Report - rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj

Report Overview

Submitted URL
rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
IP
213.174.157.136
ASN
#39572 DataWeb Global Group B.V.
Submitted
2023-06-05 06:40:52
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
141
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
translate.google.com	1156	1997-09-15	2012-05-30	2023-06-05	809 B	30 kB	216.58.211.14
translate.googleapis.com	1005	2005-01-25	2012-05-31	2023-06-05	2.1 kB	81 kB	142.250.74.74
translate-pa.googleapis.com	1620	2005-01-25	2021-11-04	2023-06-05	527 B	2.3 kB	142.250.74.74
www.google.com	7	1997-09-15	2015-05-10	2023-06-05	841 B	1.8 kB	142.250.74.132
s106.ucoz.net	unknown	2005-08-27	2017-02-04	2023-05-31	362 B	198 B	213.174.157.136
sys000.ucoz.net	286662	2005-08-27	2017-04-20	2023-06-03	355 B	1.2 kB	195.216.243.224
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-06-05	1.6 kB	179 kB	142.250.74.99
s05.flagcounter.com	271392	2008-01-09	2017-01-30	2023-06-03	440 B	15 kB	66.154.110.218
hm-gimnast.ru	unknown	2016-12-12	2017-10-28	2021-02-03	339 B	178 kB	193.107.237.56
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-05	450 B	4.2 kB	216.58.207.227
rg4u.clan.su	unknown	2006-03-08	2017-02-07	2023-06-03	39 kB	2.0 MB	213.174.157.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-05 06:40:31	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:31	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:31	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:32	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:33	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:35	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:36	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:37	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:37	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:37	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:37	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:40	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:48	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-06-05 06:40:48	medium	Client IP	213.174.157.136	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	rg4u.clan.su/.s/src/jquery-1.12.4.min.js	97 kB	2023-03-07	2024-05-05
Pretty URL rg4u.clan.su/.s/src/jquery-1.12.4.min.js IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-05 01:24:23 Times Seen119087 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	404 B	2023-06-05	2023-06-05
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-05 08:40:57 Times Seen1 Hash 63a86af6dc447b181766562e7e0936f4 d6b63c4129ba2fb9770725a8283dc0c9488d1e69 4ed6c3ee622a5b6ba7a35df45edadc53507f7e98bbe0c5b82d007fa7d42ff3b5 Loading...

	rg4u.clan.su/.s/src/uwnd.min.js?2	210 kB	2023-03-07	2023-11-09
Pretty URL rg4u.clan.su/.s/src/uwnd.min.js?2 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:47 Last Seen2023-11-09 11:57:45 Times Seen1943 Hash 0e2dd07983ad50fa9205b6a9d24bc79f 8eafe02a75c83f60d40d1cee73e2770805e54a9e 8993dbc5102beb8dc4ebfef06873c26198d0f2913627399034816b16715336ad Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	2.0 kB	2023-06-05	2023-06-05
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-05 08:40:57 Times Seen1 Hash 4d2ef8f463ca29443af1ae8ad25399c9 b57c0615a83529cda94c3b670ed692ef9e08bfbb 75ec31ae586a1b856194d916d9d76c5bab0a2ccec85c4527abfca565fd9253b2 Loading...

	sys000.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=6rg4u	505 B	2023-06-05	2023-06-18
Pretty URL sys000.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=6rg4u IP 195.216.243.224 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-18 22:23:32 Times Seen4 Hash 1ae652f6af4e94763227a2d1b4ac90f4 2d86af2c5cba3f944f28aaab25739d9b64cbeddb 686124ad778417dca88c8a468ce2a3e16b6a1a025a679632ca8e2c55d61532fd Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	209 B	2023-03-07	2024-03-04
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02:32 Last Seen2024-03-04 04:47:48 Times Seen134 Hash e74382a772877f2629bbb8a09a483fbe 9186f781172ca7d8896848e048bfa7e1c9e12b44 faa57c009f4fa53791cbf76b221d79aef61a9d44b2f7595ae479db25c515cd86 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	377 B	2023-06-05	2023-06-18
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-18 22:23:32 Times Seen2 Hash 4b4a8d06a3b5daa37ed0d3b724aeb122 24fe3fec8d95fb3f9df3c659647b9d6d8c49b1f6 9df96890efdf34c9bcc692a917022cd656a305818163a6341ac1102c324353df Loading...

	s106.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=1&r=0.18291961115165	0 B	2023-03-07	2024-05-05
Pretty URL s106.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=1&r=0.18291961115165 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 03:13:14 Times Seen37352548 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	rg4u.clan.su/.s/src/socCom.min.js	4.1 kB	2023-03-07	2024-03-04
Pretty URL rg4u.clan.su/.s/src/socCom.min.js IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:37 Last Seen2024-03-04 15:35:35 Times Seen324 Hash b3ae3806a2d5d103d9759bd8e74fffef fe02d0c200d5c0ed5c14bd0006f736aca0215ff1 c89ad18e16b3216c8fc878ecd6b79441f3fc8733781c976d3b866912da6a1bcd Loading...

	rg4u.clan.su/js/afisha01.js?144	3.8 kB	2023-06-05	2023-06-18
Pretty URL rg4u.clan.su/js/afisha01.js?144 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-18 22:23:32 Times Seen2 Hash d1858c38cdf771dcbcfd49d8b141af61 b080c07139a1fc2b273160377c07de6a79050093 efda8101558d05f3c22160e86b26475def24a47a782747ea56b97a69f73b507c Loading...

	unknown	37 B	2023-04-10	2024-05-04
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-04-10 21:48:33 Last Seen2024-05-04 09:40:18 Times Seen125 Hash 74423b98154911186b2d1e53a2c939aa 9a6e9a9659d58cf4b555b8b36f3c64b63b47b0bf e02921f8c4b1e96570b2383207d656fb6e343970f0d0b3f11df61d4cd0e62dcd Loading...

	unknown	36 B	2023-05-12	2024-01-14
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-12 05:47:56 Last Seen2024-01-14 14:34:05 Times Seen24 Hash c0a0cc9b6dd1c07d3ed34aa248933af4 ce52348e9c4cd370f779aab6e919471b75791563 fbc8fa634dee2f8b1e7e63d9917be6dc0cc257c0c8a247177595e64d4340df4f Loading...

	unknown	62 B	2023-04-10	2024-05-04
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-04-10 21:48:33 Last Seen2024-05-04 09:40:18 Times Seen125 Hash 33486b11507c96f209cfa9fb99be625a d4cc59fa069c33e11c12d1e4c3e87bf92461680d 969c00ced01ea58997f8fffac908a105a86d950518b246eff0cb9984b824bdee Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	115 B	2023-06-05	2023-06-18
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-18 22:23:32 Times Seen2 Hash 028725551f6a09ad8f944bfd2cd0ed5c e1811ead0598c4b0463d6469ca1a3e63c3aa7847 1938a27292741911936e4b4f068a486cbe20326cb8da896551298e103cafd0db Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	101 B	2023-03-07	2024-05-04
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:01:41 Last Seen2024-05-04 09:40:18 Times Seen528 Hash 64cd091120d9728b26700590b601af43 b4df948a81718f30fb8ea03304bea81d2c4fe31a 5457f6f8b0c00af488e2747e8a14a9f5fa51f4b9c5579eda986e5c3e21d1a15a Loading...

	www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__ru.js	452 kB	2023-06-03	2023-06-08
Pretty URL www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__ru.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-03 09:43:07 Last Seen2023-06-08 23:12:47 Times Seen130 Hash d028845a362dc2cb7fad8d68a9142dcc 000fde98ae903846b92a26d0aba039a5a0e762ea 904ab970c395108963b62f3f0cee4bd33915145da744d8129b0d581062442cf6 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	1.2 kB	2023-06-05	2023-06-05
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-05 08:40:57 Times Seen1 Hash eb9176024a233f5202e88214a4c08e3a 67f72c013d7498f1178823ba8244a2445bc3e6ce c4ebcbfad19a5eab7cf6cea2eba1675317b413f747419548d72eab7142eda299 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	14 B	2023-03-07	2024-05-03
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:08:59 Last Seen2024-05-03 22:15:55 Times Seen337 Hash d758e957ca65a07184e568a83a351faf 0322a9c4e29aaaaa681908c9f3d99de1f93b9ddf 7fb68d55dfcf5ba40586422d6af2c611b6c9666a4d4d8471383d81b6d595a12a Loading...

	www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru	905 B	2023-06-03	2023-06-08
Pretty URL www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-03 09:43:07 Last Seen2023-06-08 23:12:46 Times Seen75 Hash a9e9245f6dfbc6448e65d19a8a8e33e1 4eaecece5dd18d26eef7055c342c2ebe47b786d5 a0b963179f38bc77c2064701a4f43c47b93953aa4cae2a4d418c76bcecbf6a92 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	318 B	2023-03-08	2023-06-08
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:00:56 Last Seen2023-06-08 15:13:48 Times Seen7 Hash 902196dacbf4634e29eb93eaa767aea6 30db9121e4e80fb10f3eedd3baa0f2b67a85b0b6 5f5728efbf2cc75b1866325946c1d53176ddcf4b11575237651004e3e8930f5a Loading...

