Report - j9-wersii.buzz/elotoukr

Report Overview

Submitted URL
j9-wersii.buzz/elotoukr
IP
104.21.41.252
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-03 11:01:47
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
36
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	62 kB	34.120.237.76
j9-wersii.buzz	unknown	2022-07-18T22:48:25Z	2023-01-31T11:01:24Z	12 kB	857 kB	172.67.154.70
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	3.0 kB	127 kB	216.58.207.227
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.189.35.180
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	1.4 kB	32 kB	142.250.74.106
pr0paymentss.expert	unknown	2022-08-13T13:06:34Z	2023-03-09T08:32:16Z	367 B	369 B	190.115.26.190
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	3.1 kB	6.3 kB	216.58.211.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-03 11:02:06	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:07	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:08	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:08	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:08	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:09	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:10	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:10	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:10	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:10	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:10	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:10	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:10	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:11	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain
2023-02-03 11:02:11	medium	Client IP	172.67.154.70	ET INFO HTTP Request to a *.buzz domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-03	medium	j9-wersii.buzz/elotoukr	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/	Malware
2023-02-03	medium	j9-wersii.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/howler.min.js	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/jquery.js	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/zen.js	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/chat/partials/chats/script.js	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/nicepage.js	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/pages.php?this_page=	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/chat/partials/chats/triggers.json	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/messages.json	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/geo.php	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/Chat.mp3	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/t_logo.svg	Malware
2023-02-03	medium	j9-wersii.buzz/elotoukr/zen.json	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	j9-wersii.buzz/elotoukr/zen.js	12 kB	2023-03-13	2023-03-13
Pretty URL j9-wersii.buzz/elotoukr/zen.js IP 172.67.154.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:45:28 Last Seen2023-03-13 15:45:28 Times Seen1 Hash 6a7dc0d2a71c917c9b8a8ca6741b5069 3b50cd93665c50301366586b75d862a8a5bfdfe4 c589214fba3360769ec2389069301b995be86c20747e6e7bdc45651e14a34758 Loading...

	j9-wersii.buzz/elotoukr/chat/partials/chats/script.js	14 kB	2023-03-12	2023-03-29
Pretty URL j9-wersii.buzz/elotoukr/chat/partials/chats/script.js IP 172.67.154.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 18:10:28 Last Seen2023-03-29 22:57:20 Times Seen2 Hash a9fee04aacfb043c0afe4858af2e8878 533abee8c4a1c5de0d972205ca31d96a64c5df91 ed5698afca02260c5ab94e83c75cf994d925750751c1016119fbf745dad99509 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 02:32:24 Times Seen37052835 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	j9-wersii.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-25
Pretty URL j9-wersii.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 172.67.154.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 02:07:32 Times Seen54870 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	pr0paymentss.expert/buy_domain.php	22 kB	2023-03-13	2023-03-13
Pretty URL pr0paymentss.expert/buy_domain.php IP 190.115.26.190 ASN #262254 DDOS-GUARD CORP. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:45:28 Last Seen2023-03-13 15:45:28 Times Seen1 Hash 3cc4acba9cffd5d7b1287a1e746a80f4 d3df53f06d50d397dd63356e5da54ce6f74c34f6 269c5b7f121b92302264c355da914a6663625b13dbaea383cfc3d9e162096f36 Loading...

	j9-wersii.buzz/elotoukr/jquery.js	90 kB	2023-03-07	2024-04-25
Pretty URL j9-wersii.buzz/elotoukr/jquery.js IP 172.67.154.70 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 01:48:41 Times Seen139046 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

HTTP Transactions (73)

URL IP Response Size

j9-wersii.buzz/elotoukr

172.67.154.70

301 Moved Permanently

239 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
239 B (239 bytes)
Hash
cc94844db5100ca0caf61e3752147346
084eeb96702e0d4f4e71d64f53d971855853c348
17b4dea3875420955b447e3b11258a9eabb5d4a20df142d587c7a6ac01b8dd52

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://j9-wersii.buzz/elotoukr/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wTKBOxhlnlwwk1kZY9zHAfmSL8Evqgdi3mVnQu1rs7WucAfyRg87JAHdKdOQrkEgIxW%2FkwCF3taXdZ3QkhnqOMU8raG01y%2FEZ%2FhjtFiXQygi5QcAywxVmy%2F6D4279%2BrBEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab661b6db4eb-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3975
Expires: Fri, 03 Feb 2023 12:07:51 GMT
Date: Fri, 03 Feb 2023 11:01:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9890
Expires: Fri, 03 Feb 2023 13:46:26 GMT
Date: Fri, 03 Feb 2023 11:01:36 GMT
Connection: keep-alive

j9-wersii.buzz/elotoukr/

172.67.154.70

200 OK

2.7 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (579)
Size
2.7 kB (2748 bytes)
Hash
c53b43f0279c20c4c522d425a862b6ad
ed9b5cc9e6cc408eeea7496f643e69e8c1f71a70
0168d2f86050201a2b93f4c011a63cb0a32a9be2427a216381c608b62d241a62

