r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5495
Expires: Fri, 03 Feb 2023 11:59:37 GMT
Date: Fri, 03 Feb 2023 10:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4845
Expires: Fri, 03 Feb 2023 11:48:47 GMT
Date: Fri, 03 Feb 2023 10:28:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7131
Expires: Fri, 03 Feb 2023 12:26:53 GMT
Date: Fri, 03 Feb 2023 10:28:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 09:36:10 GMT
content-type: application/json
age: 3112
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: U8XdHVdIdG2PQzr7/dOKZQUn8CxB3WSU4u5jnINpgEWtcQsdEybFgFQzBCmLqDAYUCEy6w52B8ia98CFHeaSiQ==
x-amz-request-id: SYXMD9GG18TA0K9C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 09:52:22 GMT
age: 2140
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 10:28:02 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
188.114.96.1200 OK 7.5 kB URL HTTP/1.1 money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1229)
Hash 45fe581dfe36fdca47560cfd74b89210
57b4f81ff589475f61a045ec0961f0ededca852f
4a4ebd8eb1f61d26660390f9819a0ba31c4db1f71a5322c5be46f6e26af0df7d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY= HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:03 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: loclang=en; expires=Mon, 06-Feb-2023 10:28:02 GMT; Max-Age=259200; path=/
pid=94050708862; expires=Thu, 04-May-2023 10:28:02 GMT; Max-Age=7776000; path=/
dldomain=money-easilykmc.buzz; expires=Thu, 04-May-2023 10:28:02 GMT; Max-Age=7776000; path=/
pareaid=406; expires=Thu, 04-May-2023 10:28:02 GMT; Max-Age=7776000; path=/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FgLKzlEm0wzDrpZTJjH1VH90Ehra0qYwHoOu2r%2F8l57PEWAucGnihw6u7dP4YpG8yjEHeipp3msis0aF9JQnWFB6LI8lMVZA2hTERhvYWc%2F7URqpcRKIivROfixO3FHVyzqyPMEm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a3c29e9b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 09:49:06 GMT
age: 2337
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9419
Expires: Fri, 03 Feb 2023 13:05:02 GMT
Date: Fri, 03 Feb 2023 10:28:03 GMT
Connection: keep-alive
money-easilwnr.buzz/assets/animation.css?88888888
188.114.96.1200 OK 5.7 kB URL HTTP/1.1 money-easilwnr.buzz/assets/animation.css?88888888
IP 188.114.96.1:0
Hash 1cc3b03d0a4ee4e518a895137a81b88c
3fdd3c3c6c015a076f3f019506f7b4aba767b606
0e403703d1a87a9c7ba4145e78eba52110f7383cc88a1c5b5c4830f1dc235061
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/animation.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1159d"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ctZ31VvLgaP2lzZnLL%2Bz4fkA2PKi9aH%2FfVryCmR4XhHAuZx3fYIcFW8P8Qe3TpCs%2BAeyhPB5ZytzrkWq4FuRuhFr61NzbZSvtEWclW36US1d7qfbSC%2Frkke9jA28fv9CYjRB%2BNCI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a3f9bf6b500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/feature-s.css?88888888
188.114.96.1200 OK 2.4 kB URL HTTP/1.1 money-easilwnr.buzz/assets/feature-s.css?88888888
IP 188.114.96.1:0
Hash 1f1176aeeb3d24606f0d421e63380356
1fe454504f971049fb8521ffa7058519090f670b
02069319cb3f5401d6480f12abcfdd2e2c59a5593a40078f131b09414d0e0e22
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/feature-s.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-3891"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6eOn84KKxWB0Jniiyy6C4IPfgBDEKsMozQARwk%2FIY3WOTPnpmDOEXvVypSBCD%2Fw%2F%2B6OU5QCJjfSsx2h8R9gMAutzrxD%2FGTNsiwwqAwcNXafDt2MnqGFSjVya1vyqVSaLMd%2FCdJT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a3f9930b4e8-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/slick.css?88888888
188.114.96.1200 OK 508 B URL HTTP/1.1 money-easilwnr.buzz/assets/slick.css?88888888
IP 188.114.96.1:0
File type ASCII text, with very long lines (1293), with no line terminators
Hash 36c4181556d368c2297ef54ef3585b06
21a507a2a32aef43220509827cbbd41e50350420
e5055a28e16f534da536a52e634826756a937511c49efb808d3d9117032dd52c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/slick.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-50d"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KG7YnwzgyWMDQ7YYIe3fLx%2FKA%2FwvNB9EFvMQe2P0Iec84ks%2B4ypUWmCDMVqrV5cNHTl3P3shEsWJAp%2F1FMPZDOO1ezalAeBoAnfcdMI2vPdk3vDkiqh4ELqzHEtkWyWFys68hyw%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a3f9fc8b4ff-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/slick-theme-s.css?88888888
188.114.96.1200 OK 873 B URL HTTP/1.1 money-easilwnr.buzz/assets/slick-theme-s.css?88888888
IP 188.114.96.1:0
Hash 15d25297ad87dcd9d31b99f050983138
0b4320349b2078f3cd3b5633116451007870a146
789311973612cfb041549c885450da7336fa09136a9d1873dc1619c687a9a5ec
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/slick-theme-s.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-bd8"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LAwqArONSDTW2PfbLPb2zKdNIxF6DzeUXLn%2FTCNbBUh4qE2me5Kj2w78gwWr8cpI9oWmhZvkWPZhmMp6Xgs5i%2FjTVgoGsQomBBkPqLvhov7Enuw%2BOfm6WSRpiz6iC6Vx0r9YLz0N"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a3f9c50b52d-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/lightbox.css?88888888
188.114.96.1200 OK 4.9 kB URL HTTP/1.1 money-easilwnr.buzz/assets/lightbox.css?88888888
IP 188.114.96.1:0
Hash 4138845c6491ac3fb55923958b4d0b29
81c43933cd63fbc8f73e527b65c0b61932f6594e
e48a7338ab4bb2f4e375c03cf2c0f0d7e5e3d58380c214b7c38699b6d742c71c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/lightbox.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-657c"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5BbqhNKbeNtvQfKQ7N208RHK1WX32Fj5SDi8kNK6J6sYHP8LUd0yl4vOgBOfBvI3MSgqF1wMoKqM33xVaz3J3JeOilPyuiPfsODMryZF9Gy6XhyNxg0UUDvy8ZBeeqkInqfoO9nc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a3f9ec30b31-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
44.241.148.153101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.241.148.153:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bjSXBlnfqchW4FEMFzDENQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /Jyag+t0EBVu/3uXjjDRb0jHiao=
money-easilwnr.buzz/assets/bootstrap.min.css?88888888
188.114.96.1200 OK 32 kB URL HTTP/1.1 money-easilwnr.buzz/assets/bootstrap.min.css?88888888
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash ae12e3611d61769d9e3e6c24cf428cc3
551f716d4782b28c6dd92fa204057b5170c18205
c2369dbf06ea375f8fe7afd3a17e900951f62c9628250ccc3b5cec935e565682
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/bootstrap.min.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-3332d"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RfdC9SPdS2%2BGkcvNbt8jrLIeyKmmoiDsGOWOurRuVVcIYBTDe%2FueDBa5lErlcXBiFtflxo50hU3fS%2BPR7xmiWFxp0byj1xuu9lV1ABx68zDL4dMT2Z0bzGKy92Zls0lPEnXdG%2BEs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a3f9de5b50c-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/sweetalert2.min.css