	unknown	199 B	2023-06-05	2023-06-05
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-05 08:40:57 Times Seen1 Hash 11566309072d249d1c2ed079fb1e5d72 45071f4668a558e707958238705badfa309fbab3 95ff3ee8a2b5ee7b4a668b466b62e839fb370b8538f60a1c7c0017642ba7effa Loading...

	translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main	218 kB	2023-05-26	2023-06-05
Pretty URL translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-26 03:31:46 Last Seen2023-06-05 23:38:25 Times Seen1128 Hash e573f520bd8dcdfb40e91a9e0e66e527 7182f9fdf1d72c2f42cbbfda617cb81e34a44044 366f944dab73002110a6add4e66a3eb915695bc4f1244da14080a4bc248880c6 Loading...

	rg4u.clan.su/.s/src/ulightbox/ulightbox.min.js	22 kB	2023-03-13	2023-08-29
Pretty URL rg4u.clan.su/.s/src/ulightbox/ulightbox.min.js IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 19:50:49 Last Seen2023-08-29 00:13:38 Times Seen1347 Hash 862f093f507f858ee329c39576f1c041 f3da76f6d4071020bf9c82ddbcbb1ad95d74108f a0c876daa26fa9e875abc22a4e88e310a20ea1fdb45451e4af22b907dbf22da8 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	909 B	2023-06-05	2023-06-05
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-05 08:40:57 Times Seen1 Hash 0117b64e47d7f0a33704c3b45668eecc aea7b6e31cb8d7dddb89a58120264bc690e3ad57 eb58b7298f2acfcfe79f743579d5fd9b454794d4033cc8d620edb7979b18e7b2 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	82 B	2023-06-05	2023-06-18
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-18 22:23:32 Times Seen2 Hash 1bccd01e2defecb85213a22e71101c28 0bdec38ab2fc94472c465539bc5e3063aaf8d6a5 7bc6894e73f5b525cb1e37cf27a4a08f2d51160518a02e6ca1936cd744714ef0 Loading...

	rg4u.clan.su/mchat/	0 B	2023-03-07	2024-05-05
Pretty URL rg4u.clan.su/mchat/ IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 03:13:14 Times Seen37352548 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	36 B	2023-05-12	2024-01-16
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-05-12 05:47:56 Last Seen2024-01-16 04:00:46 Times Seen32 Hash 16302d42e84f5e62a98df0118bed9d37 723b016cb08ca11f55cebc8c9871c41214e5de3b ac21b04c97dd57d6537179472a96372e65bbb5a4d7804c79b91ff08ffa89f6e9 Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	488 B	2023-06-05	2023-10-01
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-10-01 22:36:55 Times Seen5 Hash 712b27022dc67b8550338925642cb7b3 b40f972c652b752b4aefe69fc21b6a1522fafd9d 1cbe5f0d0defd29539e2e26c8ef07889fb3488c18c10ff3dc5f4668702fe9bfb Loading...

	rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535	208 B	2023-06-05	2023-06-18
Pretty URL rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 IP 213.174.157.136 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-18 22:23:32 Times Seen2 Hash 24acd5be3643baa775f6d2682cb4ce2c 5caef05e993c2cf98c10d5961ec25a7fba97559e bad2d2b79f26052d65c6e252e36a8752b03726a3d9bdb585e42d8001f786fea8 Loading...

	rg4u.clan.su/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_conf	80 kB	2023-06-05	2023-06-05
Pretty URL rg4u.clan.su/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_conf IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 08:37:12 Last Seen2023-06-05 08:40:57 Times Seen2 Hash 29226b7b86889824e59567ffb5fd88f4 e9de391cfb3683b94defce1e8cbaf69ebdb045ee b0ac20c0cca211d62e1bc57cca2924dcafbff9b5756f833556babe83f3b83751 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5b291baa7ea39519e6bc3e1dd9913d1b	660 B	2023-03-26	2023-06-18
Pretty Observations First Seen2023-03-26 08:36:01 Last Seen2023-06-18 22:23:32 Times Seen3 Hash 5b291baa7ea39519e6bc3e1dd9913d1b 682816c05053c2c2e913c73405cf6648633c7b4f 1df7207c61ccc067bcf551ea1be1831b1784e42019964f01c18acf64d7bcaf76 Loading...

	#2 Write - a61c61530a66d96473878a6aa0a62143	391 B	2023-06-05	2023-06-05
Pretty Observations First Seen2023-06-05 08:40:57 Last Seen2023-06-05 08:40:57 Times Seen1 Hash a61c61530a66d96473878a6aa0a62143 e9f263638c3dcc9ed6131a3647dcca8a203d0a16 185eac333db16a05cdf2888456ade803f13182be97577e7bd4f5186aeb6854d1 Loading...

HTTP Transactions (92)

URL IP Response Size

rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

213.174.157.136

200 OK

178 B

URL User Request GET HTTP/1.1
rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Keep-Alive: timeout=15
Location: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
X-Frame-Options: SAMEORIGIN

rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

213.174.157.136

200 OK

20 kB

URL User Request GET HTTP/1.1
rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (7281)
Size
20 kB (19976 bytes)
Hash
6c1a0b2ca0cf3e8a61dd7c984843cb0f
d6a507f340d2fd1a91c2fba576c5282278abbeb7
cefb8a4ce8493214af243d5ee9f70fe91c3414354508249c098e21719a252a10

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535 HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: 6rg4uuCoz=; path=/; expires=Sat, 05-Jun-2021 06:40:31 GMT; HttpOnly; domain=.rg4u.clan.su
6rg4udr=FwJeg31k; path=/; expires=Tue, 04-Jun-2024 06:40:31 GMT; domain=.rg4u.clan.su
6rg4uuzll=1685947231; path=/; expires=Tue, 04-Jun-2024 06:40:31 GMT; domain=.rg4u.clan.su
ucvid=tlA224S03d; domain=clan.su; path=/; expires=Tue, 04-Jun-2024 06:40:31 GMT
Pragma: no-cache
Vary: host
Last-Modified: Mon, 05 Jun 2023 06:37:02 GMT
Cache-Control: no-cache,no-store, private
Content-Encoding: gzip

www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru

142.250.74.132

200 OK

581 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?onload=reCallback&render=explicit&hl=ru
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintA8:95:C3:CB:D6:3F:BC:0A:7D:FF:36:72:5E:2F:56:26:9F:EB:77:0E
ValidityFri, 19 May 2023 12:58:13 GMT - Fri, 11 Aug 2023 12:58:12 GMT

File type
ASCII text, with very long lines (905), with no line terminators
Size
581 B (581 bytes)
Hash
a9e9245f6dfbc6448e65d19a8a8e33e1
4eaecece5dd18d26eef7055c342c2ebe47b786d5
a0b963179f38bc77c2064701a4f43c47b93953aa4cae2a4d418c76bcecbf6a92

HTTP Headers

GET /recaptcha/api.js?onload=reCallback&render=explicit&hl=ru HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Mon, 05 Jun 2023 06:40:33 GMT
date: Mon, 05 Jun 2023 06:40:33 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 581
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rg4u.clan.su/.s/src/ulightbox/ulightbox.min.css

213.174.157.136

200 OK

1.4 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/ulightbox/ulightbox.min.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (4552), with no line terminators
Size
1.4 kB (1359 bytes)
Hash
a05316c4712b56d4de87d83d57fc9a74
22db34df3400db68355d8b3e06c01c4f964ad484
5ddb669cd05d5c481a798631d2bd02b041950600ebaa4d419833fe0f01a04955

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/ulightbox/ulightbox.min.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/css
Last-Modified: Tue, 24 May 2022 12:36:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"628cd15d-11c8"
Expires: Sun, 25 Jun 2023 06:40:31 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/socCom.min.css

213.174.157.136

200 OK

1.5 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/socCom.min.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (4930), with no line terminators
Size
1.5 kB (1475 bytes)
Hash
a0cef58781102493161f73355462363b
142bda5abd593947316e7d3b99b49818cb2666a9
80222802f348b441b45e8b0549da7fc5fd9a832ca91f446ce37784f367dabcbb

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/socCom.min.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/css
Last-Modified: Wed, 05 Apr 2023 11:26:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"642d5af9-1342"
Expires: Sun, 25 Jun 2023 06:40:31 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/social.css

213.174.157.136

200 OK

610 B

URL GET HTTP/1.1
rg4u.clan.su/.s/src/social.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (442)
Size
610 B (610 bytes)
Hash
917872d4bcfea5e238f1f02cef7a9596
84c5e7eb25c8d7b11639ea428a9fac50bab26f84
12c919cc8994233c2f67bdcf1185997781ccfe1ce3405308e31bfd33d260bd74