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/ HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0G7uIZfxJmb0cQ2PsDytp%2FX%2FdoJqn9jXYpLIknwl3SnHAE88NCoXDiYsd%2FdkbX%2ByyyFKSZK0AZ2gUJifp7v%2BQWO6PpTz9%2Fm0Fd2qCAQnXLUHLCWc8dHIdq82VQKxcvt9rA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab670c7fb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6645
Expires: Fri, 03 Feb 2023 12:52:21 GMT
Date: Fri, 03 Feb 2023 11:01:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 10:36:10 GMT
content-type: application/json
age: 1526
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: poA7oJ3/LWEN0iDwBtFcODNCxw+VlOoQVrrumOClQ5GEVnICpY+G9MKjOY4U+nq8DOUcYjmo9UvJHeKS9CE7jg==
x-amz-request-id: HYQK3Z0TNX6VPFPG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 10:52:23 GMT
age: 553
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 11:01:36 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

j9-wersii.buzz/elotoukr/index.css

172.67.154.70

200 OK

1.1 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/index.css
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.1 kB (1092 bytes)
Hash
b6557ac43ecc233c939dd90e2969b8a8
03d6d347b4ee49230677d44949cbde7d382db688
af39fae415ec6c8d03fb7beaf1956c14a9d0440037cf1dc3923af7ada4e26b35

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/index.css HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 21:31:30 GMT
ETag: W/"17f5-5ea7888769080"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1v8slnYBLpZY%2BlQOnBZK6FTg2rkj4pl%2BSzkQ%2F0fl5fRWUyLZw1RAOWqLhh6RZLEzbVEe1znw9Auv4JhCQm250qLnzn5xtBKdEnDaXwesLsZbk9oDR%2FDvIvnM%2F8iGAhoS2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab681da9b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/skin.css

172.67.154.70

200 OK

335 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/skin.css
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
335 B (335 bytes)
Hash
85fb29656ce8dee62b9a1c8c08bbf9a1
dce30fe2327ddd82fddeea1fc7c08d22fbe2e858
de76eb1316f8d396d40e55567314a8a87c9c4f9e321a1cba573c1573b5628e10

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/skin.css HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:34 GMT
ETag: W/"361-5e870aca48e80"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPGBSA0Vjh8dLY2kf%2BqITGRylaoy%2B67vDyLvT%2BSq0%2FL6xYWZ8deySMGU9bjJOMNocwdkPBVEWAWkp%2FJKTHWLto0Jj4Lk01UrbdU89bV%2BSwKJIJn67XW5Kj9jdp0DrOPdow%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab683cf3b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/common.css

172.67.154.70

200 OK

2.2 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/common.css
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (8919)
Size
2.2 kB (2180 bytes)
Hash
38bc125bffd011483d43098d886c19f0
69c02bbe70a3b5300928f8ffc015a15474a1f418
48f40230b2361e3ab812ebff8db20658df34beaec6baf86c5c8ba9ac1397b371

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/common.css HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:34 GMT
ETag: W/"2324-5e870aca48e80"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wjANUcsQqAM1hsl1yHEUo7gpJjtReeya2lnZy6bJTInKk0uwfqTte3A8v8gh0WToNS1fyVn%2Fh0KsV6SyaJm%2FlcNJHCXmYvzAssYrbexLKNxuKEGpRi4%2F6%2BE6%2Frd8gyfaDA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab683cebb4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

172.67.154.70

200 OK

655 B

URL HTTP/1.1
j9-wersii.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1238)
Size
655 B (655 bytes)
Hash
bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 11:49:52 GMT
ETag: W/"63da51e0-4d7"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8PuvH3BgIEDDn7DWX%2BcQaRH2eAZESyMj1xYR11l19pW9VixEaprX9w8Sd0nfQ3hOtZJYX86mwc0gLJj2NkjM86HjlDYJASc1BrN9SGFjH1uDrAxKzV5FsEk0f%2BkZMrj3lg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab68adc9b4ee-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Sun, 05 Feb 2023 11:01:36 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip

j9-wersii.buzz/elotoukr/howler.min.js

172.67.154.70

404 Not Found

189 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/howler.min.js
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
189 B (189 bytes)
Hash
88843d24eb0a35b242b548042743ce13
b7cf7ae3ede1c6c6dc23f1b30f96129580662fb8
c3f268bcc3b2e8d2702c1aa43913cd2fcdcc4a44cf4f48a2c3f835f486d8ce0f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/howler.min.js HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXzV%2BR4rD8bXrhrgSK6VTQryyliUcI726W%2FLWVOG5a74E5LvuMgrgFvXpZF2kpSSUXn5J4B5RmgaY8yWK3le1lJ5%2BfTFOy%2F2MFsLetFDZf7UwJiNY1MKkZwffhqWR4tM7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab689e36b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

j9-wersii.buzz/elotoukr/jquery.js

172.67.154.70

200 OK

31 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/jquery.js
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65451)
Size
31 kB (30902 bytes)
Hash
4fc219332b240cb69b13c8836a55ec94
7d0146d5005eaffdb568b756f91acbca57ac239b
78045551b71c49bc35f5d362f44175f7c7b75e9d800466f2a24cf98e6774fd87

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/jquery.js HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 21:31:30 GMT
ETag: W/"15d84-5ea7888769080"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8aAKJPu40MiAKPkmOLuTF2ftUj30OaK1pqzXYSaR7OgrjbQ7Pj4DUanfig0QuhdpMhyOvi8a9Ypp2%2FwgrrNvBH3EefXK%2Brzmj%2BnK0vNjsgQVRX4Z%2F%2BmpUiOqr%2Fue2HaMkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab6828800b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/zen.js