188.114.96.1200 OK 5.1 kB URL HTTP/1.1 money-easilwnr.buzz/assets/sweetalert2.min.css
IP 188.114.96.1:0
File type ASCII text, with very long lines (27093), with no line terminators
Hash 9f590230d0450fc4bdd6c6293f9618e4
22416254ee00589116ee25ada147128de7eaa753
e4daec0f09a9064152f3fe4656da672be6806b2debe90c5bf9cff73f09582056
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/sweetalert2.min.css HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-69d5"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgByD58xcXRc5O8pT1H2piHr01XJzLuvNZyFvfImTJC10eZnSi0VDTBe5mDzHD0dFdC1%2Fnr0flaTBuPkHs2ddbQc2uc3SRA%2Bfe1I3JlGEufx4iQrQH%2BsMr8KUTyvi6rijk7cYmLU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a427b7cb4ff-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/sweetalert2.min.js
188.114.96.1200 OK 13 kB URL HTTP/1.1 money-easilwnr.buzz/assets/sweetalert2.min.js
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (37599), with no line terminators
Hash 57818ed08c2a7da6d52e46e78f2e2e1c
88c636bfa3a201fec8fc3f18dbc472c9376a6a90
22036697dde58e72d2ade78ae9d18509c90c39f2a5a889adca1d39c39a6dbf6f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/sweetalert2.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-92e0"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e702EE32sGAxBQsFUyGrQb02U6lOD%2FLVFftjdlp9Gg543P9qW7PqaziAJSMHW0XUxdcbajq%2BplVYBPdWMnClaJz%2BulGapZGFk6n5nPvrCmFaPlmx0bJ6jvtXGa18lbGjgyc99LbG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a427eb7b52d-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/style-s.css?88888888
188.114.96.1200 OK 51 kB URL HTTP/1.1 money-easilwnr.buzz/assets/style-s.css?88888888
IP 188.114.96.1:0
Hash 54a4c76aa3e0415cf2b53c0b899fba29
a43ab96aa24f3d47dbe8436bc701d16e3deec4a0
8c1d4d78976f05f00e34eafa0777f8b85865233d4cc00f5daf933ce6f3afbcd0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/style-s.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-4e70a"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEK0VFZjU46ybhEk5IfN0cJ3a6FndGnzL8p3smEkh6b8d679lw2lHl2fkBHjWIBZADqwj%2B%2FO3M2cmC0dIzTamGP1Br9DhDonChMl8MtiRsPfrpCv20R8Aaz6IwxlgFDEMZVvPi34"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a427fa4b500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/all-x.min.css?88888888
188.114.96.1200 OK 25 kB URL HTTP/1.1 money-easilwnr.buzz/assets/all-x.min.css?88888888
IP 188.114.96.1:0
File type troff or preprocessor input, ASCII text
Hash e5dbfb6e80fb1348e8c38b3f010b1e80
bb34657cddac13147e2e0cff6acb550dd230e0a5
16b969791f5dcf2b1a9551cc002bf83ddbc5b18b12eed1673e16a785b5d0b69e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/all-x.min.css?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1e1f7"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkVbmZhyPprC8UOqN0PR49qH3DFJ8QQvloZhfa2JuQSUv%2BbMcZ2wnAU1cbcNSSzxJrV%2BvQiOZKKlrnFTC%2FX3oo0e%2BGn9jEm4lACduBjTRNTt5qtC%2B5qVoNiLC12cnySnz3zyCbYL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a427d8db4e8-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/jquery-x.min.js?88888888
188.114.96.1200 OK 34 kB URL HTTP/1.1 money-easilwnr.buzz/assets/jquery-x.min.js?88888888
IP 188.114.96.1:0
File type ASCII text, with very long lines (32065)
Hash 84a0c3e437d1d313d4cd3141d09d3874
2962981e5d98d0a90c304fc33289f6ddab802d77
0a09302dc6531ed82d1927469b4dd14e5137d9c21cb825adf85cf47f7389b2c9
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/jquery-x.min.js?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-14e49"
Expires: Fri, 03 Feb 2023 22:28:03 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KnPk7QrfPw53cVbratonJRZsoa4fdbRnFfEZZUNsbQGOpNatOSIzDU818b9KLEBvCPwzcP0TDun2nundjBpZwZbEGdNdYZaVB1lobyKc3jQwE8Zl5VQ9uRxGg9WBUztRLGQ4D8GA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4288e30b31-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 10:28:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 10:28:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 10:28:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
money-easilwnr.buzz/assets/bootstrap-s.min.js
188.114.96.1200 OK 19 kB URL HTTP/1.1 money-easilwnr.buzz/assets/bootstrap-s.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (59810)
Hash 05cf97146d1c7c37791dd53ecddfdc7f
baddd653344068f918351421c43ed4ee84bb687a
27451008dc3714f442000aa4a89c75b24ecf9339013ef160321571b740b48310
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/bootstrap-s.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-ea90"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hejJsOkrRc6gzQ6ENrxQ%2FAlRvzeymxKlqjHuN5ZYK2aHeFcy23tiRXd%2FuIUVzFSLe%2BFb3OFiLzd2Rp1mp1zcA4M3%2BYDspZIEbSKFnUAfBCRQldQcrJXftgIG%2FUvnA80jMSKMkcrI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a43cbe8b50c-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 10:28:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
money-easilwnr.buzz/assets/waypoint.min.js
188.114.96.1200 OK 2.9 kB URL HTTP/1.1 money-easilwnr.buzz/assets/waypoint.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (7808)
Hash ea79ab9178211ffc391e74f46b341d65
d94e16f16f5cae7c2826627f501c21f67b3e1b76
becdd9f5aa9671cb12a8fa844a30b208c67de473614c052bc269632ec7fc93c5
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/waypoint.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1fbc"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MueXpcDW21HQnZpjiDNChluxf8pGKbxix7JoDtFw5iDcmQ2YW6UhDqvLwo%2BZirew517hM2gWQODbH63sDmQ4yanXOGg4VWFPnfCHIfLiK7sYFerCpBHtHgKzZf%2FgtD5C3x7DzXNi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a46bcffb500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/modernizr.min.js
188.114.96.1200 OK 3.8 kB URL HTTP/1.1 money-easilwnr.buzz/assets/modernizr.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (8321)
Hash 9a4e2e88b1efdea3118f90bb5c4b446c
3d2500896e40634fc3eca71833eedb3d5fa422eb
4941c58442c5bf1b79908e4a86d3415fa5412dd34d57c1b3cbc2fce7e8531753
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/modernizr.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-21be"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtnnrWwYHZFQZZMOTZdOgIa%2F%2FSWNawdm9F4YfZI1nqcKcP2jSSnr3w0WUVywAvqyT9QUjAqApr4cw0jbQ0OncOlUF8kTYihqn3Ak4twXOHgeDB8Rg9G1WRdKMSnFhbFg4aFYdnNV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a454eceb4ff-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 10:28:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
216.58.207.227200 OK 38 kB URL HTTP/2 fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 37924, version 1.0\012- data
Hash e08be6d5d433944f7ad52902e4d24db5
e2600c1d60d12d397b3ee44411a021231d71e974
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
GET /s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://money-easilwnr.buzz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 09:38:52 GMT