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/social.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/css
Last-Modified: Wed, 01 Dec 2021 11:13:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"61a758f3-9b8"
Expires: Sun, 25 Jun 2023 06:40:31 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/socCom.min.js

213.174.157.136

200 OK

1.6 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/socCom.min.js
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (4079), with no line terminators
Size
1.6 kB (1574 bytes)
Hash
b3ae3806a2d5d103d9759bd8e74fffef
fe02d0c200d5c0ed5c14bd0006f736aca0215ff1
c89ad18e16b3216c8fc878ecd6b79441f3fc8733781c976d3b866912da6a1bcd

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/socCom.min.js HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/javascript
Last-Modified: Wed, 05 Apr 2023 11:26:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"642d5af9-fef"
Expires: Sun, 25 Jun 2023 06:40:31 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

s106.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=1&r=0.18291961115165

213.174.157.136

200 OK

0 B

URL GET HTTP/1.1
s106.ucoz.net/cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=1&r=0.18291961115165
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cgi/uutils.fcg?a=uSD&ca=2&ug=999&isp=1&r=0.18291961115165 HTTP/1.1
Host: s106.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:32 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

216.58.211.14

301 Moved Permanently

0 B

URL GET HTTP/1.1
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
216.58.211.14:80
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 05 Jun 2023 06:40:33 GMT
Location: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Cross-Origin-Opener-Policy: same-origin-allow-popups
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

rg4u.clan.su/.s/src/base.min.css

213.174.157.136

200 OK

6.2 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/base.min.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (24519), with no line terminators
Size
6.2 kB (6184 bytes)
Hash
cfa5d689b5b2f45ea3e3cf33415da504
dd71774375b3808c4483688e68833113c6e2c236
55998c0419cad6f5f33925fa11a2a38fd7586d3a5c9315f279d2b42a310460d2

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/base.min.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:32 GMT
Content-Type: text/css
Last-Modified: Tue, 02 May 2023 08:55:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"6450cff1-5fc7"
Expires: Sun, 25 Jun 2023 06:40:32 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/layer1.min.css

213.174.157.136

200 OK

5.2 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/layer1.min.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (21729), with no line terminators
Size
5.2 kB (5237 bytes)
Hash
32af6fca85835ec698c63ec72acd1e2b
b74d5ab5d8fe26c416952ea856f14287b2cc5f6d
91a71b6d37f987c374523e5390829d4e8909ada3884949a3cbb8a9a2692e763b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/layer1.min.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:32 GMT
Content-Type: text/css
Last-Modified: Thu, 27 Apr 2023 12:44:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"644a6e48-54e1"
Expires: Sun, 25 Jun 2023 06:40:32 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/_st/my.css

213.174.157.136

200 OK

6.0 kB

URL GET HTTP/1.1
rg4u.clan.su/_st/my.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
assembler source, Unicode text, UTF-8 text, with very long lines (409)
Size
6.0 kB (6023 bytes)
Hash
23a898a858f0d1da4ffc82353e4531c9
c7760897fae386f2df57127420de86ddd474af66
9683f999d8a04153585ee2f27221372f4a1aca4ab22d8ec96ba42d12c73ed3bb

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_st/my.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/css
Last-Modified: Sat, 10 Oct 2020 17:11:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5f81eb48-6eb4"
Expires: Sun, 25 Jun 2023 06:40:31 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/ulightbox/ulightbox.min.js

213.174.157.136

200 OK

7.7 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/ulightbox/ulightbox.min.js
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (22313), with no line terminators
Size
7.7 kB (7650 bytes)
Hash
862f093f507f858ee329c39576f1c041
f3da76f6d4071020bf9c82ddbcbb1ad95d74108f
a0c876daa26fa9e875abc22a4e88e310a20ea1fdb45451e4af22b907dbf22da8

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/ulightbox/ulightbox.min.js HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:31 GMT
Content-Type: text/javascript
Last-Modified: Wed, 05 Apr 2023 11:27:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"642d5b04-5729"
Expires: Sun, 25 Jun 2023 06:40:31 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/video.css

213.174.157.136

200 OK

6.4 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/video.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (1526)
Size
6.4 kB (6395 bytes)
Hash
1ff68247c5c4aec969a39aba029f1b0c
a5e214620bce0e79e8c9c02190caf477da3e23a9
0e443a3521fbf57d7b706886805474e607dea288f97ed13e483a1d919ce0c923

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/video.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:32 GMT
Content-Type: text/css
Last-Modified: Mon, 16 Jul 2018 12:25:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5b4c8ebe-6e2f"
Expires: Sun, 25 Jun 2023 06:40:32 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/js/afisha01.js?144

213.174.157.136

200 OK

1.6 kB

URL GET HTTP/1.1
rg4u.clan.su/js/afisha01.js?144
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
Unicode text, UTF-8 (with BOM) text
Size
1.6 kB (1591 bytes)
Hash
2d2030b18ca12a5f2c8ad81268a07ede
21144f696ba8893f0fa3d5f06334098af2806d3d
f6cfd1f45c65154efb470726785796e7941fd38830c19181dbc14645f94b357e

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /js/afisha01.js?144 HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:32 GMT
Content-Type: text/javascript
Last-Modified: Fri, 24 Feb 2023 13:51:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"63f8c0d2-eda"
Expires: Sun, 25 Jun 2023 06:40:32 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/uwnd.min.js

213.174.157.136

200 OK

57 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/uwnd.min.js
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (65536), with no line terminators
Size
57 kB (56796 bytes)
Hash
0e2dd07983ad50fa9205b6a9d24bc79f
8eafe02a75c83f60d40d1cee73e2770805e54a9e
8993dbc5102beb8dc4ebfef06873c26198d0f2913627399034816b16715336ad

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/uwnd.min.js HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:32 GMT
Content-Type: text/javascript
Last-Modified: Mon, 25 Apr 2022 10:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"626678ba-3334b"
Expires: Sun, 25 Jun 2023 06:40:32 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/.s/src/jquery-1.12.4.min.js

213.174.157.136

200 OK

34 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/jquery-1.12.4.min.js
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/mchat/

File type
ASCII text, with very long lines (32077)
Size
34 kB (33793 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/jquery-1.12.4.min.js HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:32 GMT
Content-Type: text/javascript
Last-Modified: Wed, 05 Apr 2023 11:26:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"642d5af8-17b8b"
Expires: Sun, 25 Jun 2023 06:40:32 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

sys000.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=6rg4u

195.216.243.224

200 OK

337 B

URL GET HTTP/1.1
sys000.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=6rg4u
IP
195.216.243.224:80
ASN
#57724 Ddos-guard Ltd

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text
Size
337 B (337 bytes)
Hash
1ae652f6af4e94763227a2d1b4ac90f4
2d86af2c5cba3f944f28aaab25739d9b64cbeddb
686124ad778417dca88c8a468ce2a3e16b6a1a025a679632ca8e2c55d61532fd

HTTP Headers

GET /cgi/uutils.fcg?a=soc_comment_get_data&site=6rg4u HTTP/1.1
Host: sys000.ucoz.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
P3P: CP="CAO PSA OUR"
Set-Cookie: uSoc=; path=/; expires=Sun, 05-Jun-2022 06:40:36 GMT; domain=.ucoz.net; SameSite=None; Secure
uSoc101=; path=/; expires=Sun, 05-Jun-2022 06:40:36 GMT; domain=.ucoz.net; SameSite=None; Secure
uSoc102=; path=/; expires=Sun, 05-Jun-2022 06:40:36 GMT; domain=.ucoz.net; SameSite=None; Secure
uSoc107=; path=/; expires=Sun, 05-Jun-2022 06:40:36 GMT; domain=.ucoz.net; SameSite=None; Secure
uSoc109=; path=/; expires=Sun, 05-Jun-2022 06:40:36 GMT; domain=.ucoz.net; SameSite=None; Secure
Cache-Control: no-cache,no-store
Pragma: no-cache
Vary: host,Accept-Encoding
Content-Encoding: gzip

rg4u.clan.su/.s/img/1px.gif

213.174.157.136

200 OK

43 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/1px.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/1px.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Wed, 05 Apr 2023 11:26:09 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "642d5ad1-2b"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/img/video.gif

213.174.157.136

200 OK

99 B

URL GET HTTP/1.1
rg4u.clan.su/img/video.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 14 x 12\012- data
Size
99 B (99 bytes)
Hash
6ebdcf673bb43def52aecb61282aee72
210c36cae85fd92dca539a89601bc2b866cd1007
9d2b759f6e72ed813fe36c382dbeb882d6857f50ccc6e53793a556a1403c9fd1

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /img/video.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 99
Last-Modified: Fri, 29 Jul 2011 05:01:58 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4e323ec6-63"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css

142.250.74.99

200 OK

4.2 kB

URL GET HTTP/2
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (23228), with no line terminators
Size
4.2 kB (4205 bytes)
Hash
edf649e1b11a33833272345187bd4eec
73427e2ab282e5f89021e1c7d20f83eaf9830283
553d768412bca504a0c8771705f681dad359370bdcea637298ca5aa486017a06