172.67.154.70

200 OK

3.3 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/zen.js
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
C source, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.3 kB (3281 bytes)
Hash
e4abf0e1da4e01f6c1b3cbffde0f63e7
1378171e229de9f2d1499ccd8f104a05b5fbd6cd
fcaa73f94616bf8cc901d8421717cbd6ebff653e1b9883bb687d4fdbdbbe5e23

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/zen.js HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 14 Jan 2023 13:50:16 GMT
ETag: W/"2f3e-5f239a147d3d7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=291owrHaK4BuipoqeQ3Gvb7Z3e9w%2F6yMVv8U2ijWC0LlJW6i4j3EJkoXrMTPuniu6xrH0VHUH%2Bove3Y%2Bm8RPlrn82GSq3ysRch5q4yFgQU2fu7I8AM4r1nFyODNAO3ntmA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab68bdccb4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/script.js

172.67.154.70

200 OK

3.8 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/script.js
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
C++ source, Unicode text, UTF-8 text
Size
3.8 kB (3783 bytes)
Hash
a92de6cc7b9013e44052840f990095fa
606afc17d4bc35fa9dd7fff08df4097db3998a63
4d2af04400f8c76c4581e44c586d1c4854afa95053ab3ed1ba9563328d04bb4b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/script.js HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:34 GMT
ETag: W/"38bb-5e870aca48e80"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1L8kfpTIALV%2BHr5poNQTE%2FQ%2Bvnh0CbXVlnHH7JCPQOPl2dHMmJR3lIYd6b%2FfPhm%2B5FoYvwMcFoXx9oagTFfBodQqQLnFKLSo9mqB1UftNpRNDaNGVQjgIbyiH4ZnDcWtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab68adc1b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/nicepage.js

172.67.154.70

200 OK

73 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/nicepage.js
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (51310)
Size
73 kB (73358 bytes)
Hash
5878e1c4b63b61e8a4e6407c80fa69fb
036412b7a81c6a096ac3f7de782bc2dc31a96418
be38e0d4ff8eeb37b25f8ea6043976a8ac438f2999ef63dd31024cd7b1a6382d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/nicepage.js HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 21:31:30 GMT
ETag: W/"3b9b7-5ea7888769080"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWfKVMcfPLxFcDMNan%2BUq3UlH8yKB5ZQY72%2Fv7kvv2geZynqOMDlDkJXmaDcOvqbPJj7jyil8FujLmJsTbTpI3HpMUBQCTP7vdsnjFV%2FdgfX2DZLOpK8ExePXQ39cNefMA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab682dacb4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/images/12184260_original.gif

172.67.154.70

200 OK

6.0 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/12184260_original.gif
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1200 x 680\012- data
Size
6.0 kB (5951 bytes)
Hash
b54be2e78a25cb480cd536cf5a740db4
8cd616f6f7730c291da003e2d6e6fcfd3bc68a7a
399167e1c2ccec76817bce9f8d288cd3db9dd937fedcfe5b985e5397cb75142b

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/12184260_original.gif HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:37 GMT
Content-Type: image/gif
Content-Length: 5951
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 21:31:30 GMT
ETag: "173f-5ea7888769080"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqgZfLuNzSDDKWFG8853Ss2mJegUJk89kp9Y6omv961FPSKU5%2BZC0OrNg7YsNnK9mDmPo3XBF7LDL07SlO%2BCvnc64B2sY46v4H2BHG7%2BF7Z1FQUZ1vHMXBIgwpHNKoi0Xw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab69df72b4ee-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 10:07:19 GMT
age: 3258
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2

216.58.207.227

200 OK

26 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 26240, version 1.0\012- data
Size
26 kB (26240 bytes)
Hash
4a90976686fcbd8296c7d7fccc04c273
bcb82e93ac7ad1fa2af6a37009a200f79f4cb4e5
59bd288e64c57e034672999e33ebda6eb5ad1575945eb563dbfb5b44f226e1e1

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://j9-wersii.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26240
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 07:52:01 GMT
expires: Thu, 01 Feb 2024 07:52:01 GMT
cache-control: public, max-age=31536000
age: 184176
last-modified: Mon, 15 Aug 2022 18:14:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://j9-wersii.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 392377
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

216.58.207.227

200 OK

9.6 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9628, version 1.0\012- data
Size
9.6 kB (9628 bytes)
Hash
d9ac47c7e500fb7083b8d595eaf6fe12
112a2fc5f4ff9b85ee3a706fa9b8c47f79b05933
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://j9-wersii.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9628
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 12:24:15 GMT
expires: Thu, 01 Feb 2024 12:24:15 GMT
cache-control: public, max-age=31536000
age: 167842
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://j9-wersii.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 251551
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

216.58.207.227

200 OK

9.6 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9644, version 1.0\012- data
Size
9.6 kB (9644 bytes)
Hash
6f112ec2b932ee12379442c42853244e
b2e73c8c70d6261e1d187f41693c43ac4fe0809d
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://j9-wersii.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9644
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 12:24:15 GMT
expires: Thu, 01 Feb 2024 12:24:15 GMT
cache-control: public, max-age=31536000
age: 167842
last-modified: Wed, 11 May 2022 19:24:50 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://j9-wersii.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 18:52:41 GMT
expires: Tue, 30 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 317336
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 11:01:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

j9-wersii.buzz/elotoukr/images/Screenshot_4.jpg

172.67.154.70

200 OK

75 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/Screenshot_4.jpg
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=332, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=778], progressive, precision 8, 778x164, components 3\012- data
Size
75 kB (74911 bytes)
Hash
90c9d1312eb2246c9d0a9d6be84bb9e5
2b1023a04ec00efa95e9563788c37ebbb3bb58c4
7f9d227ca7811820a55122f54fdf4f115576d3cda9172f67ec18ebe710f0b939

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/Screenshot_4.jpg HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:37 GMT
Content-Type: image/jpeg
Content-Length: 74911
Connection: keep-alive
Last-Modified: Sat, 08 Oct 2022 01:37:34 GMT
ETag: "1249f-5ea7bf8775380"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GydAeNSgeAHZYfXV9HNj8aoNQp4f9YeWq6o%2F4cnb5ueWNFXDFeJcdvOB41JErjWMmi%2FLFRrtyi9mjVsdJSzTfFWn0TgithfiwwMNxgw8Ps3T6k5juR7fXZ13Kyt9Kc9Kkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab69df71b4ee-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2726
Expires: Fri, 03 Feb 2023 11:47:03 GMT
Date: Fri, 03 Feb 2023 11:01:37 GMT
Connection: keep-alive

push.services.mozilla.com/

54.189.35.180

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.35.180:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: atcUGH1FAvu9paUbuEICQA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: v6lBYrfUQz4Mte+fOPPYpQn6y3c=

j9-wersii.buzz/elotoukr/images/Screenshot_119.jpg

172.67.154.70

200 OK

129 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/Screenshot_119.jpg
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1600x333, components 3\012- data
Size
129 kB (128676 bytes)
Hash
f6310bff23d2f4f13ad45f8345bbad74
9d825f13fc7faf76a03fa04c40e81f26de12590c
860fe0ce08e28e0e4e9eec0c653c81690221f5bd6843a9bf7bb06adbd8f0b087

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/Screenshot_119.jpg HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:38 GMT
Content-Type: image/jpeg
Content-Length: 128676
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2022 20:29:30 GMT
ETag: "1f6a4-5ea9fe66a9e80"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TuZWxQ0OGTXN39vvJghMvi%2BKW7bEIjGfYwO72lszidhCJEr2eK%2FpB2SOfLMNU1nML0hLIXpz0f4ONmN6ipdQgOd06ohTtETJup4z6%2BRQMAoj5d3RmNx5OQA1fNFNMGdVsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab69dfe3b4f4-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/images/Screenshot_22.jpg

172.67.154.70

200 OK

38 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/Screenshot_22.jpg
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=332, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=778], progressive, precision 8, 574x96, components 3\012- data
Size
38 kB (37515 bytes)
Hash
e69d2e70e7692cf28e28e68236d8487a
200eb4a45154330582e85cd27f0f33e4cbeb7c36
46d95bbd0f1248cf10dce53fb956f307e4be1486ea16ec504fb332037ab5acb7

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/Screenshot_22.jpg HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:38 GMT
Content-Type: image/jpeg
Content-Length: 37515
Connection: keep-alive
Last-Modified: Sat, 08 Oct 2022 01:32:40 GMT
ETag: "928b-5ea7be6f13e00"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gj8yJcT%2BDfNn5i4eNmB1HTStYeoZtgvVIU%2BJGt3FwHbTQFY2nErPS%2FknpmqHtzQ9QaVTkSyeRWjwHE44OMUgRkgzbsHl6tVhLDIi3042j9%2BBnhdfzIreG721VuxZ2U4UJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab69da470b61-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/images/podarki-besshovnyj-fon4234.png

172.67.154.70

200 OK

58 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/podarki-besshovnyj-fon4234.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1000 x 1000, 8-bit colormap, non-interlaced\012- data
Size
58 kB (58436 bytes)
Hash
aa52cfb72c391c8d948dd6c43151e9b9
da8f94dc9da0db5ec29e21f471d3e92f4981946e
1036e5471779ed05630f6fb5f42cc61814aa0c685a8fd54407315171c842b547

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/podarki-besshovnyj-fon4234.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:38 GMT
Content-Type: image/png
Content-Length: 58436
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2022 20:29:20 GMT
ETag: "e444-5ea9fe5d20800"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LdFUL3oc4%2FahjeECf8gDVpA7RihMrTpzG9g%2FfO%2FmsrglzjYG0m%2F6uybWd4Vw70%2BADL4dgpHgp6lxiVgdZPvWysJXmizNlDCDfXq5r7fArd1Xza%2BKwZKPdRSY%2FlestROCg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab69dffbb4eb-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3136
Expires: Fri, 03 Feb 2023 11:53:54 GMT
Date: Fri, 03 Feb 2023 11:01:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3136
Expires: Fri, 03 Feb 2023 11:53:54 GMT
Date: Fri, 03 Feb 2023 11:01:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3136
Expires: Fri, 03 Feb 2023 11:53:54 GMT
Date: Fri, 03 Feb 2023 11:01:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3136
Expires: Fri, 03 Feb 2023 11:53:54 GMT
Date: Fri, 03 Feb 2023 11:01:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg

34.120.237.76

200 OK

5.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.6 kB (5641 bytes)
Hash
d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:49 GMT
age: 47029
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 47617
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9130 bytes)
Hash
02123eef9faa8560ff66b058d4e13a28
decf26282993d7f0b14cf4112d14fa39c97fa89f
28889ff20f1b2fe0b73f8f97e6569f1d68d77fe436eeb47cc06ee4f0822ff239

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9130
x-amzn-requestid: 09ad3fbb-1e71-4455-82df-6e59f65239a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuxiYEkqIAMFVZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2fa8-1dca116e4317f9bd14f6d45a;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:48:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Bc2svrG-wX63DK9RPUyjh-n6AHVHaQe3QRmEL27L-amwCH2I_f_9g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:38 GMT
age: 47040
etag: "decf26282993d7f0b14cf4112d14fa39c97fa89f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e690e4c-e16d-49e9-ac12-24a092d6a60c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8543 bytes)
Hash
a1d6fa4715c4e78250b2f72ddd2706f1
be04ac3a50aa6f1b349a2410ad386d92de3222be
d1c3c1b7016428bf2a085b71ca0d1e215a64b3d31ff15b0ef8bf5a78f11d9ae5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e690e4c-e16d-49e9-ac12-24a092d6a60c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8543
x-amzn-requestid: 3dc0960e-97db-42c8-99ac-623a44e8bb3e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuv0wGJhIAMFaTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ceb-5ad3ef033a62559762db42b9;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EKWOeGruQEm9HuSlJMiEEw_gN1p37qTTIhYqaiQ6bFaCF65kUfmMtA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:20 GMT
age: 47058
etag: "be04ac3a50aa6f1b349a2410ad386d92de3222be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10796 bytes)
Hash
3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10166 bytes)
Hash
2a6aaf87a867f93dc9268a8b27973b97
f52ccbe6cbced1994acb13a00b05436553b6813e
3fbd7441712035f4d53c17eec93bc278e6c072043f3b5a721cac349fc0dabe77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fedd456a0-d42f-4b40-ad63-ea1dcfaf69eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10166
x-amzn-requestid: 54fe0d12-360f-4d97-bcf3-b24747d956aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_4zHEcoAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379d1-4ba89e44005f616a0ed3ed24;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:14:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hSyEfSDToqgfnFIW68Krz-ANYUNQoUPWhyb-8xDUarI6mnVLXriHDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:59:54 GMT
age: 46904
etag: "f52ccbe6cbced1994acb13a00b05436553b6813e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/add-user.png

172.67.154.70

200 OK

343 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/add-user.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Size
343 B (343 bytes)
Hash
51a2d123cece52db5432cd139754b267
41b181fd1285d9a92afc9a0b0a0a17a1d99b742c
3583aaa798e45af1ec9d97ed93e4057e9bb8857c770e9f931b0a2800d84ff1da

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/images/add-user.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: image/png
Content-Length: 343
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: "157-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAWB6Xu0wfn13mbSORUWXFLHzpbwozMCgW%2FgpQ%2FlKXYCU0ok6QlCojSCbaUb7bwvjSd2wAFBVOZaiEGGA3lNmVQQWMbkzSWHMMDMsjsWVknaUcZMbNtdfPRWaNzSebP8yg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab6a4ffdb4ee-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/pages.php?this_page=

172.67.154.70

200 OK

20 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/pages.php?this_page=
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/pages.php?this_page= HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Set-Cookie: last_page=index.php; expires=Fri, 17-Mar-2023 03:01:39 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oUtEZq%2Fu%2Bg8CiwUM1AcMQhMzTiBn6nhw6urANs9cRo%2F32AK83RAi6UD7P%2Fk2mGHyL1zAR3%2BU%2F36uKYc1liwru%2FvNhxg3avc4SnpewCr%2BjmWRzkoMGHxjJy88DdLLdrnIFg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab6bda07b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/images/RL_logo-25_300x3004.png

172.67.154.70

200 OK

44 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/RL_logo-25_300x3004.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
44 kB (43880 bytes)
Hash
0cdb74efb7cb5a94d57dae7b6095ed06
ce68cc19e10de2edf11e4edfc4afd53323d4286a
a50c772dc6c351af60010d85b29fd7d49c180460fc03dbc0136b0d1e3fa92d86

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/RL_logo-25_300x3004.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: image/png
Content-Length: 43880
Connection: keep-alive
Last-Modified: Sat, 08 Oct 2022 01:54:30 GMT
ETag: "ab68-5ea7c35064180"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfYDIGeJvZ2WKsFrt%2BHLIprTB%2F8q7nlIQnwzEVtmx8gBFq%2FhF3wFyjvikAPciDlMIu21gwqDDckxBk%2B9HesAgRHknFIaox2aM2OOqSvY4y0ag4v1ZdvCvPKRA%2FPZ7BszoA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab70d83ab4f4-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/images/tickets.png

172.67.154.70

200 OK

79 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/tickets.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 764 x 634, 8-bit colormap, non-interlaced\012- data
Size
79 kB (78669 bytes)
Hash
e001c047239ba9dbf1245c6db03c70db
7a7736400ed4ea3024e08a5d2b27e7cf2bcd34be
ddeee96ff7906e0aa37af4002945de1b1542b2291424bafc186b4642a4cbc43f

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/tickets.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: image/png
Content-Length: 78669
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2022 20:29:20 GMT
ETag: "1334d-5ea9fe5d20800"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2Bz9Nqi%2BCxUqC%2BSh2Jn1SFA56M4J7oacQNEI6Vdw6j31J9BzTW9ejG5p4WI%2ByZmKTAjlYU%2FyRAjxbd3bfd6no9Vvzh0UDfFfsIgE3l%2Bn6%2BIBdsdboBLVDWueF%2BdJfD%2B%2FGw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab71e9d40b61-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/images/59a6a1ff5ef5615e32e8cd9d3.png

172.67.154.70

200 OK

244 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/59a6a1ff5ef5615e32e8cd9d3.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1250 x 2446, 8-bit colormap, non-interlaced\012- data
Size
244 kB (244066 bytes)
Hash
b818ecf1583a748c788ad1b55357169b
3de8014a91f95eb47672ed27736ddb2f970f6433
1d4ec80ac9c2166eaf9b2413005acab49f3c263f8396ba4b49dca61ca0ca7da7

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/59a6a1ff5ef5615e32e8cd9d3.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: image/png
Content-Length: 244066
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2022 20:29:20 GMT
ETag: "3b962-5ea9fe5d20800"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ayvN34WChjRi9R9CZcAFeR5jTC2qsEfQZsuH3YgbKV%2Fr9nnE98YIn9w1ecE2c5La%2BLdAjh4sQErm95OsM5wb7nCMI6ZirGNg4evZNHQgHTI6suIMa%2BlqKIIAEV3am3jYSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab69dfe5b4f4-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/triggers.json

172.67.154.70

200 OK

1.2 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/triggers.json
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , Unicode text, UTF-8 text
Size
1.2 kB (1190 bytes)
Hash
7beae3207c65d73fcbdeae9ca0b0574a
1fc90db50593c85f9ea9710a7f880ea4029f9df3
b66cb94d2c29d36ec05586726d24f8e1e9b984edc3a8f5ba6f5cc2ecfb0d3ebc

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/triggers.json HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://j9-wersii.buzz/elotoukr/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2022 23:41:34 GMT
ETag: W/"1b43-5eaa2954ce780"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8jV1YlcqrGC7qQ8pG4bPuxNluXesB9jGmnCu3wVcQArgopHdFyf1996N%2FTHP8beFCyBqO87PeGJnIvPEPOH%2FFf9HdRLVXvofXOF42EehntHzTZIkgMSHiMSxHQgryupAxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab785afdb4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/messages.json

172.67.154.70

200 OK

19 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/messages.json
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , Unicode text, UTF-8 text
Size
19 kB (19055 bytes)
Hash
e64279728d203b2bde759122e68b30a1
9c481fbe0bfbf18d2f64d60845753c407d383b17
b12fb1c2ab4aa076d9a2c725ff09220ac2b698ce05e95e320cb0c59142c366f8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/messages.json HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://j9-wersii.buzz/elotoukr/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 01:15:56 GMT
ETag: W/"16465-5eaa3e6c82b00"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JUFrRsGRXOfDH9DmSAKPFqKvSGgJZjC3%2FqwJGe%2FFf8ymGRmOMve04C4dvh7vR7Ns%2F25HneT8leB8zPFnOfylnhhn7zwhHq26PQA1rpNsEW9HDlg4xnu1bQLmG7q1JcW3sg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab7809fbb4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/menu.png

172.67.154.70

200 OK

280 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/menu.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 24 x 24, 4-bit colormap, non-interlaced\012- data
Size
280 B (280 bytes)
Hash
cd5fd16ed883118f919fc262bb26ba4b
23fea4b057e3ffe836c2648822400001f53e2079
0d8f0235339547b2295e27b984ea2d0c60554eb25954856cd25d87360334738f

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/images/menu.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: image/png
Content-Length: 280
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: "118-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8u4ZeCsoOVYhj83Nkj2Ws8SkvXxFjn16mmbMuQ7pjHnlt0NxLSA21bk4tRp9%2F5RQ3iDs9fgsHSU7AErptQqsJfgQ2IzYMCg66Q8t2Ci33slBg48Q42sGG5KHWkG0f2FzQg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab78aaeab4ee-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/flash.png

172.67.154.70

200 OK

9.2 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/flash.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
9.2 kB (9228 bytes)
Hash
790d79c3730671f0e2dabf831398921d
271a90d3365df4ffa2447bed2e716ac4ac33e9f7
ce463f05abd8fb1c8c5fbdf00c4e3ff98a42411e7e0a32c735d36e15bc1139dc

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/images/flash.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: image/png
Content-Length: 9228
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: "240c-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=siUbhIIT%2BTqYXVYbMMZ5M93rdhYaFKVjvfR7C5fjuR70uXy0VDRVuxYelJWo%2Fln%2F6TG1vRk7rO3Abp65EjBfl8UqEmW7EUeEWWGdS%2F3NUWOg5u1kvhg4DolKYBj6EraL6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab78fb83b4ee-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/geo.php

172.67.154.70

200 OK

411 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/geo.php
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- HTML document, ASCII text
Size
411 B (411 bytes)
Hash
79c749ff501ffd42285c93172cf98d12
d8fdf69bc79143e994b99e96940afa602764539f
574fb0580d638c9d829af7a1b074954f439a81a58429cf047efd1ec6095af015

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/geo.php HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://j9-wersii.buzz/elotoukr/
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwAeIbYh4SWogG3MzPkq4Q%2BYE6L5ldOBgBBkvdgXyPK%2FUJK88PNVMsz1lcZOCTpQd%2Brdfs04fp2WYF6%2FF2m8ul%2BEn6IlQ%2BcJLzk%2FWiOxfPtb8QoHNxGsuDOyOuM70SXdzw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab78ab64b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/send.png

172.67.154.70

200 OK

497 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/send.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 72 x 72, 8-bit colormap, non-interlaced\012- data
Size
497 B (497 bytes)
Hash
447196e5277b46434a290d9bd345891e
9efe4d1d0ed9446d18ba0ef5026388a91645d99e
e5f4a4195239748ead3856187cce8ba0ccb5bfbaf9743f4e8ccf6d0450d395e2

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/images/send.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:40 GMT
Content-Type: image/png
Content-Length: 497
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: "1f1-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QIeyDaUMREdjrwZPq5PyqIyrgFNiwPOh7nYdQOzgOVY4LDH92%2BOhb0Bx1lfuk7xo3r6paFaipwLX1SkdjT%2FLnQ9w0Uy1GyGFNyxEmUyBFGHTqMir8X8xDy4W117TwVYwfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab77f9eab4ee-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/Chat.mp3

172.67.154.70

404 Not Found

215 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/Chat.mp3
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
215 B (215 bytes)
Hash
88f38df61da69ea8ca9727fb2dabc43c
8e9163424cb769762152a16db6c0849eb75aebfa
8d69e230fdfe5e148d9311aebfb1b0ce69cbbb20590486512cb5816406189562

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/Chat.mp3 HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 11:01:40 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tv0VzYCvvJ6tYXiZQem6%2BNm8P3Lkx1y%2Fqm%2BUemKmLrY3LBQzL2Md8nbpc83PjrOkUyz8LAPoL8QIaQVlFHk2EXbtyaipQTr%2BsQvE1FA%2BwHRDMxTYK6H4yaVeQmItwq6Mtg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab7868f50b61-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/t_logo.svg

172.67.154.70

200 OK

969 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/t_logo.svg
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1265)
Size
969 B (969 bytes)
Hash
2849c596cbfd8654c9d9cd6fe14d6ce6
767a940c380c13201e1167213e9f04d10d598d1e
b65ec859525c75e284494a3ebb13b793dbe0e28deaa455a232ff1f34ce65dc58

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/images/t_logo.svg HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:40 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: W/"69e-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMHlmTI%2BEPzefypESPUZ4sePlfqN1OElTWAPoxDrQCjG9m7lZK7vQySQwZWhyKGBxI0lmY4Q9hSXgVjmF8ISxkVIyx%2FZ5ca%2BYjau3iI1KC4a2dZOrsCCx2%2B%2B1Ap3iG%2FDbg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab78ab66b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/scroll-down.png

172.67.154.70

200 OK

227 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/images/scroll-down.png
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 48 x 26, 4-bit colormap, non-interlaced\012- data
Size
227 B (227 bytes)
Hash
427ef3d2ff37e2df65ef50eeaeee4913
31ae7d0c0274030e3f54f69d43483727e880fb2e
390da6e32e213f299a9af8fe3cc22bd3a103d9b095d6fd3abf8bfa4e1badc47c

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/images/scroll-down.png HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:40 GMT
Content-Type: image/png
Content-Length: 227
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: "e3-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zALSTA6smBOPYxMaTpp2c3nReY%2FvaKDUKtiTIapZuWfW8e980len4iVWnaNTQeeKSR8RaV6hyj53mCYynG3MhS1VWk3b1gn%2BQruyJDpwAT2T99jz2Ejzl9l4tzVQi15jow%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab793bdbb4ee-OSL
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/avatars/7b031678030dc897832cb5a601e6225c.jpg

172.67.154.70

200 OK

1.7 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/avatars/7b031678030dc897832cb5a601e6225c.jpg
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 64x64, components 3\012- data
Size
1.7 kB (1696 bytes)
Hash
42de5b40ab62443a43f7fd378c73b10e
f875d9931bad93b632b4a9ed9a6152fc7468ae82
fabacbaf695c1e5c80c683ddc90fe9109f699938741f81506afd13c92409c142

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/avatars/7b031678030dc897832cb5a601e6225c.jpg HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/
Cookie: last_page=index.php; horochat_id=1612319935

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:40 GMT
Content-Type: image/jpeg
Content-Length: 1696
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: "6a0-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R3XS4kPqV5HuquGbkpJ2XNFprtepcGIqvnnpEOHaJ3YGSoAYgbvw20MPsxcfZzp0pkhhAA%2BqCq2czVef%2BxgeVCgubRRKDyGn9b6vQAZnYrBXy05bvPzZbhXyybDqOteJJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab798c66b4f4-OSL
alt-svc: h2=":443"; ma=60

fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i

142.250.74.106

200 OK

30 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
30 kB (29590 bytes)
Hash
91cd27d85cec3bd469ee2145a0808cb5
a6ae0c590af0bd2129f84e5519eb1f68d2e2ac5b
b494c41254072fc2e0b778dbbb8d9efa4183342a1aacca40efadd695582f09eb

HTTP Headers

GET /css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://j9-wersii.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 11:01:36 GMT
date: Fri, 03 Feb 2023 11:01:36 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

j9-wersii.buzz/elotoukr/images/favicon.ico

172.67.154.70

200 OK

5.8 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/images/favicon.ico
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 220x220, components 3\012- data
Size
5.8 kB (5831 bytes)
Hash
83c722ffa37896764f449b1eff08e19b
a6caf646570207cdf8b7230c6936cf65a64237b5
c39b67db3a359e4df2bf92780786eb7bae6fbce19e75d6e709bf19eb1f710b1a

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/images/favicon.ico HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/
Cookie: last_page=index.php; horochat_id=1612319935

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:40 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 08 Oct 2022 00:48:44 GMT
ETag: W/"171b-5ea7b49d31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aFhwOdh3IJhtailT9oHtuTloUrk8yXoDJ3hmRojmn82ep%2FEAbasLowzi1A9t83ppe6iGNEeuo5c8auqQkyMDFsPlpGGbhEQN3zhsIbbOOnc8r1SXv8DGiiZYHBcyamKUqw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab7e6ebd0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

j9-wersii.buzz/elotoukr/zen.json

172.67.154.70

200 OK

548 B

URL HTTP/1.1
j9-wersii.buzz/elotoukr/zen.json
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text
Size
548 B (548 bytes)
Hash
11620f45dddf72211223a259a4128f10
fd9072dece6d28dffc9c4cab5ef1dbc2ea7803c5
e13d5fca1bf17efbe4ceac7218381046c5e4619c10e7426058706cf097bc18fc

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/zen.json HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://j9-wersii.buzz/elotoukr/
Connection: keep-alive
Cookie: last_page=index.php; horochat_id=1612319935

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 13 Dec 2022 18:50:25 GMT
ETag: W/"18e8-5efba17c3dc03"
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0b935SqfK6jEUxSctOPI7fMKlD%2Ftzmvr4lnDtxM6TO5lSUIrcPT%2FJiJ7PhnDYjrSE6IUei6sfAgt%2BfPYHmR1AgKu3UIw1EJM%2FAMKRcEXqCiy9VAW%2BnvOkpEm2Qqz%2FwJ3hg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793aab7e5ad7b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c7438c5e18fb98289da29d7cce81d5b2
40584fc584b27af8cf586a4adef72c42913f4c3a
62ee55bb1ea817eb984efcc30c401793a9fdcfe8667ce810c6c17ba833f6edb7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62EE55BB1EA817EB984EFCC30C401793A9FDCFE8667CE810C6C17BA833F6EDB7"
Last-Modified: Wed, 01 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7997
Expires: Fri, 03 Feb 2023 13:14:58 GMT
Date: Fri, 03 Feb 2023 11:01:41 GMT
Connection: keep-alive

j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/avatars/d627631660a3baabd9a413d33149b917.jpg

172.67.154.70

200 OK

1.7 kB

URL HTTP/1.1
j9-wersii.buzz/elotoukr/chat/partials/chats/1612319935/avatars/d627631660a3baabd9a413d33149b917.jpg
IP
172.67.154.70:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 64x64, components 3\012- data
Size
1.7 kB (1678 bytes)
Hash
cf2ad98bd3d2df451703010ffe2f03e1
8bfc20467b654a230b287e5a231492587fbcdbec
50d007aea80d7fc97d35b156954c023a1ac2fba508acaa30c697e20a609cda5c

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

GET /elotoukr/chat/partials/chats/1612319935/avatars/d627631660a3baabd9a413d33149b917.jpg HTTP/1.1
Host: j9-wersii.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://j9-wersii.buzz/elotoukr/
Cookie: last_page=index.php; horochat_id=1612319935

HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 11:01:41 GMT
Content-Type: image/jpeg
Content-Length: 1678
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 01:18:36 GMT
ETag: "68e-5e870acc31300"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJAe08IiQSxAKUe0O6CMKuWiPrGk2NMnw4SaQLAs1g4LS%2FpA%2F47UilWrbB87BDKo1rhl1WxuztiXNqSoiJv3KPz4gbWjwX3PkK1ZFLKAOHiy%2F%2FyxElyKPXOWC1ussaUSPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793aab853a9db4f4-OSL
alt-svc: h2=":443"; ma=60

fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://j9-wersii.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 11:01:36 GMT
date: Fri, 03 Feb 2023 11:01:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pr0paymentss.expert/buy_domain.php

190.115.26.190

200 OK

0 B

URL HTTP/2
pr0paymentss.expert/buy_domain.php
IP
190.115.26.190:0
ASN
#262254 DDOS-GUARD CORP.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /buy_domain.php HTTP/1.1
Host: pr0paymentss.expert
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://j9-wersii.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=NJ5bjXjIx6VVZXfRleXO; Domain=.pr0paymentss.expert; HttpOnly; Path=/; Expires=Sat, 03-Feb-2024 11:01:41 GMT
date: Fri, 03 Feb 2023 11:01:41 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Roboto:wght@300;400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://j9-wersii.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 11:01:36 GMT
date: Fri, 03 Feb 2023 11:01:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (73)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash