| | 104.21.85.125 | 200 OK | 0 B |
URL User Request GET HTTP/2IP104.21.85.125:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFC:BE:F6:9E:67:1D:95:29:2D:F4:38:58:A1:F8:A8:6E:C1:89:B1:B4 ValidityWed, 22 Mar 2023 00:00:00 GMT - Thu, 21 Mar 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS | Severity | Alert | suricata | medium | ET INFO HTTP Request to a *.top domain |
GET / HTTP/1.1
Host: richrulesurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Fri, 14 Apr 2023 08:07:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 14 Apr 2023 09:07:31 GMT
Location: https://richrulesurvey.top/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3fj3sAs1OkAfqTnhW3LVTUj8IGEEmVe20bdQ8DKOqHzOyQY7M1K5Xjzt%2FnW2%2BP9Eza01GAAcjzkJL7dYJLNLpS%2F2VTnk8AtTgS5n5nbgLS39eg8Ns51eLCyWiAGTmS6Rki1aHk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b7a74a75baab509-OSL
alt-svc: h2=":443"; ma=60
|
|
| afratec.ir/wp-content/uploads/2020/12/FortiClientSetup_5.6.3.1130_x64_Afratec.zip | 5.144.130.34 | | 14 MB |
URL afratec.ir/wp-content/uploads/2020/12/FortiClientSetup_5.6.3.1130_x64_Afratec.zip IP5.144.130.34:0 ASN#59441 NOAVARAN SHABAKEH SABZ MEHREGAN (Ltd.)
File typePGP Secret Sub-key -\012- OpenPGP Secret Key\012- data Size14 MB (14163779 bytes) Hash5ec42104fbea525d1cffcbe68057bf93 d1942db84d79c3fd67e4bba6764e4b21c4431852 0c69c9097f3968e164ac33dc3ec84d10b42fe4915b086e9995ceca38d5af7c38
GET /wp-content/uploads/2020/12/FortiClientSetup_5.6.3.1130_x64_Afratec.zip HTTP/1.1
Host: afratec.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Range: bytes=66858304-
If-Unmodified-Since: Sat, 13 Nov 2021 09:26:49 GMT
HTTP/1.1 206 Partial Content
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: application/zip
last-modified: Sat, 13 Nov 2021 09:26:49 GMT
content-range: bytes 66858304-81022082/81022083
content-length: 14163779
date: Fri, 14 Apr 2023 08:07:31 GMT
vary: User-Agent
access-control-allow-origin: *
|
|
| richrulesurvey.top/css/index.9249d658.css | 104.21.85.125 | 200 OK | 2.1 kB |
URL GET HTTP/3richrulesurvey.top/css/index.9249d658.css IP104.21.85.125:443
Requested byhttps://richrulesurvey.top/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFC:BE:F6:9E:67:1D:95:29:2D:F4:38:58:A1:F8:A8:6E:C1:89:B1:B4 ValidityWed, 22 Mar 2023 00:00:00 GMT - Thu, 21 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (2130), with no line terminators Hashcbd9a30e9ff0b26dcb71659ada85ae7e 0865f947cf9236849180e04f7c7f8435436f94b7 18fb6842217a92454ca07a30809c0392e183a1c97a3eaf16b024e68c4f10a2d0
GET /css/index.9249d658.css HTTP/1.1
Host: richrulesurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: richrulesurvey.top
Connection: keep-alive
Referer: https://richrulesurvey.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 08:07:32 GMT
content-type: text/css
last-modified: Thu, 13 Apr 2023 13:36:59 GMT
vary: Accept-Encoding
etag: W/"6438057b-851"
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCdekBlS5LtNjB%2F84TpswYw7PvqoTS%2FvC1nZMdLA0%2BiI8uUigTGvfVV7ZNmk%2BiiYBO8BGvu4%2BMM3XxoAOsTCIys94MMST0ODk9%2FQBKSxfoy4Lu8CWdnxbphmyMMsfHxOGZ2oIPw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7a74a98b5fb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
|
|
| richrulesurvey.top/favicon.ico | 104.21.85.125 | 200 OK | 1.2 kB |
URL GET HTTP/3richrulesurvey.top/favicon.ico IP104.21.85.125:443
Requested byhttps://richrulesurvey.top/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFC:BE:F6:9E:67:1D:95:29:2D:F4:38:58:A1:F8:A8:6E:C1:89:B1:B4 ValidityWed, 22 Mar 2023 00:00:00 GMT - Thu, 21 Mar 2024 23:59:59 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Hash668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
GET /favicon.ico HTTP/1.1
Host: richrulesurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: richrulesurvey.top
Connection: keep-alive
Referer: https://richrulesurvey.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 08:07:32 GMT
content-type: image/x-icon
last-modified: Thu, 13 Apr 2023 13:36:59 GMT
vary: Accept-Encoding
etag: W/"6438057b-47e"
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lApJp5yHXepP8X3BK5r2x9743eWwSgMST2zqu5MFM%2FQ9Q4i4mn%2Bq0KZsmQhhu7bHBTMI8rBqlIrlPDIu52Vo5iLPOzVNl%2FbtHYLMTB%2F2xh5iq%2FfAnr30OS%2BOFoxZkAjyyaoz4%2FY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7a74aa3c90b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
|
|
| richrulesurvey.top/js/_is-browser-supported.a452d3df.js | 104.21.85.125 | 200 OK | 1.0 kB |
URL GET HTTP/3richrulesurvey.top/js/_is-browser-supported.a452d3df.js IP104.21.85.125:443
Requested byhttps://richrulesurvey.top/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFC:BE:F6:9E:67:1D:95:29:2D:F4:38:58:A1:F8:A8:6E:C1:89:B1:B4 ValidityWed, 22 Mar 2023 00:00:00 GMT - Thu, 21 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (1118), with no line terminators Hash5f6fb029a74ae4dfe4d1cdc438f6bdca b927ca526ee7795bd1db6343b5dbdea7e74354a4 c0d1605c76733f3c7064f59616f4c63844a80dde262e9307b9bfff7c0fa22952
GET /js/_is-browser-supported.a452d3df.js HTTP/1.1
Host: richrulesurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: richrulesurvey.top
Connection: keep-alive
Referer: https://richrulesurvey.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 08:07:32 GMT
content-type: application/javascript
last-modified: Thu, 13 Apr 2023 13:36:59 GMT
vary: Accept-Encoding
etag: W/"6438057b-403"
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o8Asn50RTyP%2Fen%2BIZXtxuaLCGoOJKcjt%2FeVVBYaH9vEa8yN5PYa7tbpwBI%2FSjB%2B6OS4Z3eFY6Sw2qVvwj1MgIHLd0jYQOhjidcb2fYXxrYxQDi4Fa9hkNiSlYGDYDS4XIr7Y7EY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7a74a97b55b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
|
|
| richrulesurvey.top/js/index.c53b1ceb.js | 104.21.85.125 | 200 OK | 1.2 kB |
URL GET HTTP/3richrulesurvey.top/js/index.c53b1ceb.js IP104.21.85.125:443
Requested byhttps://richrulesurvey.top/ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFC:BE:F6:9E:67:1D:95:29:2D:F4:38:58:A1:F8:A8:6E:C1:89:B1:B4 ValidityWed, 22 Mar 2023 00:00:00 GMT - Thu, 21 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (1272), with no line terminators Hash5875b5998e6912e46e49cc6afca0b008 2a15096fe9d97dcea1f258c1f67ca12c2e47652f 57b7ab74ce21090b8a661be9d40093d2b24314bc5458eefd696b427befb6b4bf
GET /js/index.c53b1ceb.js HTTP/1.1
Host: richrulesurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: richrulesurvey.top
Connection: keep-alive
Referer: https://richrulesurvey.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 08:07:32 GMT
content-type: application/javascript
last-modified: Thu, 13 Apr 2023 13:36:59 GMT
vary: Accept-Encoding
etag: W/"6438057b-4e1"
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CUsGzawWJF53%2Fi6dPSzAyWBQT5xCYwOdRklRHOpe%2FfkTy5%2FaeBgtcvESKKdY%2BuQIc9EIe9QsX81LRIVYI1XO3SIeeVUGwnGPJlOgFXqQDl%2Bsr07sJEzI77pFUktRK7EHEXHOsBM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7a74a97b59b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
|
|