HTTP Headers

GET /_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 4205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:51:33 GMT
expires: Thu, 30 May 2024 00:51:33 GMT
cache-control: public, max-age=31536000
age: 452942
last-modified: Sun, 12 Mar 2023 00:11:57 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rg4u.clan.su/.s/t/291/1.gif

213.174.157.136

200 OK

859 B

URL GET HTTP/1.1
rg4u.clan.su/.s/t/291/1.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 5 x 155\012- data
Size
859 B (859 bytes)
Hash
a0848367e091941de0f73d96d601deb6
e6316c39bcca4383a08210607b5ed18e9dc584fd
93eca1935b273aaac0d9b9c4f2577df53b6228cecddd8267dab9686c028ec378

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/t/291/1.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 859
Last-Modified: Wed, 03 Dec 2014 12:48:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f06a6-35b"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/imgrm/motus.gif

213.174.157.136

200 OK

9.3 kB

URL GET HTTP/1.1
rg4u.clan.su/imgrm/motus.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 180 x 50\012- data
Size
9.3 kB (9314 bytes)
Hash
4572bda208e8d626daf3378d6ddc7148
0a9e3317ccd5f30b5fce0a5f68751f07e757da75
b5edb40e3adf3508564e1e3019f89819836e53ea408d95c998ed218187278a91

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /imgrm/motus.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 9314
Last-Modified: Mon, 03 Feb 2020 05:16:31 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5e37acaf-2462"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/imgrm/rsg-shop-180x123-RG4U.jpg

213.174.157.136

200 OK

7.9 kB

URL GET HTTP/1.1
rg4u.clan.su/imgrm/rsg-shop-180x123-RG4U.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.02, resolution (DPCM), density 0x0, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1], comment: "ACD Systems Digital Imaging", baseline, precision 8, 180x123, components 3\012- data
Size
7.9 kB (7863 bytes)
Hash
0768ecb95b2285d8434e2e675eb4e1cb
2d07ab714b77b5236ab8d4b0217e605a8d744a63
8eb5bba69ba69a0ace87d5a93af026e8e157db838bba60eb2f40e587ab3f30ad

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /imgrm/rsg-shop-180x123-RG4U.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 7863
Last-Modified: Mon, 03 Feb 2020 05:37:00 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5e37b17c-1eb7"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

s05.flagcounter.com/count/aRp2/bg_FFECC7/txt_691400/border_691400/columns_2/maxflags_20/viewers_0/labels_0/pageviews_1/flags_0/

66.154.110.218

200 OK

15 kB

URL GET HTTP/1.1
s05.flagcounter.com/count/aRp2/bg_FFECC7/txt_691400/border_691400/columns_2/maxflags_20/viewers_0/labels_0/pageviews_1/flags_0/
IP
66.154.110.218:80
ASN
#8100 ASN-QUADRANET-GLOBAL

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 150 x 202, 8-bit/color RGB, non-interlaced\012- data
Size
15 kB (14826 bytes)
Hash
ece9c382b7b754ea811ff33363eff658
6ea1bb1d9262eaca9edb2d5163c48c23436b2022
5789ed8c37cadc123b41c516353f54177b2b48138e043277aa3c6a2c1d56b517

HTTP Headers

GET /count/aRp2/bg_FFECC7/txt_691400/border_691400/columns_2/maxflags_20/viewers_0/labels_0/pageviews_1/flags_0/ HTTP/1.1
Host: s05.flagcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 06:40:36 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Pragma: no-cache
Cache-control: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png

hm-gimnast.ru/img/logo.png

193.107.237.56

200 OK

177 kB

URL GET HTTP/1.1
hm-gimnast.ru/img/logo.png
IP
193.107.237.56:80
ASN
#44128 Internet-Pro LLC

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 500 x 375, 8-bit/color RGBA, non-interlaced\012- data
Size
177 kB (177229 bytes)
Hash
4c2fb6d0a7f9ead37757f06c5f7d61b7
417258bb6afb4ae0f42d66450a02f8e8d2a16c02
921d312a66b4073e5949d135579b7118b3bb516152e31960e198b27c832aaa2b

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: hm-gimnast.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/png
Content-Length: 177229
Last-Modified: Tue, 06 Dec 2016 10:40:34 GMT
Connection: keep-alive
ETag: "584695a2-2b44d"
Expires: Tue, 04 Jun 2024 06:40:35 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

rg4u.clan.su/.s/t/291/4.gif

213.174.157.136

200 OK

328 B

URL GET HTTP/1.1
rg4u.clan.su/.s/t/291/4.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 6 x 36\012- data
Size
328 B (328 bytes)
Hash
369b4b6d9e495a5595c17021c545ec36
ea1feaeab2f304b815139dfd2bdc6beacd1cb041
19a0ef9596e3c798adb4ae87683aed83128b6f9c342a0ca865a31db346c9640f

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/t/291/4.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 328
Last-Modified: Wed, 03 Dec 2014 12:48:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f06a6-148"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_pu/0/16003675.jpg

213.174.157.136

200 OK

12 kB

URL GET HTTP/1.1
rg4u.clan.su/_pu/0/16003675.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 200x262, components 3\012- data
Size
12 kB (12057 bytes)
Hash
f217560c194f25ec6804ea4ea0be3c07
f0704257e49a12f756d6e67878ed9fb1a35415fa
1e82610750d7b4d630099e207808f8b9ec273a4e8736b12e23b57ae81a27e9d6

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_pu/0/16003675.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 12057
Last-Modified: Wed, 25 Aug 2010 12:09:34 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c7507fe-2f19"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/Image/posters/UTS.jpg

213.174.157.136

200 OK

28 kB

URL GET HTTP/1.1
rg4u.clan.su/Image/posters/UTS.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 2111x2111, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2015:06:22 09:30:25], baseline, precision 8, 180x180, components 3\012- data
Size
28 kB (27490 bytes)
Hash
c51b6ba681a6260c2f5f3a774956f3e6
cea6a1c8e16845cb3449e67a86899ecc66ed2fae
97d4e9bf998c12a060e2ea1ebb8134fd41c69a9ccacf959795d4d1c889c489d6

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /Image/posters/UTS.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 27490
Last-Modified: Mon, 22 Jun 2015 06:30:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5587aba1-6b62"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/t/291/5.gif

213.174.157.136

200 OK

85 B

URL GET HTTP/1.1
rg4u.clan.su/.s/t/291/5.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 18 x 18\012- data
Size
85 B (85 bytes)
Hash
44294fdf67bac608e70db298fcf5e2bb
9f2b740cd28434d2711a6c9d48db137e328bb466
36b2987d8c11cd813f995d53578652d9961fa5608feab51eae743bb63fe817a3

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/t/291/5.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 85
Last-Modified: Wed, 03 Dec 2014 12:48:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f06a6-55"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/t/291/2.jpg

213.174.157.136

200 OK

20 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/t/291/2.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 489x155, components 3\012- data
Size
20 kB (19814 bytes)
Hash
457f79b59bf6332ebfdcc2510b2c6d2a
237f953a8860b666d3857528a7205cdc208bc364
173624b0b8095b828fb320505a0d7479a5e14127a8a8ec3e71d72cdf7a5edb8b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/t/291/2.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 19814
Last-Modified: Wed, 03 Dec 2014 12:48:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f06a6-4d66"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/stars/3/12.png

213.174.157.136

200 OK

1.2 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/img/stars/3/12.png
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 12 x 36, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1161 bytes)
Hash
350693463200bbe9388eec7d1a208289
9a310a7dd3c068636b224d253e0df9ce09784df2
aa22bfd07d6d73ee1e2fc304bf81625c716e83f81e1dfc044560b54595bdec28

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/stars/3/12.png HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/png
Content-Length: 1161
Last-Modified: Wed, 05 Apr 2023 11:26:37 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "642d5aed-489"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/icon/social/vk.svg

213.174.157.136

200 OK

772 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/icon/social/vk.svg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
772 B (772 bytes)
Hash
7c4eb8cae0b565c023c4406add5f8041
079ce5d3277df672b57a73476a28d0bf0b1c1fe2
05a3f8587400860aa87bb18c9a9cd5b22a45ca4fc4a37a7922d29e48549b2fc9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/icon/social/vk.svg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/.s/src/social.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/svg+xml
Content-Length: 772
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-304"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/t/291/8.gif

213.174.157.136

200 OK

197 B

URL GET HTTP/1.1
rg4u.clan.su/.s/t/291/8.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 14 x 14\012- data
Size
197 B (197 bytes)
Hash
bf817310ff1a751b2c1ed9897be8a21e
d99db2db1cd07b066eae5fc3000100eabff9acf9
82765150985b8f086ca199431a995f2a7046603349b7b4fae2edebb1c2d452f9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/t/291/8.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/_st/my.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 197
Last-Modified: Wed, 03 Dec 2014 12:48:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f06a6-c5"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/t/291/7.gif

213.174.157.136

200 OK

165 B

URL GET HTTP/1.1
rg4u.clan.su/.s/t/291/7.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 8 x 8\012- data
Size
165 B (165 bytes)
Hash
386a536761b0b403f348ebeec35f3a10
eda665876bc7df652eb400f39f151acaea9888e1
57aca0624b67be0ec0b8eedbbcc4f0c2bebb018bba813da048d437c6a1863708

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/t/291/7.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/_st/my.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 165
Last-Modified: Wed, 03 Dec 2014 12:48:38 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f06a6-a5"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/logo/3.gif

213.174.157.136

200 OK

28 kB

URL GET HTTP/1.1
rg4u.clan.su/logo/3.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 400 x 155\012- data
Size
28 kB (27875 bytes)
Hash
64a08fcbd194073f439650e6e22400ba
17d7faa2d9f56726d067281d7cc4e4e37a239456
4b498e075c5f6d0b9c7d7ab6b05c2e4a83e763f44c9ab98f14b0f26d90b60fb5

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /logo/3.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 27875
Last-Modified: Mon, 24 Jan 2011 20:16:08 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4d3dde08-6ce3"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/icon/social/fb.svg

213.174.157.136

200 OK

611 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/icon/social/fb.svg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
611 B (611 bytes)
Hash
d178cc46dcbcf2b6f19445674fe3fe58
26f9747489d9e796926f7bbe11817c420afda3af
a9265d79c9ff74d4deeab5dce9643ed838018a6b4346605e002867858534f4bf

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/icon/social/fb.svg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/.s/src/social.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/svg+xml
Content-Length: 611
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-263"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/icon/social/ya.svg

213.174.157.136

200 OK

660 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/icon/social/ya.svg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
660 B (660 bytes)
Hash
7676c3eee5bd955efe08fd05367a443b
595e4e8dbf5ff472606434d0f45806d088de4c0c
b72d3f61ac56b4aa27bad5769589705004aff1f0ad341785ca72dc46ba16de5b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/icon/social/ya.svg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/.s/src/social.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/svg+xml
Content-Length: 660
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-294"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/icon/social/gp.svg

213.174.157.136

200 OK

550 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/icon/social/gp.svg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (534), with no line terminators
Size
550 B (550 bytes)
Hash
10d296226de121de55180e5b1b7d9d49
5980293f4f290734d09459d068a8c3996e43fe40
a657a4d5d05c6cd9b9f881ab6941e71f725c7eb451c9f37ceb514e45fdfd441d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/icon/social/gp.svg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/.s/src/social.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/svg+xml
Content-Length: 550
Last-Modified: Fri, 01 Feb 2019 12:57:26 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5c544236-226"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/icon/social/ok.svg

213.174.157.136

200 OK

1.9 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/img/icon/social/ok.svg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.9 kB (1858 bytes)
Hash
08bbc2fa9b08463b0d061041d62b408e
370c53ccc3edd296cd35fb9e3de20dabfdae78d9
e1369586f1d82834ecc0ccab2f5f1a6f7565f2c715243d956bd7eb1404c8fba9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/icon/social/ok.svg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/.s/src/social.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/svg+xml
Content-Length: 1858
Last-Modified: Mon, 26 Jun 2017 11:42:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5950f318-742"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

216.58.211.14

301 Moved Permanently

29 kB

URL GET HTTP/1.1
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP
216.58.211.14:80
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
ASCII text, with very long lines (2450)
Size
29 kB (28902 bytes)
Hash
95570675b6c814a8eba3a1ff89d1a88e
20db0e97ca61e1c16a9c0b5e4c9e5588780eb4c0
11b6bcda06ca54317114081434a721818cd81988524a745ec41e954d3b3d1cc6

HTTP Headers

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://rg4u.clan.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Jun 2023 06:40:33 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+837; expires=Wed, 04-Jun-2025 06:40:33 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rg4u.clan.su/img/music_key.gif

213.174.157.136

200 OK

691 B

URL GET HTTP/1.1
rg4u.clan.su/img/music_key.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 16 x 40\012- data
Size
691 B (691 bytes)
Hash
238e60ba2b96fc551568f14e7a284e76
9802a7f7bbf5f1606a6e1b08e859ff1fc5d8a33b
7dc90c7b5abe7b1b0a65694a4b5b532af5bd32c4a138fc6c1e8063113542845a

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /img/music_key.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 691
Last-Modified: Thu, 28 Jul 2011 06:44:18 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4e310542-2b3"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_st/my.css

213.174.157.136

200 OK

6.0 kB

URL GET HTTP/1.1
rg4u.clan.su/_st/my.css
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
assembler source, Unicode text, UTF-8 text, with very long lines (409)
Size
6.0 kB (6023 bytes)
Hash
23a898a858f0d1da4ffc82353e4531c9
c7760897fae386f2df57127420de86ddd474af66
9683f999d8a04153585ee2f27221372f4a1aca4ab22d8ec96ba42d12c73ed3bb

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_st/my.css HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/mchat/
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: text/css
Last-Modified: Sat, 10 Oct 2020 17:11:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5f81eb48-6eb4"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/imgr/rek-908x108.jpg

213.174.157.136

200 OK

53 kB

URL GET HTTP/1.1
rg4u.clan.su/imgr/rek-908x108.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2015:06:22 12:51:31], baseline, precision 8, 908x108, components 3\012- data
Size
53 kB (52893 bytes)
Hash
28d67ccec62c1f21aaf7216a21b90139
53e9caacadb99a8733c4b3f3c9159e94c0bf66c1
d48daffea6074a23590777d7dc7dcb51fb57e31d9a33f5a164e1f03d9f9df22c

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /imgr/rek-908x108.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 52893
Last-Modified: Tue, 25 Oct 2016 11:41:37 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "580f44f1-ce9d"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/imgr/rg-training5.jpg

213.174.157.136

200 OK

90 kB

URL GET HTTP/1.1
rg4u.clan.su/imgr/rg-training5.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x474, components 3\012- data
Size
90 kB (89463 bytes)
Hash
0c7c1f02cfdb22b36d6452de5756f4f1
17ae9127e81a6ccb2ccf6ddc81179ddd67a5f39d
66ce06266508b172f697d65a5eb49d4d95197ef945d2d0acbf531fdb75f0e913

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /imgr/rg-training5.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 89463
Last-Modified: Thu, 18 May 2023 07:02:22 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "6465cd7e-15d77"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/imgr/premiumsportproducts908x108v2.gif

213.174.157.136

200 OK

124 kB

URL GET HTTP/1.1
rg4u.clan.su/imgr/premiumsportproducts908x108v2.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 908 x 108\012- data
Size
124 kB (123483 bytes)
Hash
0a4d5d15a69ba0a2f91a73d2604ebfe7
f1e6caf68ed1c6e95a8687f019f485ef384e607a
9998039906a792b1a1f5a1d4042eba1541e6ef98f1b15654fb09fa86f4b27c6f

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /imgr/premiumsportproducts908x108v2.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/gif
Content-Length: 123483
Last-Modified: Mon, 05 Jul 2021 17:01:40 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "60e33af4-1e25b"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_vi/4/s20599870.jpg

213.174.157.136

200 OK

5.2 kB

URL GET HTTP/1.1
rg4u.clan.su/_vi/4/s20599870.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 150x84, components 3\012- data
Size
5.2 kB (5155 bytes)
Hash
c51b004cc2cc1f759091084a510d3588
dd89395b4fd34ca24b9d5bdf9bf32aa6454ed7cd
55222fca468e46669a2f596504167dfa6844a3af789b9abf2e7fea3722de6226

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_vi/4/s20599870.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 5155
Last-Modified: Fri, 27 Jan 2023 14:23:34 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "63d3de66-1423"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/src/uwnd.min.js?2

213.174.157.136

200 OK

57 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/uwnd.min.js?2
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/mchat/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
57 kB (56796 bytes)
Hash
0e2dd07983ad50fa9205b6a9d24bc79f
8eafe02a75c83f60d40d1cee73e2770805e54a9e
8993dbc5102beb8dc4ebfef06873c26198d0f2913627399034816b16715336ad

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/uwnd.min.js?2 HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/mchat/
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: text/javascript
Last-Modified: Mon, 25 Apr 2022 10:32:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"626678ba-3334b"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/_vi/4/s96005384.jpg

213.174.157.136

200 OK

6.2 kB

URL GET HTTP/1.1
rg4u.clan.su/_vi/4/s96005384.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 150x84, components 3\012- data
Size
6.2 kB (6222 bytes)
Hash
9dcd8b0aeeedbd609ec4bddc78fb9d56
cd007ea479dc13b4249c1729c126dab9b2e439fa
f2e22153941242eff25acda5247a676e09ae83e9be02aa5e4f16e68f4bd8c7ab

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_vi/4/s96005384.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 6222
Last-Modified: Sun, 08 Jan 2023 05:43:10 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "63ba57ee-184e"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_vi/4/s35861115.jpg

213.174.157.136

200 OK

5.9 kB

URL GET HTTP/1.1
rg4u.clan.su/_vi/4/s35861115.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 150x83, components 3\012- data
Size
5.9 kB (5946 bytes)
Hash
b5fa884a0d6353f8cf57be61a2c16490
1b227ec805088034975eebb2b2f22d0a41540864
129db0d4fbcf58d3441973335c56000a6f46dd62d23671f7d5cae87c3bfc960d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_vi/4/s35861115.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 5946
Last-Modified: Sat, 13 Aug 2022 07:27:21 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "62f75259-173a"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/src/jquery-1.12.4.min.js

213.174.157.136

200 OK

34 kB

URL GET HTTP/1.1
rg4u.clan.su/.s/src/jquery-1.12.4.min.js
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/mchat/

File type
ASCII text, with very long lines (32077)
Size
34 kB (33793 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/src/jquery-1.12.4.min.js HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/mchat/
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: text/javascript
Last-Modified: Wed, 05 Apr 2023 11:26:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"642d5af8-17b8b"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

rg4u.clan.su/img/uico-view.png

213.174.157.136

200 OK

1.2 kB

URL GET HTTP/1.1
rg4u.clan.su/img/uico-view.png
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 16 x 10, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1153 bytes)
Hash
b434c30114acf85d9dece4246788cd1d
38bf468836c0d6bdfa0472b110734d7a63e5583d
23977892f420e43b5330920ff38306f8e39b111e5dcd32090982fc51b6c31d64

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /img/uico-view.png HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/png
Content-Length: 1153
Last-Modified: Mon, 27 Jun 2022 13:37:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "62b9b287-481"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/416574504.jpg

213.174.157.136

200 OK

1.2 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/416574504.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.2 kB (1168 bytes)
Hash
12cbe0351253a3bf43388e7e0de11252
cbc6505590dad88aabef3e3ff0ae210d5b7699e5
7b90138f299be188d70f6f8e9449c1d2f1cf37be5d626b53baacc852a128a3e4

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/416574504.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1168
Last-Modified: Wed, 22 Sep 2010 13:16:47 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a01bf-490"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/623952537.jpg

213.174.157.136

200 OK

1.0 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/623952537.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.0 kB (1022 bytes)
Hash
dddf4602094cf7e785372cfc3368f7f4
401686542f0faa988a5fa6e80c3b144494e9c113
961e82d372f533c2e8221df02b7c9fc0f3d2531d939d317b732fb214785e4f11

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/623952537.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1022
Last-Modified: Wed, 22 Sep 2010 13:16:47 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a01bf-3fe"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/663997554.jpg

213.174.157.136

200 OK

1.1 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/663997554.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.1 kB (1141 bytes)
Hash
a26a3529748517fda6f8a03e7f426417
c546204b7609f1111f4c9fd6992712ab798c9682
330b2fcf77ab96dbb54568fa384af68381bb507f5cf259dbdeeb47b8a16d31d0

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/663997554.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1141
Last-Modified: Wed, 22 Sep 2010 13:14:41 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a0141-475"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/152995469.jpg

213.174.157.136

200 OK

1.1 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/152995469.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.1 kB (1147 bytes)
Hash
0e483bb6a6732b902bfb8df891ea692b
bea48478fb4d79c9cc670f7140690f5a7b2d3562
6c9c53290f38de91d732c748a9d40835bf39d46664f1c3840c86c7d6d5e51053

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/152995469.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1147
Last-Modified: Wed, 22 Sep 2010 13:14:41 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a0141-47b"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/840646741.jpg

213.174.157.136

200 OK

1.2 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/840646741.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.2 kB (1210 bytes)
Hash
835e23cfac12906ca4d12e2349860188
019cc605644e5901d50a52aa85de5d42c699290f
9e9d61b6276e613f9aaa66165ef63004f7d046abc645dcd5b1c8b51cf2583155

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/840646741.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1210
Last-Modified: Wed, 22 Sep 2010 13:14:41 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a0141-4ba"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/775955111.jpg

213.174.157.136

200 OK

1.2 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/775955111.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.2 kB (1240 bytes)
Hash
16a9f777ee46de9c4cc17f708a85d204
2378a300f075564851bd2b708e8fb20f314c4b05
038138b3ca12bbd7f0d2d8e22899b9165a03d37e32c0e6b5f29dd06525b8a494

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/775955111.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1240
Last-Modified: Wed, 22 Sep 2010 13:14:41 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a0141-4d8"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/imgr/lana18_400x570.jpg

213.174.157.136

200 OK

124 kB

URL GET HTTP/1.1
rg4u.clan.su/imgr/lana18_400x570.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2015.5 (Windows), datetime=2017:06:30 10:59:13], progressive, precision 8, 400x572, components 3\012- data
Size
124 kB (124163 bytes)
Hash
8ea2028fcb21a046fb270721b8768505
fd5d3df910354dc3781a19432d82f93666f46394
9838e6f407de399ef3e811bbe11fda2af7c600ba8c898a3e08d0e5fe0dc22ba4

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /imgr/lana18_400x570.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 124163
Last-Modified: Fri, 30 Jun 2017 08:39:18 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "59560e36-1e503"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/983196076.jpg

213.174.157.136

200 OK

1.3 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/983196076.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.3 kB (1325 bytes)
Hash
c855bbdc4a5dc956516c10acf8467a57
637475a1f8326881b4d38523285229e63b82832f
848bd66bedabc0ee7b331b5248db8ebee623fb1e335f69986343a111a9470984

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/983196076.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1325
Last-Modified: Wed, 22 Sep 2010 13:14:41 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a0141-52d"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/7/1/212533036.jpg

213.174.157.136

200 OK

1.1 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/7/1/212533036.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 23x80, components 3\012- data
Size
1.1 kB (1099 bytes)
Hash
a3ca4efcafffc415efcf5b452b8d6b83
82a4088c325ba97c459243a0e7f958f892590b08
7c022a3248656347f4a892d4304297443c62b27725be751c0bcc4c6e7cf0c634

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/7/1/212533036.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 1099
Last-Modified: Wed, 22 Sep 2010 13:14:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9a0142-44b"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/img/uico-comment.png

213.174.157.136

200 OK

1.1 kB

URL GET HTTP/1.1
rg4u.clan.su/img/uico-comment.png
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 13 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1149 bytes)
Hash
8dfe1daa5d7f826a63910805a685f83d
b56b118b66e7e4ac7b54b96defa4375c51db4370
6507597a515cb19aadefc4034694658dc94d810b62238f9d34ef54bf64e1564a

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /img/uico-comment.png HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/png
Content-Length: 1149
Last-Modified: Mon, 27 Jun 2022 13:37:11 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "62b9b287-47d"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/6/1/589142753.jpg

213.174.157.136

200 OK

5.5 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/6/1/589142753.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 200x150, components 3\012- data
Size
5.5 kB (5464 bytes)
Hash
e74a85b80287efc9bcaebc6eef20f2ec
debfd5a7dc29635f61e6ba9adfb1eb1d8719269d
168be3dc36569ea04cabf1a591f81bb39f009219a867b000f44b9e3cf9702139

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/6/1/589142753.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 5464
Last-Modified: Sat, 09 Aug 2014 19:35:55 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "53e6781b-1558"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/6/1/501339310.jpg

213.174.157.136

200 OK

8.5 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/6/1/501339310.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 200x150, components 3\012- data
Size
8.5 kB (8455 bytes)
Hash
99418294aa0ed6ede99a45f7cb3df87b
a458512f4482514ab3842f38b5dde354eaff0277
c5e589e18fdc917434f8a49bf0612c7237eec61b953d67a7ee320f58a341b813

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/6/1/501339310.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 8455
Last-Modified: Wed, 03 Dec 2014 19:57:48 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f6b3c-2107"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/6/1/317813288.jpg

213.174.157.136

200 OK

5.6 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/6/1/317813288.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 200x150, components 3\012- data
Size
5.6 kB (5632 bytes)
Hash
834997c00007f744abf4122b8762c378
0c84738e65691f87cf35978ac3acb03b7663d3e7
408a6019ea7d0d3ff3ae34878ed85ee3b5522d5a8a6de8cd48d947105cfbfbc4

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/6/1/317813288.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 5632
Last-Modified: Wed, 03 Dec 2014 19:57:15 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f6b1b-1600"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/6/1/406762852.jpg

213.174.157.136

200 OK

9.6 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/6/1/406762852.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 200x150, components 3\012- data
Size
9.6 kB (9645 bytes)
Hash
69e1343550852dda2e961dc97cbb5570
45bfc8439b10ba370c3f0bfc0c9728610410ff9d
573de281e5ec2df957a4cc3eb46f25da4560fc9bf40738fdb036602da7d74e13

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/6/1/406762852.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 9645
Last-Modified: Wed, 03 Dec 2014 20:00:24 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f6bd8-25ad"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/6/1/402933384.jpg

213.174.157.136

200 OK

7.3 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/6/1/402933384.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 200x150, components 3\012- data
Size
7.3 kB (7319 bytes)
Hash
22104394fb3db5a14900dfc9cc44a384
d4bac322bbb9443e23156985227ed3de8d5ed4a9
695855a10a809834d4f1eac52df35c9fe491941a956f3ad90c36d8d883dc62b4

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/6/1/402933384.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 7319
Last-Modified: Wed, 03 Dec 2014 20:01:29 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f6c19-1c97"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_ph/6/1/472942385.jpg

213.174.157.136

200 OK

8.7 kB

URL GET HTTP/1.1
rg4u.clan.su/_ph/6/1/472942385.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 200x150, components 3\012- data
Size
8.7 kB (8664 bytes)
Hash
44fadac065335dd89832bee7c00f4eac
067a747c394c1713d2c23cf16efb7d8eaf6c1135
323a09fdb03bee685e725d9dbda011894158eb24d5d2cfb8044dcf555fe778e5

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_ph/6/1/472942385.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 8664
Last-Modified: Wed, 03 Dec 2014 20:02:00 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "547f6c38-21d8"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/img/photo.gif

213.174.157.136

200 OK

180 B

URL GET HTTP/1.1
rg4u.clan.su/img/photo.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 13 x 12\012- data
Size
180 B (180 bytes)
Hash
6e08c6c01ee57d6e8f06050092ac3e93
c7644d472c0f1c9f399685a63f9bab8ff6f4d073
6556bb47cc960e83a46f68f1c21390e99d122fae7076101c3fd1af0c4f4aaf45

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /img/photo.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/gif
Content-Length: 180
Last-Modified: Fri, 29 Jul 2011 21:16:58 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4e33234a-b4"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/logo/youtube90.png

213.174.157.136

200 OK

7.6 kB

URL GET HTTP/1.1
rg4u.clan.su/logo/youtube90.png
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 90 x 41, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7567 bytes)
Hash
aea6c8884dbadcdd1018e0ce1866fad7
b574341ff5b37c9eefe9c73f7bfa53b454ba4a48
c8a29271ce0862868b0f099ec2c47da116102112eae4f82b55a860c96c3eb279

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /logo/youtube90.png HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/png
Content-Length: 7567
Last-Modified: Thu, 23 Sep 2010 12:21:00 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4c9b462c-1d8f"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/img/pda_ico.gif

213.174.157.136

200 OK

318 B

URL GET HTTP/1.1
rg4u.clan.su/img/pda_ico.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 14 x 19\012- data
Size
318 B (318 bytes)
Hash
69d802e827be26806652143e0e689f0d
dff747243f9dc9c5909f74bc13aa0c5c80d1a5db
b2f5db96a416d01f04aff74abbbc909f8aa9a715956cc18b5c4fc73ff923d4a3

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /img/pda_ico.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/gif
Content-Length: 318
Last-Modified: Wed, 06 Jul 2011 05:09:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "4e13ee21-13e"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_nw/77/12957122.jpg?3

213.174.157.136

200 OK

509 kB

URL GET HTTP/1.1
rg4u.clan.su/_nw/77/12957122.jpg?3
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2023:05:23 20:37:16], baseline, precision 8, 1350x500, components 3\012- data
Size
509 kB (508755 bytes)
Hash
0f741b6eec4cac21e223f1532f955fcd
2fddc5edd281e7be16730b6c4fdce2014d9a0725
c559d6a7c37d1a43a64982ff41ae7927fbe7e977a52c7feee24558031ad931f1

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/77/12957122.jpg?3 HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:34 GMT
Content-Type: image/jpeg
Content-Length: 508755
Last-Modified: Tue, 23 May 2023 17:40:34 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "646cfa92-7c353"
Expires: Sun, 25 Jun 2023 06:40:34 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/icon/profile.png

213.174.157.136

200 OK

676 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/icon/profile.png
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/mchat/

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
676 B (676 bytes)
Hash
f063cf2f9ab83f2ca68327c0927a7b7a
e84b2105d2b47127d5cf8366a5606639f27684cd
f5d62b58ed22f77bea1a87ce4e204e2b213459746f74ee5e0be91f22851420cf

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/icon/profile.png HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/mchat/
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/png
Content-Length: 676
Last-Modified: Wed, 05 Apr 2023 11:26:31 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "642d5ae7-2a4"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/stat/1685947231

213.174.157.136

200 OK

411 B

URL GET HTTP/1.1
rg4u.clan.su/stat/1685947231
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 87a, 31 x 31\012- data
Size
411 B (411 bytes)
Hash
395298662b886968c0f959f522939fe3
4f3b1b86549110d032d61249df48b40d48501672
7087a01aeec0f2f61ccca6b803f88ae87587de96cf51e1fd37591da935a69f21

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /stat/1685947231 HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store, private
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT

rg4u.clan.su/.s/img/ma/uid.gif

213.174.157.136

200 OK

400 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/ma/uid.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 16 x 16\012- data
Size
400 B (400 bytes)
Hash
a032a355cf3f9e3e9c1bd8e54ef068f7
f34ecab3b7a9d57db9e26fe666e55cabac94edaf
369e1fbbd6a79ff1362bc00de6cc4789b6bd2c087d91811128c956ec2be4a9ce

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/ma/uid.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/gif
Content-Length: 400
Last-Modified: Wed, 05 Apr 2023 11:26:34 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "642d5aea-190"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main

142.250.74.74

200 OK

76 kB

URL GET HTTP/2
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (1573)
Size
76 kB (76232 bytes)
Hash
e573f520bd8dcdfb40e91a9e0e66e527
7182f9fdf1d72c2f42cbbfda617cb81e34a44044
366f944dab73002110a6add4e66a3eb915695bc4f1244da14080a4bc248880c6

HTTP Headers

GET /_/translate_http/_/js/k=translate_http.tr.no.Z9dw9iEydtA.O/d=1/exm=el_conf/ed=1/rs=AN8SPfoJ3YppZh9vnjOb_SBu68tCOE-MXQ/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 76232
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 20:05:12 GMT
expires: Fri, 31 May 2024 20:05:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 31 May 2023 15:11:29 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 297325
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rg4u.clan.su/imgr/premiumsportproducts1350x500v4.jpg?2

213.174.157.136

200 OK

300 kB

URL GET HTTP/1.1
rg4u.clan.su/imgr/premiumsportproducts1350x500v4.jpg?2
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=2084, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=5625], baseline, precision 8, 1350x500, components 3\012- data
Size
300 kB (300315 bytes)
Hash
9e8b6b2e60d99f7c863b9fc2dc372f54
60d76214a3a96a43f339756a8dee2f6f9e057729
a068e2a601dbcf3bfdb333dd51965aafee20382df2f1c6dbb5be269666564174

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /imgr/premiumsportproducts1350x500v4.jpg?2 HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 300315
Last-Modified: Mon, 05 Jul 2021 04:58:07 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "60e2915f-4951b"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__ru.js

142.250.74.99

200 OK

170 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__ru.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
HTML document, ASCII text, with very long lines (774)
Size
170 kB (170178 bytes)
Hash
d028845a362dc2cb7fad8d68a9142dcc
000fde98ae903846b92a26d0aba039a5a0e762ea
904ab970c395108963b62f3f0cee4bd33915145da744d8129b0d581062442cf6

HTTP Headers

GET /recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__ru.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://rg4u.clan.su
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 170178
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Jun 2023 19:33:20 GMT
expires: Sun, 02 Jun 2024 19:33:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 30 May 2023 00:01:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 126437
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rg4u.clan.su/favicon.ico

213.174.157.136

200 OK

45 kB

URL GET HTTP/1.1
rg4u.clan.su/favicon.ico
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
MS Windows icon resource - 1 icon, 120x120, 24 bits/pixel\012- data
Size
45 kB (45182 bytes)
Hash
23e406a0db4c15742ab4e185b177675a
73ff219a0dd3c02afdb158edcfb311e951220963
d2291dd44ae105e875c60f300609306571e8d13dc2a0d8fd08dd67b066b429e9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:36 GMT
Content-Type: image/x-icon
Content-Length: 45182
Last-Modified: Tue, 15 Sep 2020 10:46:23 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5f609b7f-b07e"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/_nw/52/98105246.jpg

213.174.157.136

200 OK

265 kB

URL GET HTTP/1.1
rg4u.clan.su/_nw/52/98105246.jpg
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=15, height=1268, bps=0, PhotometricIntepretation=CMYK, orientation=upper-left, width=3426], baseline, precision 8, 1350x500, components 3\012- data
Size
265 kB (264730 bytes)
Hash
1c8d92e2efd9fdbe1990a3e513d9c166
19a248cf5db5724d29ae72698f9d747099fb0552
7dbdd69ddb1dda5b42e659996b3658cc03746535bcb51312c06bd03dfd000a58

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /_nw/52/98105246.jpg HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:35 GMT
Content-Type: image/jpeg
Content-Length: 264730
Last-Modified: Fri, 18 Sep 2020 19:21:37 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5f6508c1-40a1a"
Expires: Sun, 25 Jun 2023 06:40:35 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

www.gstatic.com/images/branding/product/2x/translate_24dp.png

142.250.74.99

200 OK

1.8 kB

URL GET HTTP/3
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Jun 2023 12:19:08 GMT
expires: Sat, 01 Jun 2024 12:19:08 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 238889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/images/cleardot.gif

142.250.74.132

200 OK

43 B

URL GET HTTP/3
www.google.com/images/cleardot.gif
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

HTTP Headers

GET /images/cleardot.gif HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-type: image/gif
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 43
date: Mon, 05 Jun 2023 06:40:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg

216.58.207.227

200 OK

3.3 kB

URL GET HTTP/2
fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (6225), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
2bd5c073a88b83ed74db88282a56ddfb
d0ebfc376f8c6a44a8d4cd216817dcd7d0c33650
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09

HTTP Headers

GET /s/i/productlogos/translate/v14/24px.svg HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-length: 3340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Jun 2023 08:05:11 GMT
expires: Sun, 02 Jun 2024 08:05:11 GMT
cache-control: public, max-age=31536000
age: 167726
last-modified: Wed, 20 Apr 2022 14:24:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

translate.googleapis.com/translate_static/img/te_ctrl3.gif

142.250.74.74

200 OK

1.4 kB

URL GET HTTP/3
translate.googleapis.com/translate_static/img/te_ctrl3.gif
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
GIF image data, version 89a, 84 x 19\012- data
Size
1.4 kB (1412 bytes)
Hash
9afe50090c0bc612953d081295eab5b1
71a4da2a622879c29176ecfa5afe1bbe3e8cfa40
d228d0256370863119c043f1e5ca8f3930f6999bd9f250434b6d8935f45dc171

HTTP Headers

GET /translate_static/img/te_ctrl3.gif HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 02:04:29 GMT
expires: Thu, 30 May 2024 02:04:29 GMT
cache-control: public, max-age=31536000
age: 448568
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

142.250.74.74

1.4 kB

URL
translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text
Size
1.4 kB (1392 bytes)
Hash
a3eefe14b1b4698460d992bd1673a26b
a2fca6ebb00b8bdcca3eda88654d02d2c165b9c4
87514750a90cd70dd22c8673cfa80d804ef55840bd0755950af2118d8d218067

HTTP Headers

GET /v1/supportedLanguages?client=te&display_language=no&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/1.1
Host: translate-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Mon, 05 Jun 2023 06:40:38 GMT
server: ESF
cache-control: private
content-length: 1392
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=511=hr4YALS4TmMty7DFtjsipAnogPfejMp7rJROG7LH3dJRkxi76z_SHZ7v6Ysx4d2iy02bOSktUgv-wT5Mk8cUq42O8Os5mpXyC2dMnDuqKWY3os4uP2T_TnBd6YIa3FkDej516JyvKUIc9ggXbz8IrxjmsEkRVI_t_8Q4orpN-cs; expires=Tue, 05-Dec-2023 06:40:38 GMT; path=/; domain=.translate-pa.googleapis.com; HttpOnly
CONSENT=PENDING+891; expires=Wed, 04-Jun-2025 06:40:38 GMT; path=/; domain=.googleapis.com; Secure
expires: Mon, 05 Jun 2023 06:40:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

rg4u.clan.su/.s/img/wd/1/left-right.png

213.174.157.136

200 OK

140 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/wd/1/left-right.png
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 12 x 1, 8-bit/color RGB, non-interlaced\012- data
Size
140 B (140 bytes)
Hash
0fcc36f4690bec08ef43bca652074df2
3e5eef3d5d5ad6e2edcab4b38869ff727587d809
cd6a75d53185657e4681d9859353300320241de4000c535ad31cf389547f24a9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/wd/1/left-right.png HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/.s/src/layer1.min.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d; uWdn_rg_10=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:39 GMT
Content-Type: image/png
Content-Length: 140
Last-Modified: Wed, 05 Apr 2023 11:26:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "642d5af2-8c"
Expires: Sun, 25 Jun 2023 06:40:39 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/img/tool-sprites.png

213.174.157.136

200 OK

1.4 kB

URL GET HTTP/1.1
rg4u.clan.su/img/tool-sprites.png
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
PNG image data, 30 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1418 bytes)
Hash
afeb49c2da3e04523183848576adbec6
b7a3f6b7cf8b8a0d60b13631997b70a33b6087c2
cf59c738dd5d14aabd4da5ac248c81c730c3389d1a1fa0890ce71f97294dd72c

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /img/tool-sprites.png HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/_st/my.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d; uWdn_rg_10=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:39 GMT
Content-Type: image/png
Content-Length: 1418
Last-Modified: Sun, 21 Apr 2013 13:11:49 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5173e595-58a"
Expires: Sun, 25 Jun 2023 06:40:39 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/.s/img/wd/1/spr.gif

213.174.157.136

200 OK

43 B

URL GET HTTP/1.1
rg4u.clan.su/.s/img/wd/1/spr.gif
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
GIF image data, version 89a, 1 x 2\012- data
Size
43 B (43 bytes)
Hash
3de98597539e6dcbfb7c6d2d8a143045
7ca6a7d3a31587e1f3e6abe23c9efd5d4d84c34a
93955e15a5c55cc445bbda5624c1cd245594df5169f577e6c3f4627971cb1ada

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /.s/img/wd/1/spr.gif HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/.s/src/layer1.min.css
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d; uWdn_rg_10=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:39 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Wed, 05 Apr 2023 11:26:42 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "642d5af2-2b"
Expires: Sun, 25 Jun 2023 06:40:39 GMT
Cache-Control: max-age=1728000
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

rg4u.clan.su/favicon.ico

213.174.157.136

200 OK

45 kB

URL GET HTTP/1.1
rg4u.clan.su/favicon.ico
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
MS Windows icon resource - 1 icon, 120x120, 24 bits/pixel\012- data
Size
45 kB (45182 bytes)
Hash
23e406a0db4c15742ab4e185b177675a
73ff219a0dd3c02afdb158edcfb311e951220963
d2291dd44ae105e875c60f300609306571e8d13dc2a0d8fd08dd67b066b429e9

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535
Cookie: 6rg4udr=FwJeg31k; 6rg4uuzll=1685947231; ucvid=tlA224S03d; uWdn_rg_10=true
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:39 GMT
Content-Type: image/x-icon
Content-Length: 45182
Last-Modified: Tue, 15 Sep 2020 10:46:23 GMT
Connection: keep-alive
Keep-Alive: timeout=15
ETag: "5f609b7f-b07e"
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.74

0 B

URL
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.74:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-encoding,content-type,x-goog-authuser
Referer: http://rg4u.clan.su/
Origin: http://rg4u.clan.su
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: http://rg4u.clan.su
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,x-goog-authuser,origin
content-type: text/plain; charset=UTF-8
date: Mon, 05 Jun 2023 06:40:47 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+357; expires=Wed, 04-Jun-2025 06:40:47 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 05 Jun 2023 06:40:47 GMT
cache-control: private

translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0

142.250.74.74

131 B

URL
translate.googleapis.com/element/log?format=json&hasfast=true&authuser=0
IP
142.250.74.74:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
131 B (131 bytes)
Hash
ca0b7e866005f6774d284b9f438ebfd2
53644f5ee3640189bdb223473ba6a2d46606c556
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

HTTP Headers

POST /element/log?format=json&hasfast=true&authuser=0 HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-AuthUser: 0
Content-Encoding: gzip
Content-Type: application/binary
Content-Length: 196
Origin: http://rg4u.clan.su
DNT: 1
Connection: keep-alive
Referer: http://rg4u.clan.su/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: http://rg4u.clan.su
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Mon, 05 Jun 2023 06:40:47 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+378; expires=Wed, 04-Jun-2025 06:40:47 GMT; path=/; domain=.googleapis.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 05 Jun 2023 06:40:47 GMT

rg4u.clan.su/mchat/

213.174.157.136

200 OK

1.0 kB

URL GET HTTP/1.1
rg4u.clan.su/mchat/
IP
213.174.157.136:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://rg4u.clan.su/dir/sport/federacii/khanty_mansijskaja_gorodskaja_obshhestvennaja_organizacija_federacija_khudozhestvennoj_gimnastiki/226-1-0-535

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (549)
Size
1.0 kB (1035 bytes)
Hash
5216acc9b23c7365b698eff98671bda7
022d75f7bd71b14b71cfe46e81b5ae80b561e9d8
0afd491727b7178107ac7ca328ed7340b5d4f614ec5076e460bb25259222c5ff

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /mchat/ HTTP/1.1
Host: rg4u.clan.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Jun 2023 06:40:47 GMT
Content-Type: text/html; charset=UTF-8
Last-Modified: Mon, 05 Jun 2023 06:36:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"647d825b-ad4"
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML