shre.su/timer?d=PWYK
172.67.147.39301 Moved Permanently 0 B IP 172.67.147.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /timer?d=PWYK HTTP/1.1
Host: shre.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 12 Mar 2023 15:36:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 12 Mar 2023 16:36:55 GMT
Location: https://shre.su/timer?d=PWYK
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpjrgQ2LGehGE5C8SXnT%2B1mFQb7T2bzvl8jWaa6VWJZ9o%2BNv7CcloAZw4A4eHuYjuc4EOyGD9eCIyEaeg1E30ZPsBFRPrG9vvub%2Fsf1cwag5oaBQQDIyPCOS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 7a6d1d94bb78fac4-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 405abd45d42535567c1ecb518f4bdb04
0505c27fe2921bfa89657173fb77ca7280f04772
bdef4e5edfe0bf3fefb4dc5625e41f3faeb23a0afd24c4e6255f40f757568c35
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDEF4E5EDFE0BF3FEFB4DC5625E41F3FAEB23A0AFD24C4E6255F40F757568C35"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4871
Expires: Sun, 12 Mar 2023 16:58:07 GMT
Date: Sun, 12 Mar 2023 15:36:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9ce33c47154f4826255fe9bbe54d72be
e10a363c007a6d15ed43eb35b4e5c246d85c5eed
cf423db1a8ad1dce1b5c25f6025d14411b4a46e95a6001288949f046e244bc24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF423DB1A8AD1DCE1B5C25F6025D14411B4A46E95A6001288949F046E244BC24"
Last-Modified: Fri, 10 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4945
Expires: Sun, 12 Mar 2023 16:59:21 GMT
Date: Sun, 12 Mar 2023 15:36:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1a564ae484daef6a82bb08116ad794eb
f75350abf28a42c16324901035889a1f3af700a1
225214187df3f50835a8aafcc4555fe47cf0b78938b71d34fb422942292b153b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "225214187DF3F50835A8AAFCC4555FE47CF0B78938B71D34FB422942292B153B"
Last-Modified: Fri, 10 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13350
Expires: Sun, 12 Mar 2023 19:19:26 GMT
Date: Sun, 12 Mar 2023 15:36:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 12 Mar 2023 15:09:15 GMT
content-type: application/json
age: 1661
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: b8d8OiqyIggKBHrPrnSjmU9anZMaNzaUYOnN9gFrXzH2dBanznyAe8tiKHhQGaCAryJWgoS/xbg=
x-amz-request-id: 6QYHWC0HETRVY9B1
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 12 Mar 2023 14:46:00 GMT
age: 3056
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/Pt6oOZ9oNwg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/Pt6oOZ9oNwg
IP 142.250.74.131:0
Hash 6ed3e9ad24f4969cb7a79897676ac229
d64457800e9c7a08a103840d2c187637a77bd6fc
5a1909676dd2855bfd6f437875d587ad2c248ceb3d41e24c791b1c3bf84e0c0b
POST /s/gts1p5/Pt6oOZ9oNwg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 15:36:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/Pt6oOZ9oNwg
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/Pt6oOZ9oNwg
IP 142.250.74.131:0
Hash 6ed3e9ad24f4969cb7a79897676ac229
d64457800e9c7a08a103840d2c187637a77bd6fc
5a1909676dd2855bfd6f437875d587ad2c248ceb3d41e24c791b1c3bf84e0c0b
POST /s/gts1p5/Pt6oOZ9oNwg HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 12 Mar 2023 15:36:56 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 12 Mar 2023 15:36:56 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 12 Mar 2023 15:06:47 GMT
age: 1809
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db27ecc2f481e8871b2e99584e751660
e671ecb839d53e296f4ec303208ddb713c72aecc
5c910268b5c4f0244540c5570056673f8cbe4a0979f301363cb56dc359c147df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C910268B5C4F0244540C5570056673F8CBE4A0979F301363CB56DC359C147DF"
Last-Modified: Sun, 12 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7298
Expires: Sun, 12 Mar 2023 17:38:34 GMT
Date: Sun, 12 Mar 2023 15:36:56 GMT
Connection: keep-alive
push.services.mozilla.com/
100.20.3.157101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 100.20.3.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NMyESLoha1KpeA3PKRXi7A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 71dwt5ESrzLJG6DC6cMk18Yvgdg=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Sun, 12 Mar 2023 16:15:48 GMT
Date: Sun, 12 Mar 2023 15:36:58 GMT
Connection: keep-alive
challenges.cloudflare.com/turnstile/v0/g/af326ed3/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.7.185200 OK 9.3 kB URL HTTP/2 challenges.cloudflare.com/turnstile/v0/g/af326ed3/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.7.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1924)
Hash 03d83c2a24761435fbf0eadaaf5a754a
2d462726ed027de641e47efa8091d6512b8a6fbb
a3363da09af6d032f656476fbac3c0eadb154ea150ddff0542fb362684fae27f
GET /turnstile/v0/g/af326ed3/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 12 Mar 2023 15:36:56 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a6d1d98ddc01c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Sun, 12 Mar 2023 16:15:48 GMT
Date: Sun, 12 Mar 2023 15:36:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Sun, 12 Mar 2023 16:15:48 GMT
Date: Sun, 12 Mar 2023 15:36:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2330
Expires: Sun, 12 Mar 2023 16:15:48 GMT
Date: Sun, 12 Mar 2023 15:36:58 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:25 GMT
age: 64473
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F610d32c6-de03-41c8-a59b-12faf1f650e3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F610d32c6-de03-41c8-a59b-12faf1f650e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8f9226a7abb93a9f1800ef4baab9efd
2b4899d5c5a5e2af78e0a1af1494730be5c8137f
e15c82d8db45ada38b658768bc1ac9bc83ba50a503a36bf38640b084a19386f8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F610d32c6-de03-41c8-a59b-12faf1f650e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10845
x-amzn-requestid: 1a5ca885-9b0c-4c7e-b58c-4180a1af0ab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bosb9FCyoAMFV8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf44c-2783848806177b71066c67fc;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 4bsQ_Fipc7SUbA-hfz4yPBD04Vn_Ux8k60LxbcK6M0slhTeLJhcqlg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:49:15 GMT
age: 64063
etag: "2b4899d5c5a5e2af78e0a1af1494730be5c8137f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
IP 34.120.237.76:0
File type gzip compressed data, from Unix\012- data
Hash c07f0355811b60cb44b8123239c9653f
34e19a0baf5ed54209635af483c0929d6a68931d
736af5bf1c60c13f842d9f7911641d4aeca6e7b11a159c42ff9545e96cc690c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4512
x-amzn-requestid: e9ba0dc3-3e1a-4ff5-8d0d-57386ced2fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BotIeGZ-IAMFmBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf569-1a45fa73148fb01f3822ee29;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:40:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: wkfdSY68kDN6OsZ-rUHVYuqwBOHFh2lupX6GUYdmi25d3Ae2CEl6vw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d15b6a95f7c8298444f59a99d8027cec.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:40:57 GMT
age: 64561
etag: "b196fbef36c2a5242abfc5d7115f1efd39499453"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2fd5c28821c8bf2d62d0c4332f06bd71
6e2c08457854437b2b851340277d31439e5ab470
86725a37e80a10c5b0b52a10e498225d97565752ec25303cb159a34386a49523
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd79ce52-61f2-47b0-a88d-03f2fe3aa889.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8845
x-amzn-requestid: b556bc0e-9cf5-4062-9df4-0ccee00cbab2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BoswFH5soAMF2SQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cd-0ba8e60549c78f9d3b720a20;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: NkwWf1xpGvLrLBG0HbYXV5VH69eG_pxwZtI2-Kp_pilWEmUywXihGQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:15:44 GMT
etag: "6e2c08457854437b2b851340277d31439e5ab470"
content-type: image/jpeg
age: 62474
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae3c2980-a44e-45c6-a99d-629945594f8f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae3c2980-a44e-45c6-a99d-629945594f8f.jpeg
IP 34.120.237.76:0
File type PNG image data, 51 x 50, 8-bit/color RGB, non-interlaced\012- data
Hash 1b89c12f0b12d0aaec59850c564635c9
96eb35d1937bb2a0426a7f1626d8fa7159dfdad5
de83666820c3a1ce9399afbfc23ccc55b8793b6c4f229302d442692bedb35dc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae3c2980-a44e-45c6-a99d-629945594f8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11176
x-amzn-requestid: 8f3332e2-954e-4c35-96c9-390e257f5451
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BosvyFdeIAMF3MA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4cb-3869435d54341ff376a91d06;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: JdyxGvD16BjZNkG6J1b5pDwb4kJcyDZBDJAPi793Hxf3tP3VPm6Izw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:01:01 GMT
age: 63357
etag: "c08733caed5383a2790e0760a889a6e545753105"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6dda5706-64c5-467d-9645-a46dedb81818.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6dda5706-64c5-467d-9645-a46dedb81818.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6a4d6ee7d459e2a9b742d0dbca932998
eada4a4de40e5035173bb18ee51aacd624b8b169
2e6eef4f452ef3700d4c9d06e8c3bf8999e077e24c332ab4670edd0884839d38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6dda5706-64c5-467d-9645-a46dedb81818.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6053
x-amzn-requestid: 5f306311-ac84-4ce2-b9c2-6af31c110062
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Bosb-FD5oAMFwJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf44c-61fea28e45516fad0d30cf65;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: gE_WoxZmuEc9mzbWmh3tMo_UshbjeTGIdbA8xew7ZB44sigj9fR3cw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 21618d080c6bfbcd465fc55a167a8c1a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:09:20 GMT
age: 62858
etag: "eada4a4de40e5035173bb18ee51aacd624b8b169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
shre.su/timer?d=PWYK
104.21.65.162403 Forbidden 0 B IP 104.21.65.162:0
NIDS Severity Alert suricata medium ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
GET /timer?d=PWYK HTTP/1.1
Host: shre.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 403 Forbidden
date: Sun, 12 Mar 2023 15:36:56 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l93Tor1PsLeEZpCcPOuExLcLpN6v%2B%2BWscXk09p5XV%2BSgQE88%2BpvKsnK%2F8zNsqaFuKOIhXar5W3D8VPqHd9LJqy%2BkK0KNbiTRHR05szinJR%2FLCIV6VViT9BBs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7a6d1d96bbf1b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.7.185302 Found 0 B URL HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.7.185:0
GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 12 Mar 2023 15:36:56 GMT
access-control-allow-origin: *
location: /turnstile/v0/g/af326ed3/api.js?onload=_cf_chl_turnstile_l&render=explicit
vary: accept-encoding
cache-control: max-age=300, public
server: cloudflare
cf-ray: 7a6d1d98ad651c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2