.ucoz.ru/Config/lose_cw.png

195.216.243.221

200 OK

15 kB

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/lose_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 160 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (15246 bytes)
Hash
c8d7d72638ab98651c5fa4cefe2627db
8a0f8c5a7ae1fd4960ccefe7fa184232f8ba0cf7
62198070526bf5d56bd1b53ea4b7c304e7c6f70a9553d8c4f40f09c7d2e0a06a

HTTP Headers

GET /Config/lose_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: image/png
Content-Length: 15246
Last-Modified: Mon, 31 Jan 2011 11:23:26 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d469bae-3b8e"
Expires: Fri, 16 Dec 2022 04:43:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3378
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:43:17 GMT
Last-Modified: Sat, 26 Nov 2022 03:46:59 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

s30.ucoz.net/adv/dummy/000/img/ucoz-logo.png

195.216.243.130

200 OK

4.6 kB

URL HTTP/1.1
s30.ucoz.net/adv/dummy/000/img/ucoz-logo.png
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 136 x 136, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4585 bytes)
Hash
14d37a3409afc2c450c62b97bc8019da
43fc12bf16a292d6d10b17ab7d1e37785288858c
fc4f998c5fcacc6cf161f1bedf46ec55e56273670ecce8b59e947b68d3c5bdb2

HTTP Headers

GET /adv/dummy/000/img/ucoz-logo.png HTTP/1.1
Host: s30.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/png
Content-Length: 4585
Last-Modified: Tue, 26 Mar 2019 14:28:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a36fb-11e9"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b265dffaa2c792174b252208015f7d47
024e33c2d6f604830e1cffb8d15644902586ab9c
0f542a9c56088e4286617e5669f380cd54a8a7f2c0ade9f8b35bd9ccd80fd984

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F542A9C56088E4286617E5669F380CD54A8A7F2C0ADE9F8B35BD9CCD80FD984"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10405
Expires: Sat, 26 Nov 2022 07:36:42 GMT
Date: Sat, 26 Nov 2022 04:43:17 GMT
Connection: keep-alive

vkontre1.my1.ru/images/widget_logo.gif

193.109.246.56

200 OK

225 B

URL HTTP/1.1
vkontre1.my1.ru/images/widget_logo.gif
IP
193.109.246.56:0
ASN
#204343 Compubyte Limited

File type
GIF image data, version 89a, 16 x 16\012- data
Size
225 B (225 bytes)
Hash
cea3a8bd41bdda2b98d25d5df2385861
4830c5071ceb98144ece98e082544e62f7e4c41a
bd28daf0ad08ee9818275e530eff1774b61a3ab78a43a80e2cf2fe39d6eb7ac7

HTTP Headers

GET /images/widget_logo.gif HTTP/1.1
Host: vkontre1.my1.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/gif
Content-Length: 225
Last-Modified: Wed, 09 Nov 2011 15:18:56 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4eba99e0-e1"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b265dffaa2c792174b252208015f7d47
024e33c2d6f604830e1cffb8d15644902586ab9c
0f542a9c56088e4286617e5669f380cd54a8a7f2c0ade9f8b35bd9ccd80fd984

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F542A9C56088E4286617E5669F380CD54A8A7F2C0ADE9F8B35BD9CCD80FD984"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10405
Expires: Sat, 26 Nov 2022 07:36:42 GMT
Date: Sat, 26 Nov 2022 04:43:17 GMT
Connection: keep-alive

www.csomsk.ru/mini-chat/info.gif

195.216.243.23

200 OK

89 B

URL HTTP/1.1
www.csomsk.ru/mini-chat/info.gif
IP
195.216.243.23:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 10 x 10\012- data
Size
89 B (89 bytes)
Hash
ddac7bc3057a339cc70e15da890de5e3
218f4cac568bdde47c24d70d2e526e14f513391a
76cfadc12cdade92528f9b00bb29b291a4e646a594989a9b4c8a94267d05b80d