expires: Sat, 03 Feb 2024 09:38:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
content-type: font/woff2
age: 2952
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
money-easilwnr.buzz/assets/popper.min.js
188.114.96.1200 OK 7.2 kB URL HTTP/1.1 money-easilwnr.buzz/assets/popper.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (18507)
Hash 6e5b24f414ada52a97a0d15b093a9941
81be552a260da7101d3a09ada7a5b19fcd071af5
044729e61dd1b45d0e7f187c08ca75284734423e1304228ddd0c7adf1c81518c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/popper.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-487c"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXaWj5ATU%2BQxpkjREBuzbVPQU7m%2BtXMvQh%2BUgxokXAnhJciVJSazEo%2BdUD5PnkvZz5kq9q7krQ2G1x%2FWI5DzBzfUdSZe7fJpcn0CDIGYJpiXDWg1xiulAlFa1pOdhhVbWdNPFe7S"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4558d3b52d-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 10:28:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
money-easilwnr.buzz/assets/feather.min.js
188.114.96.1200 OK 24 kB URL HTTP/1.1 money-easilwnr.buzz/assets/feather.min.js
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (61392)
Hash cffc999a0e9383e024d48b8ccae08f57
6e6c4a7fc856de515053573fac5af0ce32c4a8de
0564d222e0f0b854142fd4c4f5423ec461463d4d78ee5f20c22163e30a715f0e
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/feather.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-12550"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k3UOHpZ1QhOCv6%2FXkEaxWmzvnrBTsFc4e01dxQc%2BNEgYW1%2FofOLUh%2FwoNh7UjT25K1btjt2SHBkS8lD2lFM3BjVY0AFO6nDrZz8CNLZA1DJVmAQ%2FK9KoPMuIsxuXiu4ou%2BVwy7Mf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a481a47b50c-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/wow.min.js
188.114.96.1200 OK 3.0 kB URL HTTP/1.1 money-easilwnr.buzz/assets/wow.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (8099)
Hash 841cab5cb0e19c936289a69708b4645f
72baac3e47877f1bcb275c26341a1564a875fbdb
d5988ca7709f698712b65bdccbce11ce4fd5b2cc6337dce830a5bd32ee53533d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/wow.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1fdb"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1t0nw82TBHMldj8D1qroZCYgsrST%2BNVfII9z5achnpRmrIJUVb%2BuhZbxXm6lVkpYhXTCJCw4COk5CNa3ifzCdHhGa7XQSc9oeTwEj5cla9HM4G9io1qOzlJcW4AExIP6KLHym6Yy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a46bbaab4e8-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/sal.min.js
188.114.96.1200 OK 1.3 kB URL HTTP/1.1 money-easilwnr.buzz/assets/sal.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (3154)
Hash 2166635fcdf17a2c5736232ffff1234e
43ddf34acd9784a83ab71bf0b27c719abd39aa83
2044add5ec4e18486453908bd9565d7bcb27b4bf2f64d145dd8aa9a37fcb9650
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/sal.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-c53"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j0gVg0mz0xbDCtQWONbKqx8eDz6e5uqaFJshnrzozBCPgpEv0UEStSLowIRSWdJYo%2FHJ1Tv4LTNcOragUrh8wVsWOc7ItTceqi6Mz3k%2FMcGDpSEFhyaybvk9PQPSXlSF3jzIfFZd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a482ec1b500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/counterup.min.js
188.114.96.1200 OK 585 B URL HTTP/1.1 money-easilwnr.buzz/assets/counterup.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (917)
Hash ea0a601b8f97764239f1a4f75db91b71
a3529bbefec847eae930cc529284f5dcef0caf89
08716acd48572be9d91c0441f6482ac0899bf642ff051c78d0b9ff7587aa1a42
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/counterup.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-42b"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrwJEIjfK5yxyAZLdtq8rIsjr4Tubjs2kWpbUrexuc2zsk3mtpgRNWOe3XImgI9YTFC6Xyei6fcsdmElYJwPizvqUQIBUbYU4qmvK3TnA9ePcHq%2F78m%2BBFsJIgusMcNEr7PDCg5z"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a46cc4f0b31-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/masonry.js
188.114.96.1200 OK 12 kB URL HTTP/1.1 money-easilwnr.buzz/assets/masonry.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (32057)
Hash a368ae034ac81b3412e3dc0ba0f28647
7bccf472749035553d6eb7490fd43e17e8b5e258
d814a73b281891edba62399fe026e3560e55fefef6ab3931d3de775200bb1c14
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/masonry.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-9c2a"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVHaJbt5F5uxFK7uUDB3VmrqYXgcTSqBuH4mVGg4ONxbxFcVPvAfp3nMmWX%2BUYx3OLV679lzyoYjfwrCLgPxfwUw7L1bhWSCsQ9nG1%2B5Guyt5q0f%2BPo7T6Mwxu2PpPKb2AW5Nikl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a482b80b4ff-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/easypie.js
188.114.96.1200 OK 4.8 kB URL HTTP/1.1 money-easilwnr.buzz/assets/easypie.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (3766)
Hash 305c6b09fc511e04949bd5e262414633
b7bdb7b86c44e902995b6c5f7976c0eda39aebbe
f5b1d145b5f592a14a3279da4db9d525c876eb5b91cb80fc99f2f9eca5a9d3eb
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/easypie.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-390b"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSuTRky4RPBfR2J0gOIirkBQDC0oJnxZSg05M7u3tG%2FkoGEcX1e18YqyHqBqZx2h2mnhDPsWB4bhiN0R6ADwaB9KiEHjawsTske9PJIuFhiy9pY91OEKFGnuVVql9T7%2Bg8XwFBSO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a49985db500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/imageloaded.js
188.114.96.1200 OK 2.0 kB URL HTTP/1.1 money-easilwnr.buzz/assets/imageloaded.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (5477)
Hash f9edebd800ad4053d4039cc6b7142373
12e96a1ba59bb4ae159d94c2d0cdcb4da29d6193
06b187c469498f65678c398cab9a81ed1bccbdcf205e629cbecfeac0f255ca59
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/imageloaded.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-15da"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=blOekGSl1Xli7IofOXCN%2FyhuADb0oZQoAn4FjVZmR5J6umxGoSpt6oUkzs4Opgj2si7zPC6wnwQIpZw1RY%2Fqu8k1Szf9IY7mQ3ZjMqoiCdLriagpjHP5DCmJDcw3YYHtxwGRYBYN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a482b60b52d-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/text-type.js
188.114.96.1200 OK 1.7 kB URL HTTP/1.1 money-easilwnr.buzz/assets/text-type.js
IP 188.114.96.1:0
Hash 7aad140a767a1c07bf8981f8fb7afe74
49dc597904ca8393e6207736cc87b1eb9f03ad71
0c24fa9a2bed2db6a59c09d68607a82ad92fba8a4d00f7bc6c07da1cfe4bbd74
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/text-type.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1b4d"
Expires: Fri, 03 Feb 2023 22:28:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5SwN17JiguHGno7UOa5wg5UAOSfHneWUKMC9TPZ1XPTcGMCDy6eWVOiaQn4TTYwJAjC2Dl%2BOejzlTFESBBUpPLaziGhAQEXcBwILTgS9qGi4A5rn7IoaSRfnW%2BhO6MIXLrEmM%2Fm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a499edd0b31-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5171
Expires: Fri, 03 Feb 2023 11:54:16 GMT
Date: Fri, 03 Feb 2023 10:28:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5171
Expires: Fri, 03 Feb 2023 11:54:16 GMT
Date: Fri, 03 Feb 2023 10:28:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5171
Expires: Fri, 03 Feb 2023 11:54:16 GMT
Date: Fri, 03 Feb 2023 10:28:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5171
Expires: Fri, 03 Feb 2023 11:54:16 GMT
Date: Fri, 03 Feb 2023 10:28:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5171
Expires: Fri, 03 Feb 2023 11:54:16 GMT
Date: Fri, 03 Feb 2023 10:28:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4041f3b5316bc84c9e6d88ddbc85b89
4978a4a20836b6f5d863d331bcedad782b7b4ac6
549b62d2c4ec965b8bec62010c0ce338dfea7992ee83eb7af61ff1a30d21f8b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49d52576-44b1-4baf-92c0-88f267415a19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5641
x-amzn-requestid: b53b54b1-3b00-47cf-a25c-e93910c2ebfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuvzpHsXoAMFsuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2ce3-0c4fc8154763febb44460ac2;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x4-BZdG4JGRKCSdKynnuweZfo9l0XZtDB-MiANy7C2Yz1URYMHP4sQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:28:50 GMT
age: 43155
etag: "4978a4a20836b6f5d863d331bcedad782b7b4ac6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 04:53:21 GMT
age: 20084
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5314f1087266189144982b464f4aa7a6
438b5a17b9060f6825331348aa3797ab1c15895d
fb7d5ec834d28c99f6430703c002c24a9caf50b7701a369cbd69e51576f1e73c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feed96488-989b-49ab-8eef-5c9dea89a5ca.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5898
x-amzn-requestid: 50d6181d-6804-48ab-bc38-9fcaf4da1bc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fZALWF5IIAMFv5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d37a48-2e2e53124ce2f9eb31290ec4;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:16:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9Jus6UYlOGiDdqLBxJ387FMtEAST6THfW-oz6gjgFzKzchCdwUCcvQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 03:13:49 GMT
age: 26056
etag: "438b5a17b9060f6825331348aa3797ab1c15895d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vUJO-Pt9Hi1ndrCQQT1nNCGT7oDOYBpA8-EawHanESoZAsZv32dQdg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 00:25:04 GMT
age: 36181
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff49ad64-ed0c-4270-8972-02b93a55c3b8.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff49ad64-ed0c-4270-8972-02b93a55c3b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b67f1de5050f7e32226bb0b279e5f450
058dc594601de546ae391ffa47269b404fee0f02
268b5f2557e4f171f33641cc7923d6cd786cba6e056f6656c82113b49b70a3df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff49ad64-ed0c-4270-8972-02b93a55c3b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12514
x-amzn-requestid: e5e536fd-15ec-4a9f-a678-c24e6202d0f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fY_y3HRSoAMFxUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d379ab-5137ec566a8ccb4a3628e17a;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 07:13:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KvaWZ_Re1oRbOGg3MDxp5BKPCMAzYqCfVo4n3rf67ppjVO9Pmey4wg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:05:20 GMT
age: 44565
etag: "058dc594601de546ae391ffa47269b404fee0f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02123eef9faa8560ff66b058d4e13a28
decf26282993d7f0b14cf4112d14fa39c97fa89f
28889ff20f1b2fe0b73f8f97e6569f1d68d77fe436eeb47cc06ee4f0822ff239
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15f2ebc9-82b4-4f1b-b0b8-978571cb123b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9130
x-amzn-requestid: 09ad3fbb-1e71-4455-82df-6e59f65239a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuxiYEkqIAMFVZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2fa8-1dca116e4317f9bd14f6d45a;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:48:24 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _Bc2svrG-wX63DK9RPUyjh-n6AHVHaQe3QRmEL27L-amwCH2I_f_9g==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:05:17 GMT
age: 44568
etag: "decf26282993d7f0b14cf4112d14fa39c97fa89f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash 0781f0035bff9bb86b0359781ae78373
3b8280a13f63ccd9d8aaaa7f8ab65634d66d1ee6
59a0387fb5bae1301f8d6e2e6d3b253034c8b78a5d172bee0dac87ab6d328bab
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 07 Feb 2023 06:59:59 GMT
ETag: "3b8280a13f63ccd9d8aaaa7f8ab65634d66d1ee6"
Last-Modified: Fri, 03 Feb 2023 07:00:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1493
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a4b98431bfe-OSL
money-easilwnr.buzz/assets/lightbox.js
188.114.96.1200 OK 7.7 kB URL HTTP/1.1 money-easilwnr.buzz/assets/lightbox.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (24591)
Hash 71410dd0a2d4a7faeadc620565ae03c5
8cdd718552fb6bf1b33f9007674e5be9633a5549
c19fbaa70a7249d4c3a77c6835d7f4b26daeec4581a30325fa393db48ec2870f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/lightbox.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-6103"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glIAaY%2BUyxs5RVVAG%2FQeBkxIhyL087928NhuG2BIXDJYZeDmmmre4txEUmBPkoESN6smlqbkbDAko67eWjDP0iKkU%2Ba1dWxdfEuV%2FOa6U0bSP6dwzM9pNIp3gGxYqBp4fUAl7yGj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a498c2bb50c-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/slick.min.js?88888888
188.114.96.1200 OK 13 kB URL HTTP/1.1 money-easilwnr.buzz/assets/slick.min.js?88888888
IP 188.114.96.1:0
File type ASCII text, with very long lines (3201)
Hash d6900ef724d0c46d25e12f20eade1899
5cb31fd820a8f181b7b20f613b3bfacb3c81380e
bd9fe09fb850b18a690e61899014ad18297d165eee517a832aefd1878437090b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/slick.min.js?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-c31e"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=swaT%2BaR3qwktD1Gk9fF1mJwz4zvogHFrS35nsodFE6YdU9H%2F3rKIioXufpeK5LvEwjUQcwupBEONE4sCjhcNK5yLUEtY5gusuyQ05n2FkzqjRHbSAYnC1m2Ng8Z5eSMbZm2eB0Aw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a499fc0b4e8-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/js.cookie.js
188.114.96.1200 OK 1.5 kB URL HTTP/1.1 money-easilwnr.buzz/assets/js.cookie.js
IP 188.114.96.1:0
Hash b7646d958932db8b5a9c82dede819300
dd168c3ed448248071712594275583d5585853a7
64fc83e301678afb8f0d808a969772d175c070d6448a126d5129f40fcedb6745
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/js.cookie.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-e5c"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qvTR%2BG%2FCokBX4yhYVNLSPUaBQiNoM4F9N4rCbABcA%2Ffm7UMriSjKLPh2K9smCU8ALtUonZA6aefMlZnoGpFzrGVyh9ulXUjZkgrhnKd9VqUrQhdcBbTDCnG4pH6XHkjFVizjyw0T"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4aff2bb4ff-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/jquery-one-page-nav.js
188.114.96.1200 OK 2.0 kB URL HTTP/1.1 money-easilwnr.buzz/assets/jquery-one-page-nav.js
IP 188.114.96.1:0
Hash cfe0bb2fcc6bc84b34b43e445c464372
cf3021d04288125793302c41ff6397d259213750
2b22a7820f39406ad520ee3d00b18eddc6019968c6af2b2dc9b7a04efe9c9e1c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/jquery-one-page-nav.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-1417"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=al5g23iQ0u96OIrwYMbQlPOR7v4vBI%2BudsK%2F5p9rDa5RSC32DDLVNA6c1K95zvjAwUEjrQGh9nhK%2B9i0usICHQrCyJi8EdQxIfMO34eC0bA0IhQ4FIrwafBgojt1%2FcG4pu2gXnMF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4b0a85b500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/fetch.js?xx
188.114.96.1200 OK 669 B URL HTTP/1.1 money-easilwnr.buzz/assets/fetch.js?xx
IP 188.114.96.1:0
Hash 7b7c25b066c7cba5d8538919f1a006ad
65d38cf2cf17fa8e43a040bb53305d159e7a6b30
fbbaedfd0ff0abecfa91848fc447111928639e55ce69fc6e9eec1ba6f7415bea
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fetch.js?xx HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 07:59:09 GMT
Vary: Accept-Encoding
ETag: W/"63773b4d-7bd"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiZng27JVXwNfKbnJFhNzHUjKohMeB1eLVaOrWKelrU%2BxrlQk%2BmWr0GPDrjtXKfNklGazMyAfUU5ki6zXejB4oJ6hA4RHATureKuVAaSeYLdf%2BYhH%2BR0Ei0FlzOu5VBITglPm1RC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4c6b5cb4e8-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/main.js
188.114.96.1200 OK 2.8 kB URL HTTP/1.1 money-easilwnr.buzz/assets/main.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (385)
Hash 3e580993bc767aa97cebcec15473e47e
fd634d1e42f791acfa368de45e64f1a24d9a15b1
1b42d467db3799267aed5c19e95665e6b8eadfd1a2b701915584067721a4ac29
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/main.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
Vary: Accept-Encoding
ETag: W/"632acf41-3616"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNttsrXLmdqHLL1cvlYN%2BAmDtgmqTcALBxLli0u1%2FoG7MT3gPWNH9hpXt5H4ohea8kFROyJ0MKzBRJV7klGjW%2BGnvMQDLQOyC7xktdmjw7zrkkkWmpHP24dmb2u4ivBkcL9R9kHN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4b0ec5b52d-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/fetch.css?cc
188.114.96.1200 OK 612 B URL HTTP/1.1 money-easilwnr.buzz/assets/fetch.css?cc
IP 188.114.96.1:0
Hash a137de18c3d3d4c3b12d266e69eed750
e3987c47fd92a6ef4fb4f819c511ba71f3504bcc
ae3a7d7f6effeee7c360e623a2a2cecb3940978b568030dba49d97c2a64fe86a
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fetch.css?cc HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Nov 2022 08:29:50 GMT
Vary: Accept-Encoding
ETag: W/"6377427e-5eb"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9W%2Bwc7iaz9JEHYWKqExs9Yw3c60CSGn7Zbc8NpP5hBXCj9paw%2BqJbfpk13sCaaoW32f5E6r17jLL9JaK2Jqy0aIXHrTxICbIwSIzpqQ36FjfAuOsI3U862VhGBWbFEKI2dI%2FFWMT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4b08230b31-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/axios.min.js
188.114.96.1200 OK 6.6 kB URL HTTP/1.1 money-easilwnr.buzz/assets/axios.min.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (17808), with no line terminators
Hash 9734bde640c9a5b4071f83af8bebf299
ebb92c16f406f81e49dca95ca4329a6aeed5bd9e
c78c7141edea5aaf285fc4338015994e1541b8e29c11459ac4daecc31fb25899
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/axios.min.js HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 14:05:23 GMT
Vary: Accept-Encoding
ETag: W/"6374ee23-4590"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXaK5ZRy6jfmGtbsRuOtRoOkvNG8ia20oNNyo9Yd4HGA4bI4K7yimztu1kzWAWmfQCsnYczkAVKGB9R1ucSYxKP9m2bG1Pq9QVwHmLB8zCyBUpT19duIaBhfNoC3or6RuGIo7cqk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a4c6fb3b50c-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/custom-s.js?88888888
188.114.96.1200 OK 239 B URL HTTP/1.1 money-easilwnr.buzz/assets/custom-s.js?88888888
IP 188.114.96.1:0
Hash 5dca6f83ae611c0d3adceb4efef1c028
b90e63354a526dd398fea75adc50da0363e0bf2c
0288a31f1c72f048f2671958727dcbd834433170febc3f64e08aadb31661d878
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/custom-s.js?88888888 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: W/"632acf41-2e0"
Expires: Fri, 03 Feb 2023 22:28:05 GMT
Cache-Control: max-age=43200
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dP6gVXWLURGuyXTIMuEMnLWw%2FokjpR6%2BOrtEqFR7OUoqT8hzzB1uk47wrgFpDVG2UHM3pXYY3YqESkdWdxFQWMJ6L7ZoSO38KOJb5eYMQhbWwuLNw64fvx6dds6qcWAyEmLecGIZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a4dcb88b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/logo.png
188.114.96.1200 OK 20 kB URL HTTP/1.1 money-easilwnr.buzz/assets/logo.png
IP 188.114.96.1:0
File type PNG image data, 356 x 287, 8-bit/color RGBA, non-interlaced\012- data
Hash 9d2163e9639434de6d03ae5115f67d62
0e70313507bbd6a18b944d26ab340af0df757222
7db6b714f8a20eab44186b2705cd7a250fb2874281f634965762dd94b7c81d2b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/logo.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:05 GMT
Content-Type: image/png
Content-Length: 19515
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-4c3b"
Expires: Sun, 05 Mar 2023 10:28:05 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9G9CbVbm6cnqwQML6zRLXdWql%2FghTkEFrrpBxEl6O9uKeXvsV5XSRAXCOdXjiB4%2BTmzRMHazM%2BsVgdP%2BfHWIgtHvUFG5CvXPUc8EndjdKtprnP%2FuUNZhfabDt1vUMj%2F3xv%2FYSvJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a4ddb720b31-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/logo.svg
188.114.96.1200 OK 20 kB URL HTTP/1.1 money-easilwnr.buzz/assets/logo.svg
IP 188.114.96.1:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text
Hash b702ea6d1e64d02640da350f1be013d3
d56759285f2dc057e45f03ac62e900658345ab8b
4c1fd3f0c4f7acfdcf696c7d1e45645c35341a3d3eab9abdebacbe07735cc5a0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/logo.svg HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: W/"632acf41-673e"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Po%2BZGC%2BryyvBtJxArHhtfsI5zLOKAVUqiov6H8OnAZdwW%2BnsUaLWKvWxYQmjsqfFO3pvNSpb8oQiCaOJJ2RuflnkfDKp786qw7haUtnJYhyfGQqJDzsUir4yKpOU%2BiEXTy9AogWP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a4dd95eb52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/fonts/fa-solid-900.woff2
188.114.96.1200 OK 154 kB URL HTTP/1.1 money-easilwnr.buzz/assets/fonts/fa-solid-900.woff2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 154228, version 769.768\012- data
Size 154 kB (154228 bytes)
Hash 55b416a8df21f9f987aa352f10d1343b
2717f3f58271f2f2e6120d9937c7227002656d34
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fonts/fa-solid-900.woff2 HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://money-easilwnr.buzz/assets/all-x.min.css?88888888
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: font/woff2
Content-Length: 154228
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-25a74"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4hG14kfBJwcc6fr6Pfvs9zqWKoLE%2FZXlDlyOUYuVa3nzPT2B2uWt35GsZwFXPAlVf6Q09tR2Rs0C0Tko9HZgJLesTfh2kNM1k4mNXrUCf8BWWb7M5OoVR2DG5S4RrdlxPUalbl4%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a4ddea8b500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/fonts/Feather.ttf?sdxovp
188.114.96.1200 OK 65 kB URL HTTP/1.1 money-easilwnr.buzz/assets/fonts/Feather.ttf?sdxovp
IP 188.114.96.1:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, Feather \012- data
Hash fe1594343a6aed9427c646993d06ea9c
18d0455f25678b44731eac73dc8654df1d2c314e
e103929dd758126ea4a090ff0e33b620f3ceb1b81ffad1345023c95661c84d8c
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fonts/Feather.ttf?sdxovp HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/assets/feature-s.css?88888888
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: application/octet-stream
Content-Length: 65112
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-fe58"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwlFUNaoe9EZ%2BbL76o%2BPFNRJiKD1pIRmT%2Fb%2BkuASfFGQGTECCr6h7oiVtHmBf890WWtylscWlOAMEU9LYzH%2BL2pA5%2FurJO3aoaboOKx6iT%2BRzESBME0dUPwpK6KNh%2FgsEiW2%2BKjM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a4ddd62b4e8-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/fetch.php?act=fetch
188.114.96.1200 OK 362 B URL HTTP/1.1 money-easilwnr.buzz/fetch.php?act=fetch
IP 188.114.96.1:0
File type JSON data\012- , ASCII text, with very long lines (798), with no line terminators
Hash c79adf576a862df5dfa1a7de260b1678
f477b24b4d7e342134375b8a643ce597d1436373
1d949842ba6235298fdb15d034912ab226a8c28eb6ae8b41eff7209514c8bfb5
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /fetch.php?act=fetch HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NUQtcnw%2F47wYi1WC6R4benFs1n8jy%2BBgWq0F5jiTk4nsWU2wXLKHUJxBiheb9F%2Bcvu%2BOF1WqVnCWwMPbKG8HOLEc65seEh8Wgecy2npRx73wxq2iSsoaB1nnSytaMtprIM7cVdq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 793a7a50af9fb4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&display=swap
142.250.74.74200 OK 12 kB URL HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800&display=swap
IP 142.250.74.74:0
File type ASCII text, with very long lines (625)
Hash 01bb7bf2c9b6b575a0bd91c5485429f9
951d039ed56d7ce074f39e990afe2f6838c00f32
1297d667d25f41fb725b64e39c56a9a2801b7fcc5333a07f0550f1b4077dedca
GET /css2?family=Inter:wght@300;400;500;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://money-easilwnr.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 10:28:04 GMT
date: Fri, 03 Feb 2023 10:28:04 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
money-easilwnr.buzz/assets/home.png
188.114.96.1200 OK 64 kB URL HTTP/1.1 money-easilwnr.buzz/assets/home.png
IP 188.114.96.1:0
File type PNG image data, 1000 x 563, 8-bit colormap, non-interlaced\012- data
Hash 91a12b6f4fcb82e9f812e6ef706be0f9
183861bd6196c5a442f2b0b8e79d098a4c535411
b6260bdca58deb46027a76c8395b47d864f38b63a84b2ba0e1d5e186c9f015d4
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/home.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/png
Content-Length: 64392
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-fb88"
Expires: Sun, 05 Mar 2023 10:28:05 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9k6BZikAIQWvWOj%2F7myleN%2BLDzEBkI0G7Fj%2FIQo5l6hSeUZw7TseA9ADrGOcmrTj7pDzHSoGnz%2BplKYKScZbtyoRTNdbwC6wdvLuEPmhxbcHHLSrRpfynr1fkBhHuqBXOxJ80DiG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a4f3b5fb50c-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/icon-01.png
188.114.96.1200 OK 15 kB URL HTTP/1.1 money-easilwnr.buzz/assets/icon-01.png
IP 188.114.96.1:0
File type PNG image data, 250 x 268, 8-bit colormap, non-interlaced\012- data
Hash ca131b67563fa32cda29db2eb1aac047
abdd633761ae4979cb067fb020a535596d495447
6e4656830fee5d5c7def4b0b61f5fb5ce325d220be632adf6e85a80ac80f9b84
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/icon-01.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/png
Content-Length: 14714
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-397a"
Expires: Sun, 05 Mar 2023 10:28:06 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GCwFo8qgb1TdPZoQFDsqkEhmrIwY%2FMN%2B8d7CIfxhowqhdH6Ull4lEsp2tzWdP0XdcktVnBYBYEL25xjiAMHVeqEJOEKfQdVL4QmDCeEijeC2zTfgJuJ1SlatA4JlFIk%2Fi0nlM%2Fv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a50bdc60b31-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/fonts/slick.woff
188.114.96.1200 OK 1.4 kB URL HTTP/1.1 money-easilwnr.buzz/assets/fonts/slick.woff
IP 188.114.96.1:0
File type Web Open Font Format, CFF, length 1380, version 1.0\012- data
Hash b7c9e1e479de3b53f1e4e30ebac2403a
af91c12f0f406a4f801aeb3b398768fe41d8f864
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/fonts/slick.woff HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://money-easilwnr.buzz/assets/slick-theme-s.css?88888888
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406; firstreg=1
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: font/woff
Content-Length: 1380
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-564"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72gRw8CPN2SvLmIlHzfHXpJO7a1JE6oUjcOkpW6oMUBSCcl2KUeNanBM03vZbBUTasx%2BsNvpgJ3D5%2BHVx0MbdjiYPt7RdPn6t9Yyqi6hFIKVRCpwXfyJJGCjYJ%2BNSjxc2R%2Fkq%2Fmo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a521d1eb52d-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/icon-03.png
188.114.96.1200 OK 13 kB URL HTTP/1.1 money-easilwnr.buzz/assets/icon-03.png
IP 188.114.96.1:0
File type PNG image data, 342 x 240, 8-bit colormap, non-interlaced\012- data
Hash 0af0181a412eadd39b9d35db6b534731
c8a7c1c6461ffceb12e17022fdfba1dce1ea5481
684200126fabbd319302af54284909e60261f4d90904b0e972d1cd77c9d7a9c2
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/icon-03.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/png
Content-Length: 12558
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-310e"
Expires: Sun, 05 Mar 2023 10:28:06 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W62oc85RzAlRgVq1lI87C6%2BDLQ%2F7stvRVvHijGrUFsqOZNE9TSqwc0EjFnrkYdFoWSQh91GYLWQ%2FhuCQwULnf68tJ8NAT0SljMLP3wLi4uoNSidNwkKheaFeuXTch%2FHnGfJTMpnf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a537cb8b4e8-OSL
alt-svc: h2=":443"; ma=60
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1081083168&si=a711c146eb2a9ed4508f24c2f56c85b5&v=1.3.0&lv=1&sn=17842&r=0&ww=1280&u=http%3A%2F%2Fmoney-easilwnr.buzz%2Findex.php%3Fcode%3DOTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY%3D&tt=MoneyEasily%20-%20Get%20Paid%20to%20Complete%20Task%20and%20Make%20Money%20Online
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1081083168&si=a711c146eb2a9ed4508f24c2f56c85b5&v=1.3.0&lv=1&sn=17842&r=0&ww=1280&u=http%3A%2F%2Fmoney-easilwnr.buzz%2Findex.php%3Fcode%3DOTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY%3D&tt=MoneyEasily%20-%20Get%20Paid%20to%20Complete%20Task%20and%20Make%20Money%20Online
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1081083168&si=a711c146eb2a9ed4508f24c2f56c85b5&v=1.3.0&lv=1&sn=17842&r=0&ww=1280&u=http%3A%2F%2Fmoney-easilwnr.buzz%2Findex.php%3Fcode%3DOTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY%3D&tt=MoneyEasily%20-%20Get%20Paid%20to%20Complete%20Task%20and%20Make%20Money%20Online HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://money-easilwnr.buzz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 03 Feb 2023 10:28:06 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=01B50F9134A1B597; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
money-easilwnr.buzz/assets/icon-02.png
188.114.96.1200 OK 16 kB URL HTTP/1.1 money-easilwnr.buzz/assets/icon-02.png
IP 188.114.96.1:0
File type PNG image data, 250 x 277, 8-bit colormap, non-interlaced\012- data
Hash 82c445709d7c6a242c04cac492268ba5
eaabcf235aa528d1b5abfe37dd769c6716999da8
cc24ad6710369019dbe636dfb79b403b49b0bca03f3dafc1d7a087ed97380ead
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/icon-02.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/png
Content-Length: 16354
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-3fe2"
Expires: Sun, 05 Mar 2023 10:28:06 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5KdMFCa4D9ZSTLGWWyLdySebIDvB56BMP5yiOtU1g4pAxWwFNVKEPbv9CkKPQ4rxBmJstHrOeVmW0iSXt9UU%2BNxnfJzBX1lYJbBF76MKp0L8z1zxjsuT56ils2%2BpEtqQT9Q3iKX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a537e08b500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/SJunkie_Payment_3.jpg
188.114.96.1200 OK 17 kB URL HTTP/1.1 money-easilwnr.buzz/assets/SJunkie_Payment_3.jpg
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=509, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=301], progressive, precision 8, 301x509, components 3\012- data
Hash dc70c0ab87afc96fef3379df310b40c6
3c33560efbf899a2e5adc9fd9c6e4482c3a4f66b
fa9d0eb1ca1f954e47c8b73d531f2f96c86e7e4a657196d159895ca546442b18
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/SJunkie_Payment_3.jpg HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/jpeg
Content-Length: 17118
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-42de"
Expires: Sun, 05 Mar 2023 10:28:06 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRJl8C8uuUoPPnOlLeL%2FgNF6qjEXjWcjwbRM6UQDqcVaqE9glST5NkhWFpAJ6DtHW2rRPC11rXSi1ajR5TjDVSDLoHFa4UapeHNgiuLgGjyMFrZoypvMhsLGrEtCSUV59eRTsBOo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a54daa9b50c-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/SJunkie_Payment_2.jpg
188.114.96.1200 OK 21 kB URL HTTP/1.1 money-easilwnr.buzz/assets/SJunkie_Payment_2.jpg
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=412, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=321], progressive, precision 8, 321x412, components 3\012- data
Hash f026163d6ee7afe1602dc4dcc506c0d1
3e542dff204e7ee564c3d1e2b7aa433a7dcd3f16
6449b3cf2957598551749e07067d22837defaece10ac136b96e44fe93e320cfe
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/SJunkie_Payment_2.jpg HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/jpeg
Content-Length: 21127
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-5287"
Expires: Sun, 05 Mar 2023 10:28:06 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ed%2B5OuCof92CBXLpMyyWHRpkFj5eBptRY1CgmsriLgbhP%2FeyhJiFcWsCJ1fLJLFJu4ELH3aQ4m%2B3rHtu863D5CYKVEm919eny5LqxsARdPCdS3T1Pkf6zzkrIqYUC6gdI%2BnWNBm5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a537cd9b4ff-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/SJunkie_Payment_4.jpg
188.114.96.1200 OK 28 kB URL HTTP/1.1 money-easilwnr.buzz/assets/SJunkie_Payment_4.jpg
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=577, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=321], progressive, precision 8, 321x577, components 3\012- data
Hash 9a62211fbd8551e713fc8c71e5768574
4fc9aa7db708976521fae295330a5931e47464e7
6deee19a5e39d986daff963d3a2462a0cee9dca95b550bcac0979f630031b45b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/SJunkie_Payment_4.jpg HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:06 GMT
Content-Type: image/jpeg
Content-Length: 28541
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-6f7d"
Expires: Sun, 05 Mar 2023 10:28:06 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5cLs2nXR0AUw3cI27yxpjynsOqX2JjSHm4THnMYtprKXhhOu2r2CavpLRkW1PICARD5%2F5nGM7yCODqaV4BrClB3mVvO73yeTJMGBBHEP1NTCNj8zCKOrlHloEpq7j3oI%2FAmVX7e"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a54e93b0b31-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/SJunkie_Payment_7.jpg
188.114.96.1200 OK 19 kB URL HTTP/1.1 money-easilwnr.buzz/assets/SJunkie_Payment_7.jpg
IP 188.114.96.1:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=555, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=321], progressive, precision 8, 321x555, components 3\012- data
Hash 56331043200e645f5fe1a480ba15955d
c1d1b9d2f9dafd7251cec9d734554662c7932493
009c07de69d08c3a66ff6cf1b4d17ff6227456e4ab66897dc7e70beb2bcd8c1b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/SJunkie_Payment_7.jpg HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:07 GMT
Content-Type: image/jpeg
Content-Length: 19303
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-4b67"
Expires: Sun, 05 Mar 2023 10:28:06 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CsoUYvcYgjatEaR4SJ3AjKkwkvvUHvxaycx0mSB3C1S%2BWvossQWceQcE%2FhIRmClF62a8ToWJmaghSFBnBtCr4jR5agGdTLZCx63UmT%2Bnn8sTkTHjA6R6g1PMIdnJti7m0WvRPi5I"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a54f820b52d-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/images/ajax-loader.gif
188.114.96.1404 Not Found 109 B URL HTTP/1.1 money-easilwnr.buzz/images/ajax-loader.gif
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 3bf8e5b194e806e33f65dfafeb99b824
e47321a5ce2bd7d63c3981c10dff614b0a449ba7
10dbaa1586440560d323e0d6aae3dd0d915e3be05b4975518b61190657827a3d
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /images/ajax-loader.gif HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/assets/slick-theme-s.css?88888888
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406; firstreg=1
HTTP/1.1 404 Not Found
Date: Fri, 03 Feb 2023 10:28:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2xK9ujAhCu50EFpsU0YwLoTz3135anPdyFJicdrXPPM2N6Vthu8o%2BAUqfCp114aacXgGSUy%2Bh1OO5m0Qi1jDhbh5BcaZauuJmPSYh%2FkkT6gUc12EJe5pjRgyc8XzqYs%2Bihpltja"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a57bb7e0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/trustpilot.svg
188.114.96.1200 OK 1.7 kB URL HTTP/1.1 money-easilwnr.buzz/assets/trustpilot.svg
IP 188.114.96.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4177), with no line terminators
Hash 483f3cdd882764c362ef0c26bb3a1d69
d5f98a419cc475be0544a9326c4a24a10d628eb1
a79fc487f090b2a0e956dded9a6be443fabdff5d2c9981da143111e79cb72922
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/trustpilot.svg HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:07 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: W/"632acf41-1051"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1IqmHG8rCF16SJSw9UX%2FjqwwWOnNipCGMRN%2BKekOgnPx%2FYsSkctQbsIh5IMUcWt094cMOAI7x8v4heXHpm16RAwbBifgTCBVdUA%2FwEHif8f51dvNQYT73nNWzd3tFVHNIbGLcZE8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a57adf8b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/stars-4.5.svg
188.114.96.1200 OK 693 B URL HTTP/1.1 money-easilwnr.buzz/assets/stars-4.5.svg
IP 188.114.96.1:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fafdcb6f5df0e0058545c6f71f9d45b2
103a08f416d83f391d55d324c338b265879ee611
5c70d6c4212e73b73509b06142a6ad29f760e101dfa12c7c0734dfd45ad8b417
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/stars-4.5.svg HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:07 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: W/"632acf41-73c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxciLoRY1XFhRpvWkF3VPKQAMc8iOelaL4%2BF1gT%2BWf3v8PQeDcq9RRHjc8EydJdq%2FkxzFj9F5tVKO6bxpNAsYvE2jJqowpY79gEA6obQg9uYzr3mod965xB2otqzSSUU%2FE%2FEK32V"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a57bc22b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/sjunkie_way.png
188.114.96.1200 OK 79 kB URL HTTP/1.1 money-easilwnr.buzz/assets/sjunkie_way.png
IP 188.114.96.1:0
File type PNG image data, 461 x 655, 8-bit/color RGBA, non-interlaced\012- data
Hash bf8a70c4a358d83c51b9ee64d923db2a
7c092ce1b53233000ba92a8138c6ec93166f271a
41f282c48e1b605641ce4a8c042de91c64777c0f3e13501ffc8eefed012f1a43
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/sjunkie_way.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:07 GMT
Content-Type: image/png
Content-Length: 78971
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-1347b"
Expires: Sun, 05 Mar 2023 10:28:07 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDynrklw3QIz0SeTnBFLNebS6YeXEWQaApgSfcJY4hpmdSDwEn2kJs9TPJ4PsDBouVWJNJp3qeb%2BXfn7WUoSDYhOW3jMKBEoZyvciO4upAEG3%2BalfnrLZkRT1x5Ot8aEIygvrYWf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a57ac2ab500-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/bonus_2.png
188.114.96.1200 OK 213 kB URL HTTP/1.1 money-easilwnr.buzz/assets/bonus_2.png
IP 188.114.96.1:0
File type PNG image data, 900 x 800, 8-bit/color RGBA, non-interlaced\012- data
Size 213 kB (213263 bytes)
Hash fec591d2c382a0c51227dd979441c991
f9aa92d1f72401d02daa7c0deaf2f2a3d97c8bd8
63fa7664b03e7acd2c77a5f54580757aab4060965264f381c7eb6e54613ac992
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/bonus_2.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:07 GMT
Content-Type: image/png
Content-Length: 213263
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-3410f"
Expires: Sun, 05 Mar 2023 10:28:07 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CbsCXHe3BpIfZUErGqGwLR6olwyI%2FpUcEs3DQ0FFe5NqcNpQOgFOoJNofK9uXDzWyDrtMOx7lY4B8VoIncso6w3ooMwqGqinePAzyOilb6ihdtuLX8LRS1XUyAFxHJIXMzjysKA6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a57db4fb52d-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/bonus.png
188.114.96.1200 OK 298 kB URL HTTP/1.1 money-easilwnr.buzz/assets/bonus.png
IP 188.114.96.1:0
File type PNG image data, 900 x 800, 8-bit/color RGBA, non-interlaced\012- data
Size 298 kB (298415 bytes)
Hash 04b3b93e1ceca96c6e4ba3bd59c64174
893a2511b243a6c20ce134e11d62e3599345b210
ad2865044a414918424fe1d26cd2f8f82cc6c7233d823c4de12b4535f8d35b66
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/bonus.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:07 GMT
Content-Type: image/png
Content-Length: 298415
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-48daf"
Expires: Sun, 05 Mar 2023 10:28:07 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CfTmUwqAsC7Vv06eXAK0VWkgcX%2FeThtnLWp4V6SzNxV%2BNSNHJ6IcYlmsddGnFutXTjp8ktg3tj92RyV2%2BiGkYIP8VLWOIJV%2BAGsPFDvzNFJUnRXkgbAMcwr8ew1ATUzNltKGsb18"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a5648eeb4e8-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/bonus_3.png
188.114.96.1200 OK 57 kB URL HTTP/1.1 money-easilwnr.buzz/assets/bonus_3.png
IP 188.114.96.1:0
File type PNG image data, 900 x 800, 8-bit colormap, non-interlaced\012- data
Hash 468e062edf16043c313e518667fda914
be97a8e929143c7c606183a6f2c8b9eeee88283a
dfef17acd62edbc98b1b0f5977ac7f3e4738a92bc1b7561fe7452b8f9f3293dd
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/bonus_3.png HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:08 GMT
Content-Type: image/png
Content-Length: 57266
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: "632acf41-dfb2"
Expires: Sun, 05 Mar 2023 10:28:07 GMT
Cache-Control: max-age=2592000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pdoNc%2Buy4WydRK9gA6bNVdskXgnR8fyBWI21yn0%2By2TnVCCN6ubkaPfmYTXbugw1PV5OwEwYxfVaQwOr3k3vgVuBhps0%2B4JXP5qo2F9jqfFiHKsBCjbi8dV39MucQoqfA22hi1mz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a592c940b31-OSL
alt-svc: h2=":443"; ma=60
money-easilwnr.buzz/assets/favicon.ico
188.114.96.1200 OK 2.1 kB URL HTTP/1.1 money-easilwnr.buzz/assets/favicon.ico
IP 188.114.96.1:0
File type MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data
Hash 94a425202351ffed86ba3ce74b400f3f
6f252a965dc311636496ebfee97deb77559289d8
9499d770110f9762dcab77728714493571be626ac44c27a8899d74604ba99879
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET /assets/favicon.ico HTTP/1.1
Host: money-easilwnr.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://money-easilwnr.buzz/index.php?code=OTQwNTA3MDg4NjJ8fG1vbmV5LWVhc2lseWttYy5idXp6fHw0MDY=
Cookie: loclang=en; pid=94050708862; dldomain=money-easilykmc.buzz; pareaid=406; firstreg=1; Hm_lvt_a711c146eb2a9ed4508f24c2f56c85b5=1675420117; Hm_lpvt_a711c146eb2a9ed4508f24c2f56c85b5=1675420117
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 10:28:08 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 08:45:53 GMT
ETag: W/"632acf41-25be"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BlsWTOxRZDQyFKeOINdD6dEl4deGbk8C70PbwswDM9ze%2B8INpTJTfucWcw%2BWuCGlijQB2uGwy7wJ4omFmq8Fpjn1TcMVc2vqbelOYPlnBkDV3HGF1kwQH%2BvCiSidHbQ4XQCJGWe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 793a7a5ece45b4e8-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60