HTTP Headers

GET /mini-chat/info.gif HTTP/1.1
Host: www.csomsk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: image/gif
Content-Length: 89
Last-Modified: Wed, 29 Jun 2011 13:48:45 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4e0b2d3d-59"
Expires: Fri, 16 Dec 2022 04:43:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

lifeless-team.ucoz.ru/knopka.GIF

195.216.243.218

503 Service Temporarily Unavailable

2.7 kB

URL HTTP/1.1
lifeless-team.ucoz.ru/knopka.GIF
IP
195.216.243.218:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.7 kB (2668 bytes)
Hash
e99578218dd27c7e8e7b5a57c1bf2ba6
908e638455ea17a20bffdee117a2c1685be6c3e9
dff140cc09066810492d8bb2d4ce03cb7b9a0a736a4e8d5e132caec0374e022a

HTTP Headers

GET /knopka.GIF HTTP/1.1
Host: lifeless-team.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 503 Service Temporarily Unavailable
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15

rot.spotsniper.ru/?src=ujs6

31.172.81.159

200 OK

1 B

URL HTTP/1.1
rot.spotsniper.ru/?src=ujs6
IP
31.172.81.159:0
ASN
#44066 diva-e Datacenters GmbH

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

HTTP Headers

GET /?src=ujs6 HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: application/javascript
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

immortal-tm.ucoz.ru/Config/win_cw.png

195.216.243.221

200 OK

14 kB

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/win_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 160 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14039 bytes)
Hash
2145014b1521d4958e44bf89a1662838
61d892455c1ffbba02983a6ffd18b0ef04af1ee2
2596add815ce8537eacb673a39c07a1158bdd24f0b8fa3196c2ea4e21c391d5e

HTTP Headers

GET /Config/win_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: image/png
Content-Length: 14039
Last-Modified: Mon, 31 Jan 2011 11:12:48 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d469930-36d7"
Expires: Fri, 16 Dec 2022 04:43:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4d661d999b855142d472fd230fb4ab3
b4be1feeaccc98768ec3393929772bd8f75deed7
97a1c1b509250dd99cde7f76b53a43b7ee415011744414d83f5980df2e11dc60

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:43:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

rot.spotsniper.ru/?src=ujs6&s_subid=btn

31.172.81.159

200 OK

1 B

URL HTTP/1.1
rot.spotsniper.ru/?src=ujs6&s_subid=btn
IP
31.172.81.159:0
ASN
#44066 diva-e Datacenters GmbH

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

HTTP Headers

GET /?src=ujs6&s_subid=btn HTTP/1.1
Host: rot.spotsniper.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: application/javascript
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0

immortal-tm.ucoz.ru/Config/add_cw.png

195.216.243.221

200 OK

14 kB

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/add_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 160 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14233 bytes)
Hash
4568ccc382bf04281303d46e975fa24e
88c77c38a027b37b32c2f5e54db777c93cebf535
bf816fc8ebf10f995991715b0f1abfdbcc89bc74457b1e5a58eb9a18d1a96c81

HTTP Headers

GET /Config/add_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: image/png
Content-Length: 14233
Last-Modified: Mon, 31 Jan 2011 11:51:35 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d46a247-3799"
Expires: Fri, 16 Dec 2022 04:43:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

s30.ucoz.net/adv/dummy/000/img/bg.gif

195.216.243.130

200 OK

1.3 kB

URL HTTP/1.1
s30.ucoz.net/adv/dummy/000/img/bg.gif
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
GIF image data, version 89a, 485 x 3\012- data
Size
1.3 kB (1268 bytes)
Hash
b19967d808ed7c42b41316d6c8474f55
18d80748bd4041b13a3373a429281ec65347a0e2
16c9962c4ecd52efc16d9d639d52fc60b9e427b6e454190d162f1aa1d220ad50

HTTP Headers

GET /adv/dummy/000/img/bg.gif HTTP/1.1
Host: s30.ucoz.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s30.ucoz.net/adv/dummy/000/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/gif
Content-Length: 1268
Last-Modified: Tue, 26 Mar 2019 14:28:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c9a36fb-4f4"
Accept-Ranges: bytes

immortal-tm.ucoz.ru/Config/add_clan.png

195.216.243.221

200 OK

15 kB

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/add_clan.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 160 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (14648 bytes)
Hash
b8c6458f37c32d2e4aaee17d84da095c
9eada9b8b13eef0da183468b193ac7cfbd4c3f03
59b1a2d549a0afb88d6bbde442e88904898c36948c591df72189f3711a4ba703

HTTP Headers

GET /Config/add_clan.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: image/png
Content-Length: 14648
Last-Modified: Mon, 31 Jan 2011 11:47:28 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d46a150-3938"
Expires: Fri, 16 Dec 2022 04:43:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
e7f67f191cc1d7370a3077361d017f05
990eadc9426fa5afeef1fcf4d8f81b72a3334afa
fcdae37563b3687e8566f065c747071a6a1db8a42f8875ab00b62c04ae1796e0

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 30 Nov 2022 02:25:56 GMT
ETag: "990eadc9426fa5afeef1fcf4d8f81b72a3334afa"
Last-Modified: Sat, 26 Nov 2022 02:25:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3357
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76fff65dd830b527-OSL

immortal-tm.ucoz.ru/Config/nich_cw.png

195.216.243.221

200 OK

18 kB

URL HTTP/1.1
immortal-tm.ucoz.ru/Config/nich_cw.png
IP
195.216.243.221:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 160 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (18147 bytes)
Hash
37cc047e807e9f036f4dcedb5de705a1
1ac1c0e3ef6bf217cd80d14332c8b103e753ccb4
e1edb1c1e7ecc040d10a94e3afe73fa8aa0331c42b3be6f2d983da080b8e50a9

HTTP Headers

GET /Config/nich_cw.png HTTP/1.1
Host: immortal-tm.ucoz.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:16 GMT
Content-Type: image/png
Content-Length: 18147
Last-Modified: Mon, 31 Jan 2011 12:26:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d46aa68-46e3"
Expires: Fri, 16 Dec 2022 04:43:16 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

push.services.mozilla.com/

52.89.255.30

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.255.30:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vI+jIDc/KVkpAgruDmO2Sw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xim72VPC30O4BpdM4bzEZ00jGSM=

ocsp.sca1b.amazontrust.com/

143.204.42.88

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.88:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
af43126cc06724ac32856aef59def889
e31035ebad2372dbbd645f3f6be177164f8be058
1547d940ae68b047d9e565218d64b2ce3f70d363bd1991c1373227d7e4408bd4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128528
Date: Sat, 26 Nov 2022 04:43:17 GMT
Etag: "6380ec75-1d7"
Expires: Sun, 27 Nov 2022 16:25:25 GMT
Last-Modified: Fri, 25 Nov 2022 16:25:25 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wXQ7X1f_-qPi1knWYste2DqXBe6o2LogcYeluNhj0lWqcs3d8zTCTw==

counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//cs-legion.clan.su/load/8;s1280*1024*24;uhttps%3A//cs-legion.clan.su/%3FVdS86dM68%2521n0OU3%255ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%253BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%2521QdaeU;1669437797211

88.212.202.52

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;ucoz_topline_worldwide?rhttps%3A//cs-legion.clan.su/load/8;s1280*1024*24;uhttps%3A//cs-legion.clan.su/%3FVdS86dM68%2521n0OU3%255ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%253BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%2521QdaeU;1669437797211
IP
88.212.202.52:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;ucoz_topline_worldwide?rhttps%3A//cs-legion.clan.su/load/8;s1280*1024*24;uhttps%3A//cs-legion.clan.su/%3FVdS86dM68%2521n0OU3%255ET0QzhD1uSkdpmLXyvMx9aGpdAd1f4IegyIPOWh9e%253BszFlfK4ivizzYrkwe6Tlbj2d1jUkM%2521QdaeU;1669437797211 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 25 Nov 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

coolboys.at.ua/_ld/3/49846.jpg

193.109.246.15

200 OK

108 kB

URL HTTP/1.1
coolboys.at.ua/_ld/3/49846.jpg
IP
193.109.246.15:0
ASN
#204343 Compubyte Limited

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2009:03:06 14:49:20], baseline, precision 8, 307x460, components 3\012- data
Size
108 kB (107693 bytes)
Hash
2bc0a81643e0e9941bcc858f0cd1bd67
db92969c54875cb373220c7649edabefaea9ec95
4af6408d5253ebbc9103fe45352d9280dc9a33a2ac31866049685110eefa19a6

HTTP Headers

GET /_ld/3/49846.jpg HTTP/1.1
Host: coolboys.at.ua
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/jpeg
Content-Length: 107693
Last-Modified: Fri, 06 Mar 2009 12:50:29 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "49b11c15-1a4ad"
Expires: Fri, 16 Dec 2022 04:43:17 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3205dfaacdd129fff726b0340dd598bb
01fe03d2ce2b74a6d5096ad3a333d2474e316599
5bca23de7f70d1f09bb3d19fea9aec735561486ae76f76f54c5092683805a778

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5BCA23DE7F70D1F09BB3D19FEA9AEC735561486AE76F76F54C5092683805A778"
Last-Modified: Thu, 24 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Sat, 26 Nov 2022 10:43:09 GMT
Date: Sat, 26 Nov 2022 04:43:18 GMT
Connection: keep-alive

cs-monitor.ru/images/banner-1.gif

77.222.54.210

200 OK

3.5 kB

URL HTTP/1.1
cs-monitor.ru/images/banner-1.gif
IP
77.222.54.210:0
ASN
#44112 SpaceWeb Ltd

File type
GIF image data, version 89a, 88 x 31\012- data
Size
3.5 kB (3508 bytes)
Hash
4a981dcd758767cd6e54ce07e3c298a2
c9a1f0894c49a6159602b770691a61f5ea1c2d29
04628371f81d11ebaf2c5437b6c8e5d827ac5304ebe2842933a61f74c1543a3d

HTTP Headers

GET /images/banner-1.gif HTTP/1.1
Host: cs-monitor.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/gif
Content-Length: 3508
Last-Modified: Fri, 31 Aug 2018 20:45:16 GMT
Connection: keep-alive
ETag: "5b89a8dc-db4"
Strict-Transport-Security: max-age=31536000;
Accept-Ranges: bytes

ua.snapsnap.io/

104.21.46.37

200 OK

3.8 kB

URL HTTP/2
ua.snapsnap.io/
IP
104.21.46.37:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
3.8 kB (3820 bytes)
Hash
19f59b510765ceee2e4881bc9ca55ce8
55013bd3cd1dc5637ecbf28ae6cd033dff3a2167
52264adda552394a710050b03227867a66108ca23c727b986dd366436f111ac2

HTTP Headers

GET / HTTP/1.1
Host: ua.snapsnap.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 04:43:18 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
link: <https://ua.snapsnap.io/wp-json/>; rel="https://api.w.org/"
set-cookie: pll_language=ua; expires=Sun, 26-Nov-2023 04:43:18 GMT; Max-Age=31536000; path=/; SameSite=Lax; domain=snapsnap.io; secure
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkId3nA%2Bg24NBjs4xgWg821KZEWYuQRSt%2FBuyGAF8OT81w%2Fv01fu7ZBgtV8K7hsE9S%2FRRIwsyLLfDlgUlC0HkSCuNI88e6LdbSxxIxggPG%2BLyHWsktl7%2FDf5Attoz9BQ7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fff65bce480af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796250

88.212.202.52

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;ucoznet?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796250
IP
88.212.202.52:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;ucoznet?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796250 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 25 Nov 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

photobucket.com/albums/f287/Tidus000/20061110-counterstrike16frontei5cop.jpg

54.230.111.114

200 OK

1.4 kB

URL HTTP/2
photobucket.com/albums/f287/Tidus000/20061110-counterstrike16frontei5cop.jpg
IP
54.230.111.114:0
ASN
#16509 AMAZON-02

File type
data
Size
1.4 kB (1352 bytes)
Hash
7eee3db6be5ddc7c736fa03b75e003ab
30d90ad1e41057dabcbeeea27c5cdafd088852c8
9474006ce8500768ad7063a4b7c8693e80d7db636899ed20fa96ceb300684a5a

HTTP Headers

GET /albums/f287/Tidus000/20061110-counterstrike16frontei5cop.jpg HTTP/1.1
Host: photobucket.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
last-modified: Tue, 22 Nov 2022 16:20:55 GMT
server: Photobucket
content-encoding: gzip
date: Sat, 26 Nov 2022 04:02:03 GMT
etag: W/"bc359f7529124f09b9b3cb89cc4e6b65"
x-cache: Error from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5Y2S0sZMcL5zUQkcjbW3jekFFZRSOTxSgJuJ1rqPy1VxlIeaoNIsvQ==
age: 2704
cache-control: no-cache
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

img-kiev.fotki.yandex.ru/get/3210/spyro49.4/0_6d19_70602ae8_L

77.88.21.31

404 Not found

0 B

URL HTTP/1.1
img-kiev.fotki.yandex.ru/get/3210/spyro49.4/0_6d19_70602ae8_L
IP
77.88.21.31:0
ASN
#13238 YANDEX LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /get/3210/spyro49.4/0_6d19_70602ae8_L HTTP/1.1
Host: img-kiev.fotki.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 404 Not found
Content-Length: 0

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 04:43:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cs9969.vk.com/u25509300/107952186/x_dd9f8c44.jpg

87.240.137.164

301 Moved Permanently

164 B

URL HTTP/1.1
cs9969.vk.com/u25509300/107952186/x_dd9f8c44.jpg
IP
87.240.137.164:0
ASN
#47541 VKontakte Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
164 B (164 bytes)
Hash
6d359f551ba4cb27d59e94a6cddaec09
d230318bd921ad8167c2eb9dfdc7b1d7d2c7373f
9ecd8531025e89f5e1ca23d81203a9feddbd5b4b75ca79c9868cb53762293bc8

HTTP Headers

GET /u25509300/107952186/x_dd9f8c44.jpg HTTP/1.1
Host: cs9969.vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Server: kittenx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://cs9969.vk.com/u25509300/107952186/x_dd9f8c44.jpg
X-Frontend: front512004
Access-Control-Expose-Headers: X-Frontend

counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796251

88.212.202.52

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796251
IP
88.212.202.52:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;ucoz_desktop_ad?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796251 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 25 Nov 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796685

88.212.202.52

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;clickgate08?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796685
IP
88.212.202.52:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;clickgate08?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437796685 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 25 Nov 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__ru.js

142.250.74.163

200 OK

167 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__ru.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1329)
Size
167 kB (167119 bytes)
Hash
e269c265007dcb5ecc3f2aa6155bc52a
cb8eed3b2684c2767bf45d652f6d630740051d04
85d7f1b40b063a3a07449151918eb63b85f2c6ff5d54936618a1a737ab5c7dbf

HTTP Headers

GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__ru.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cs-legion.clan.su
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 167119
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 17:40:52 GMT
expires: Fri, 24 Nov 2023 17:40:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 126146
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
87275aa01f1216bee198e15226f66ff3
77151a5c23d3d5107408e7728a88a82f6253d25a
1c0eed2285b71bda91c3a2b7a3c1bcef11b764485be0273c269f1d2fe8f2180a

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 30 Nov 2022 03:55:48 GMT
ETag: "77151a5c23d3d5107408e7728a88a82f6253d25a"
Last-Modified: Sat, 26 Nov 2022 03:55:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 162
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76fff6634a2eb527-OSL

cs-legion.clan.su/favicon.ico

195.216.243.130

200 OK

162 kB

URL HTTP/1.1
cs-legion.clan.su/favicon.ico
IP
195.216.243.130:0
ASN
#57724 Ddos-guard Ltd

File type
MS Windows icon resource - 8 icons, -128x-128, 32 bits/pixel, 96x96, 32 bits/pixel\012- data
Size
162 kB (161862 bytes)
Hash
51ce242b4996fade5d978202470cd9fa
80e60af84397e78a5fcf5825e6538334933ea288
bc38d7bbb43fbdd2889f9962b79a318f59e6a0571332c0cb0ad0823a2756eca7

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cs-legion.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/load/8
Cookie: 6cs-legionuzll=1669437797; 6cs-legionpushi=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/x-icon
Content-Length: 161862
Last-Modified: Sat, 11 Feb 2012 08:50:00 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4f362bb8-27846"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

cs9969.vk.com/u25509300/107952186/x_dd9f8c44.jpg

87.240.137.164

404 Not Found

408 B

URL HTTP/2
cs9969.vk.com/u25509300/107952186/x_dd9f8c44.jpg
IP
87.240.137.164:0
ASN
#47541 VKontakte Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
408 B (408 bytes)
Hash
45fb7d06cdaada04f95ed8f3e0fc2e2f
c6fec340271d20aa7bede6bd1cab30655813517e
7b91e9285ef9a2317b657c744583d118b69857b8342ac4de69dba26f0e394aa2

HTTP Headers

GET /u25509300/107952186/x_dd9f8c44.jpg HTTP/1.1
Host: cs9969.vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
server: kittenx
date: Sat, 26 Nov 2022 04:43:18 GMT
content-type: text/html
content-length: 408
etag: "5f6a5ec9-198"
x-frontend: front512004
access-control-expose-headers: X-Frontend
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8523
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 04:43:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8523
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 04:43:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8523
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 04:43:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8523
Expires: Sat, 26 Nov 2022 07:05:22 GMT
Date: Sat, 26 Nov 2022 04:43:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15818 bytes)
Hash
17ebe470d040a6ea8c57e9b9d4f4e828
1ac7a410cd4f3709f476c776dd5646dd982dcfa8
d65114b68fcc12344c6df7bf294718b79822fa9782d3bd54ca044b66f82052b1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1de44df6-bdc7-487f-a2a0-b42d26be2420.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15818
x-amzn-requestid: a6570859-3b03-492e-9f84-e25b01223da2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXrUF3bIAMF8CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381397b-379b1bcf2ac0715835e10e48;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:54:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: HgiyaodE2vJx5JL8QfOiTersSAgAwq74gtsPkpHUhnQ3In2vZ-3rbQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:33:09 GMT
etag: "1ac7a410cd4f3709f476c776dd5646dd982dcfa8"
content-type: image/jpeg
age: 22210
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7799 bytes)
Hash
96437d0cb1ceaffa77124f0dcfeb38cf
3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50
89244601b0a4bc150033e52dc56cf0fbe2846ebba7532c477146258a70783e05

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93728079-c686-4b9a-9313-1cc6778793d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7799
x-amzn-requestid: 4b3bf619-fb69-4cfe-b8e7-7de4ea127853
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLXADFOvoAMFXQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813866-77f561ae3496d84c75541300;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:49:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mxC9qkJyuCX0NOEgkK3Z0LWPpxbTcFIvkrDAJ6KBnMFLHToB50AEFg==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:02:20 GMT
age: 24059
etag: "3f4a47cdd9ea3bbd20fec37e4a9dbfa9af2acc50"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9ff3e15-6cd5-46f6-800f-5ad08b71ffbc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10209 bytes)
Hash
56d1528e942a2aa2a7f3f6a85f71e277
475980dd8b123ad0acdd54c441271bacad56489f
01f9bd707598d6cb869856ad01d1087f5abc8298727805f61266f6e823814cb8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9ff3e15-6cd5-46f6-800f-5ad08b71ffbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10209
x-amzn-requestid: e6cf9a8b-bbdc-4978-a186-ffc82b369066
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWINF69oAMF5RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813701-35f60a7425e3617e672916c9;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:43:29 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: NpYcqTynn1gdtbZInm4lBnTo9N6ev2jp0Rn6ozMhQlh8kVJ9orQWnw==
via: 1.1 6ca7826fb0f4c565b1af9c7737725c48.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:35:20 GMT
age: 22079
etag: "475980dd8b123ad0acdd54c441271bacad56489f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaa084a5-6673-4918-8b26-e359fdbd5c53.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10966 bytes)
Hash
0cfec0de07b11c3b4b2bde82a9d85395
c6a37206ae6327b5626ee48675638fb3b79eaf2b
b5cd58f099675e96d8f28b633c18db2aab90f1e7e0f593cd38e654f1956c53c0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faaa084a5-6673-4918-8b26-e359fdbd5c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10966
x-amzn-requestid: 9c8cca96-85d6-4256-9f64-e7ed26946e99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVOLHMPoAMFTTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381358d-2857476f6bdd231525a041f8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: BvVDw2WpkhgODREwoilGkb1D-mT5E08DC0B14eIlpe7NupmgUSKTfQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:31:20 GMT
age: 22319
etag: "c6a37206ae6327b5626ee48675638fb3b79eaf2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2944 bytes)
Hash
5c135ab961de12d926b94f9abae8adbe
139f48ea60880efc6d2977f4d3141809f22adfef
1578a994e7c4eef451f1c744116caa95e1aa995c4817a13832f1ac3487cea95d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ac95573-22e8-41b4-a5f2-d8adbaff2829.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2944
x-amzn-requestid: 8f1b2573-39ab-442e-8c6e-97538a28aba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLWXXEjJIAMFu1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813762-52f27ff536b0c3b84bdfba8e;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:45:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9hy8v_azPZzuVRv1VN61DoNWbfA83JPs4JcZfRyLo3j6HCtWv_gkNw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:48 GMT
age: 24871
etag: "139f48ea60880efc6d2977f4d3141809f22adfef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4309 bytes)
Hash
841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 85131
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cs-strikez.clan.su/_ld/30/25108492.png

193.109.246.46

200 OK

886 kB

URL HTTP/1.1
cs-strikez.clan.su/_ld/30/25108492.png
IP
193.109.246.46:0
ASN
#204343 Compubyte Limited

File type
PNG image data, 1000 x 1000, 8-bit/color RGB, non-interlaced\012- data
Size
886 kB (885895 bytes)
Hash
76f3e7b70ed3f657268cedc3f3e72d4b
879c563fd9b08ccfa13f9e56c36e37fe4b4b2579
43d31a2c00604a27087b98fddc91fdf3bb44c2d962efb19e2bd8dee2537979aa

HTTP Headers

GET /_ld/30/25108492.png HTTP/1.1
Host: cs-strikez.clan.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:18 GMT
Content-Type: image/png
Content-Length: 885895
Last-Modified: Sun, 10 Apr 2011 19:33:25 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4da20605-d8487"
Expires: Fri, 16 Dec 2022 04:43:18 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
66a809304670591e28394bcf6a42cc56
7a13b9948a8f5cc4c1fd048e4e5f2b8f397b5457
04ea73306171d585ec2d5b9f786af867320e73f692cbb93ff0d318bba2a7d857

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04EA73306171D585EC2D5B9F786AF867320E73F692CBB93FF0D318BBA2A7D857"
Last-Modified: Wed, 23 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15816
Expires: Sat, 26 Nov 2022 09:06:56 GMT
Date: Sat, 26 Nov 2022 04:43:20 GMT
Connection: keep-alive

absoluteroute.com/bens/vinos.js?23433&u=null&a=0.17155989712077147

193.200.64.20

200 OK

140 kB

URL HTTP/1.1
absoluteroute.com/bens/vinos.js?23433&u=null&a=0.17155989712077147
IP
193.200.64.20:0
ASN
#6681 Rozetka Sp. z o.o.

File type
ASCII text, with very long lines (727)
Size
140 kB (140149 bytes)
Hash
402b5a5cbb7bcc4746961ba498b7a892
d7d8ac24a7ee216815c32a88b89c19ab7377f734
c9d0c561949f5548766ebf9d80d23ed5e9277a0aaa568e1687d035d069dfdc81

HTTP Headers

GET /bens/vinos.js?23433&u=null&a=0.17155989712077147 HTTP/1.1
Host: absoluteroute.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 04:43:20 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa TIA"
Set-Cookie: uuid=16694375731532635802; expires=Mon, 25-Nov-2024 04:43:20 GMT; Max-Age=63072000; path=/; samesite=None; domain=.absoluteroute.com; secure

counter.yadro.ru/hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437799255

88.212.202.52

200 OK

43 B

URL HTTP/1.1
counter.yadro.ru/hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437799255
IP
88.212.202.52:0
ASN
#39134 United Network LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /hit;desktop_click_load?r;s1280*1024*24;uhttps%3A//cs-legion.clan.su/load/8;1669437799255 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cs-legion.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 26 Nov 2022 04:43:20 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Expires: Thu, 25 Nov 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

www.whitegadget.com/attachments/download-mobile-games/7228d1205583961-free-mobile-games-counter-strike-3d-others-counter-strike.jpg

103.224.182.253

403 Forbidden

0 B

URL HTTP/1.0
www.whitegadget.com/attachments/download-mobile-games/7228d1205583961-free-mobile-games-counter-strike-3d-others-counter-strike.jpg
IP
103.224.182.253:0
ASN
#133618 Trellian Pty. Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /attachments/download-mobile-games/7228d1205583961-free-mobile-games-counter-strike-3d-others-counter-strike.jpg HTTP/1.1
Host: www.whitegadget.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

vh380.timeweb.ru/parking/?ref=qcs.su

92.53.96.174

200 OK

0 B

URL HTTP/2
vh380.timeweb.ru/parking/?ref=qcs.su
IP
92.53.96.174:0
ASN
#9123 TimeWeb Ltd.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /parking/?ref=qcs.su HTTP/1.1
Host: vh380.timeweb.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.22.1
date: Sat, 26 Nov 2022 04:43:17 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 16 Apr 2014 07:06:24 GMT
etag: W/"11508-4f7238deedc00"
content-encoding: gzip
X-Firefox-Spdy: h2

img2.cda.pl/PV9keF92cmo9X2MtYjE1LGxlOXJiNGZ6bzQ2IDI9My9pYTgsYzI1eGkzLn5wYl8tPzMuJTI2Li0_M18lNjA2LjkwNSYxZ2Iu/c9b450ae9fb1ffb4642833da88c75dd3.jpg?w=800&h=600

146.59.70.156

200 OK

0 B

URL HTTP/1.1
img2.cda.pl/PV9keF92cmo9X2MtYjE1LGxlOXJiNGZ6bzQ2IDI9My9pYTgsYzI1eGkzLn5wYl8tPzMuJTI2Li0_M18lNjA2LjkwNSYxZ2Iu/c9b450ae9fb1ffb4642833da88c75dd3.jpg?w=800&h=600
IP
146.59.70.156:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /PV9keF92cmo9X2MtYjE1LGxlOXJiNGZ6bzQ2IDI9My9pYTgsYzI1eGkzLn5wYl8tPzMuJTI2Li0_M18lNjA2LjkwNSYxZ2Iu/c9b450ae9fb1ffb4642833da88c75dd3.jpg?w=800&h=600 HTTP/1.1
Host: img2.cda.pl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 26 Nov 2022 04:43:17 GMT
Content-Type: image/jpeg
Content-Length: 338617
Last-Modified: Tue, 22 Apr 2014 17:30:00 GMT
ETag: "5356a718-52ab9"
X-Img-Server: 01-waw-back
X-Varnish: 725620286
Age: 0
Via: 1.1 varnish (Varnish/6.5)
Expires: 3600
cache-control: max-age = 3600
Accept-Ranges: bytes
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations