accesspoint6.matne.ru/$bsdfona@slurpmail.net
104.26.11.176301 Moved Permanently 0 B URL HTTP/1.1 accesspoint6.matne.ru/$bsdfona@slurpmail.net
IP 104.26.11.176:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /$bsdfona@slurpmail.net HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 23 Sep 2022 19:19:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 23 Sep 2022 20:19:52 GMT
Location: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=98G7Be3bIRFhrea3Po9JL1h5M22q3MmOCeLRrTI7474bxlqAmzxxAdiW9dUr7YIwfBQ%2FMxjnuC98GD1q%2B9FT89elmcqgWEmVJkhAxmRnMCFspIdQVVoHX9larW60QLBDOXaN2e9p1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f5a2675906b503-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18216
Expires: Sat, 24 Sep 2022 00:23:28 GMT
Date: Fri, 23 Sep 2022 19:19:52 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
18.165.201.103200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.103:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 19:05:14 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1a6cd18714da9809fa8cb07ad66fd4f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: NQphE2qg8A0zf8XGi6mUr1KI7WaIV_poDLyNLgyTHeUM12Yh3wpAHQ==
Age: 878
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash afb65a07bf7214addf83d17a53acba32
a8e973204431320aa7b362a4e73944520c4b51b9
46e1a9e6c98245afb7fa84bc6d9ba6844105024e2d3f56e28748e6c321475d02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E1A9E6C98245AFB7FA84BC6D9BA6844105024E2D3F56E28748E6C321475D02"
Last-Modified: Wed, 21 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5828
Expires: Fri, 23 Sep 2022 20:57:00 GMT
Date: Fri, 23 Sep 2022 19:19:52 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: NTdFlRUGX9pF8G8GT8Eta2UbRP2uUkXhuyx+ZJSWjurhbiwz3WgmA3fBCDVAKrXhQB5ChM0U5Z6r54tvFZIbbg==
x-amz-request-id: J5Z1PX045GNC2YDF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 23 Sep 2022 18:44:34 GMT
age: 2118
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3a0a2f649cdad49669659ffe0363d899
cb589fda3e2049d9b58bc6d6ba7868e56779f8fe
0f1f33f022da0b3c6df113e9a1f9764aecc3a255131eea79f698966202d5e1a8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "0F1F33F022DA0B3C6DF113E9A1F9764AECC3A255131EEA79F698966202D5E1A8"
Last-Modified: Thu, 22 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18395
Expires: Sat, 24 Sep 2022 00:26:27 GMT
Date: Fri, 23 Sep 2022 19:19:52 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=74f5a269295bb50b
104.26.11.176200 OK 42 B URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=74f5a269295bb50b
IP 104.26.11.176:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=74f5a269295bb50b HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: image/gif
content-length: 42
last-modified: Wed, 21 Sep 2022 17:11:28 GMT
etag: "632b45c0-2a"
server: cloudflare
cf-ray: 74f5a269ca97b50b-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Fri, 23 Sep 2022 21:19:52 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=74f5a269295bb50b
104.26.11.176200 OK 42 B URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=74f5a269295bb50b
IP 104.26.11.176:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=74f5a269295bb50b HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: image/gif
content-length: 42
last-modified: Wed, 21 Sep 2022 17:11:28 GMT
etag: "632b45c0-2a"
server: cloudflare
cf-ray: 74f5a269dab6b50b-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Fri, 23 Sep 2022 21:19:52 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f
104.26.11.176200 OK 52 kB URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f
IP 104.26.11.176:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash bda4640a0dfde515ca7765d37be05f7a
1dea6372d975341047e2bd83fd1b4a9458d5e3a9
825d90e5a7ce0772db544279f9402d193623c07d3f75a41cf4830aabbd9d4b58
Analyzer Verdict Alert fortinet Malware
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
CF-Challenge: e1c44d89c7d7e1f
Content-Length: 1746
Origin: https://accesspoint6.matne.ru
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Cookie: cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_chl_seq_e1c44d89c7d7e1f=IAy6U710B6R7jgV;SameSite=Strict;HttpOnly
cf_chl_gen: 00c37NxRxdlVva0g8xKUJvgjn+0BL712gz6n8bNOxlq7DewnK8noJ81Xp4B/YVKfvw4QiNPoJ6cMBVkFqA77yVYa0nEiJsWbHkIfsFTIsK0d6+08ceUxqr2DN2Ayqxfut0sKmiTCs5M7IwLeZOBr5GHrk11LbnDzjLfqMzQSYe9wxQxC0HbzlFuP3YFetysAZ6ej1fhcGlhYdodL3n7G1FTYXVY73MHGxS9afT0GNQJE8FJ54mr31BfdvxluP+MwXexY8QzRZpo2fbQsc6zZ3EGjLssVCo3zEXvtRypSz/h6LeLiTOiZrWzDwqkBpkaaomZujw0YBFV8ExhlcgvkLg==$o+I3xOArQy/VpQtRuGQ7lQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RFT0B6Art1wPhn8Pupaf%2FhMTsTSC9jt%2BXLRL9zq%2FApae0CTVH8B9oGyA2enn9vi2dK8906xknFYGxcQOuh82CgWwlvo6DdGCWGVIdTuvXt510gq%2Fe0KDm0H6nzmn9Hmv79xV%2BRLpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26aec6ab50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2680
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 19:19:53 GMT
Last-Modified: Fri, 23 Sep 2022 18:35:13 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
accesspoint6.matne.ru/$bsdfona@slurpmail.net
104.26.11.176403 Forbidden 4.6 kB URL HTTP/2 accesspoint6.matne.ru/$bsdfona@slurpmail.net
IP 104.26.11.176:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2126)
Hash 66ecc2c03478c35d9451aaa37dd8035d
aa075a11e21de3feaeac6ecab6d45d630886e52f
c42c18701950dd7d60a8952821a642d29c22cca8046088620c4226bf336e8415
Analyzer Verdict Alert fortinet Malware
GET /$bsdfona@slurpmail.net HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 403 Forbidden
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSwTG2qxOel%2FdaLOtDGG60r0Prsy0cKMBSYZAH8ejWe9HPqjunUYuRx92C%2B280eS79VvFjEIRXKk1F13gEzpxwCdFfpTCvbq2ixlkjt3X4%2BxOWixauNneNmlm3CauQIdCl2h2IATYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f5a269295bb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash fb8236c488fd9e6fd167e83756c4820e
f6c39229ec3236b9eef88198b923785035d41f7c
10d01c21ad626a9f30d289431b07fda820257857fb943c7312e0dd6640b46cb5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3977
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 19:19:54 GMT
Last-Modified: Fri, 23 Sep 2022 18:13:37 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 19:19:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 19:19:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14700
Expires: Fri, 23 Sep 2022 23:24:54 GMT
Date: Fri, 23 Sep 2022 19:19:54 GMT
Connection: keep-alive
accesspoint6.matne.ru/APP-2YQSYP/icox65duoruaqjvowsoous4j6
104.26.11.176200 OK 24 kB URL HTTP/2 accesspoint6.matne.ru/APP-2YQSYP/icox65duoruaqjvowsoous4j6
IP 104.26.11.176:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 68582ca7f6f4e29c258c50b36a1aec25
22ee2432a67d40dc6b19ff6da0aed10978534ced
9623670d273d665cde4082167a4f5c3a43be1753b433af98d2db69e64afaffab
Analyzer Verdict Alert fortinet Malware
GET /APP-2YQSYP/icox65duoruaqjvowsoous4j6 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"19b99-62f2b474-1031d3;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDHQDbs4rMg58uP5OvuwB0h9OC3Ja1cDuc8l78%2F%2BR6VPc8X2TeP%2F2p00pjVgn6J0ijCv2m%2BiSUIqfT%2FXICbGBVupm889TXGyQ1fQVF3ni9LXH6m4PEGrpVOsEe%2FOT6oU%2Fu8ULorP0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a996b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 92Pj9IQp3mBJQOW-XuHSK8laPqXOSBOmNbYcm4hSFzc1xqYscQKxMA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:05:08 GMT
age: 76486
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accesspoint6.matne.ru/boot/ro46uuwqjsj6svooaocxu5dio
104.26.11.176200 OK 23 kB URL HTTP/2 accesspoint6.matne.ru/boot/ro46uuwqjsj6svooaocxu5dio
IP 104.26.11.176:0
File type ASCII text, with very long lines (50758)
Hash 8c3542a30700c34f0908741fa3785912
9d3db8cd2c5d4e2ff1de7fde92f60006e7f9d4d0
b640dee466394f9c9e4715c0b26486fa9aefb254907ad3535cc6abba297d0b03
Analyzer Verdict Alert fortinet Malware
GET /boot/ro46uuwqjsj6svooaocxu5dio HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/x-javascript
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"c75f-62f2b474-1031e9;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJ9yS3lukHEULRzQxR52wMaS8Gme3wcRIoDNcCw4YqiwgR2mdDHMiLkg2QN6zJaweoSc0%2F35De9iZzFjguV%2FIHNmQa9q0jVOHmhtbLzvMK2HrnSRY3Jx0g9z4NRhnMveo97KdD1%2FVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a9a1b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KKYAef15NoI3It5UfVcqhPx50Fr6IK7O2VFasuAILVN9PP8CH1_7Ng==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:58:25 GMT
age: 76889
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5ur411n5hU7eWb68iExZCUrhpCybRyTBHCi72ra8dS2kd3UhW8sb1A==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:59:00 GMT
age: 76854
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:04:45 GMT
age: 76509
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accesspoint6.matne.ru/PS-632e06da327e2
104.26.11.176200 OK 5.2 kB URL HTTP/2 accesspoint6.matne.ru/PS-632e06da327e2
IP 104.26.11.176:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (9497)
Hash b5f4ddd2bf5909a31d261aeb4cbd4c23
ccf568a6ed33248842f9c1d8bdc2ac63f947a574
197a3602ab785a68fa0b7b67d025e0baf4018112270971018ed99e8812e90480
Analyzer Verdict Alert fortinet Malware
GET /PS-632e06da327e2 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Connection: keep-alive
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O8T%2BRHfj4t14Ib4yo6CeATApCocHBLZk3391jaJ1vGz5axvrcXTB0NXObuqcRfbD1MX%2FJHfU9EnOr8sbUr3NCqil2HjR%2Fun8L%2FeBcQs0r%2BqCvjWgjOYtw05jS9vMzG85BXv3C70ejg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a27408d9b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/ASSETS/img/BIMG-632e06db42d7f.css
104.26.11.176200 OK 306 kB URL HTTP/2 accesspoint6.matne.ru/ASSETS/img/BIMG-632e06db42d7f.css
IP 104.26.11.176:0
File type PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced\012- data
Size 306 kB (306493 bytes)
Hash 7d07c247e8dfd5bfaf9a7169b5c402bd
392cc7836ca5418f3e65cc67f5680b2a359399dc
345f500582fb5cfc20df5426c6b54bb0bcaa62eb0249a4a661dc9716a9edc006
GET /ASSETS/img/BIMG-632e06db42d7f.css HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:55 GMT
content-type: image/png
content-length: 306493
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:55 GMT
etag: "4ad3d-62f2b474-1031de;;;"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkSXbPKoKaNQ6tKD8fPIV%2Fx%2BSpIKH5RISiTI9Xv9VHwHgKDgOVqRvHShycWpM5U8ah%2BQ8%2BWgixmSTS3xT1MEwrOJdHAe0zJ1SqmgK7%2FMTnwlcR%2BLdh1SeB%2BiJpZkGHf5ECjAOC7mjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f5a27ab97bb50b-OSL
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ec986e3-2bce-4ded-85eb-e88df9893a30.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ec986e3-2bce-4ded-85eb-e88df9893a30.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ff021fa15adb0d3a24158bc00cf0980a
265d3e98bcbf5f14f214102279a7911d6fd64048
211d709fb1851a62f856a78e3b115ef816f78ab9a28f870d48fa3d1912eac16a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ec986e3-2bce-4ded-85eb-e88df9893a30.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6505
x-amzn-requestid: bc9cc556-8897-4484-ac07-f18e4f5250ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YvrfiFl4oAMF_Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63295930-7a627b7d7683919e41ca599b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 06:09:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UNlx91pOuttpN-IrQs_g-PRI8C_NmZDKdnOpfayCJ719fa6FwnOIGg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 02:01:19 GMT
age: 62322
etag: "265d3e98bcbf5f14f214102279a7911d6fd64048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/img/74f5a269295bb50b/1663960792807/TA9bD9_Jrf61LLc
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/img/74f5a269295bb50b/1663960792807/TA9bD9_Jrf61LLc
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/img/74f5a269295bb50b/1663960792807/TA9bD9_Jrf61LLc HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Cookie: cf_chl_prog=e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:53 GMT
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mz9HuuQoTJF0g%2BSwL%2BeMFvjayy%2FRknkhuP1LFCbdDH2Ig9DQ5%2BKIjoIPkdKE2fsI0EK5AgCH5eGXfI%2F%2Fa0UgHIrJ%2BNSYLFz%2FzQWfzSBDftnoyY2GPx3dj4CWbv8TF%2FvvkmoIFWhuHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26e1874b50b-OSL
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/pat/74f5a269295bb50b/1663960792803/0b0349f85f8a051a3d2f8a5516f16197a8556aebfd08be9cb0c11992df7a2117/JAtVljIyaJ6WSm3
104.26.11.176401 Unauthorized 0 B URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/pat/74f5a269295bb50b/1663960792803/0b0349f85f8a051a3d2f8a5516f16197a8556aebfd08be9cb0c11992df7a2117/JAtVljIyaJ6WSm3
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/pat/74f5a269295bb50b/1663960792803/0b0349f85f8a051a3d2f8a5516f16197a8556aebfd08be9cb0c11992df7a2117/JAtVljIyaJ6WSm3 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Connection: keep-alive
Cookie: cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 401 Unauthorized
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gCwNJ-F-KBRo9L4pVFvFhl6hVauv9CL6csMEZkt96IRcAFWFjY2Vzc3BvaW50Ni5tYXRuZS5ydQ==, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwuF3DfvFtkJqjuYhFPyDcsSB0ADWCJB1v5RT6Pxa2HdLu8baURg1Qjq4BLGRSE_9BKy-5zjLyqApqRm8Me-zZqZ0BjHm2a4IrE-SJR_IxIIKaiy-w5gANKs52QR9eW5afkQk3shg9ui6L7ERidJvD8O_M_FAWa3bgHKnnb-_uAIH4JV6wJnWVzZconzSPggQxJnhcKxJwHeCKoTVjdTEe8y8F92OsJ1_Fs_CHQcshabuN5YhCuzbMZTzly3a5r9uYii1fpXbbNoUKojCNfgTsKCIbKwDorjuMXGTM4zlmS_4neR9kzfNF6neysL7B4WOrQeqx7hUhyYvzDx7vaqFyQIDAQAB, max-age=15
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5fgepTvb966Ge2K8ne3jvSgJSLdVajtHaZIfBLiQ0gKUqTgw4Z8fm9kbGAZH0%2FQzRGtoynaDAQuJwTrY6azf8lmumeMCcCGfNptyqKboNYorOkfo8OeQ1%2BBmaAtIzh6vsdzMNcbqZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26b5d18b50b-OSL
X-Firefox-Spdy: h2
unpkg.com/axios@0.27.2/dist/axios.min.js
104.16.124.175200 OK 0 B URL HTTP/2 unpkg.com/axios@0.27.2/dist/axios.min.js
IP 104.16.124.175:0
GET /axios@0.27.2/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accesspoint6.matne.ru/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"511b-FCNxITHKHBRxCXquG/QTMqrMtJE"
via: 1.1 fly.io
fly-request-id: 01G4XGYHQSNPAHCE8P0B1F0WCG-fra
cf-cache-status: HIT
age: 9407536
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f5a274ef43b4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/jq/ujcojsx5soqdwoioar646ouuv
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/jq/ujcojsx5soqdwoioar646ouuv
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
GET /jq/ujcojsx5soqdwoioar646ouuv HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/x-javascript
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"14e4a-62f2b474-1031eb;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lllyfcLde%2FAytM%2FEYI2DaF5z219gx1iALN%2FvtPDBY%2Bot7fwdRvELQzrj6WCfXGatJiE0LbWLxie86WElwLXdqd03VtEXUcSN6axMouYcc1gb509%2FvfUvL1G8azFS6Dy8g%2FfkD2WFfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a99eb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/api-6xiso4uro5qjovcwsouojau6d?email=bsdfona@slurpmail.net&data=background
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/api-6xiso4uro5qjovcwsouojau6d?email=bsdfona@slurpmail.net&data=background
IP 104.26.11.176:0
GET /api-6xiso4uro5qjovcwsouojau6d?email=bsdfona@slurpmail.net&data=background HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:55 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kz9rK%2BDMVaf98a2GDuGtE3bpnF1nCHm06AIrFbDfbZ9oKnHf1mR6DM8FGEoNER4JFESii0wD3gXvBxsrOz8tfW%2FkjuG1gQXA%2Fm1pYrMVrNqU1MbUA3nyWPv8dqWKs7zJLaTaENbV8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2765bccb50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
104.18.19.132200 OK 0 B URL HTTP/2 cloudflare.hcaptcha.com/1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload
IP 104.18.19.132:0
GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1
Host: cloudflare.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: application/javascript
cf-ray: 74f5a26a5d290b31-OSL
access-control-allow-origin: *
age: 0
cache-control: max-age=120
etag: W/"84729783ded6e9166650d2e40d1556b2"
last-modified: Thu, 11 Aug 2022 21:59:15 GMT
strict-transport-security: max-age=0
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-id: 10g5RVqLpYkU0aa-3kxGh5TDyliupy3A-DXslF07tUxdkEnx8Zz81g==
x-amz-cf-pop: OSL50-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2
accesspoint6.matne.ru/o/oo6uvxcsajuq64wd5jiuoosro
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/o/oo6uvxcsajuq64wd5jiuoosro
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
GET /o/oo6uvxcsajuq64wd5jiuoosro HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: image/svg+xml
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"e43-62f2b474-1031e2;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sJ4bmdvR8FZYHz0ov%2ByGmjbrXIF49odme3Q9W0fMeBA60mz55%2FVRUcHNJMzUAjn1Hm0z1RtePHTS%2F%2Fl6GPwM9NjirJR%2FvNlxKFOhMREkVbvUUa%2F217TtgJAlEUk8ymSHnnUv3UtqtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274a998b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/api-oo6o4uisocuarujvdo6s5xwqj?email=bsdfona@slurpmail.net&data=logo
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/api-oo6o4uisocuarujvdo6s5xwqj?email=bsdfona@slurpmail.net&data=logo
IP 104.26.11.176:0
GET /api-oo6o4uisocuarujvdo6s5xwqj?email=bsdfona@slurpmail.net&data=logo HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zjbzu4anhso4sOr4s7YqsVGtZoXJ%2FNJirN0Dd2voXFgeGH9N%2FdyO5LLYeHMTGXZAx7%2B2TIn5ffkvqXzvp0IKIx0ZeDs7CdIRgJx2oJBY892bSx%2F6hqQscLg9lVCfORN1%2B614VGN2bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2764bc8b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/jm/uos6uqcvxsao6jwo4ojod5rui
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/jm/uos6uqcvxsao6jwo4ojod5rui
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
GET /jm/uos6uqcvxsao6jwo4ojod5rui HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/PS-632e06da327e2
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/x-javascript
cache-control: public, max-age=604800
expires: Fri, 30 Sep 2022 19:19:54 GMT
etag: W/"eb5-62f2b474-1031e7;gz"
last-modified: Tue, 09 Aug 2022 19:24:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TTihPhvLVR%2FD8ABmGhVCB3o785tSmWgvobGzcYSfT1%2BuQo%2BW8GMhjygBvm28gcOQRIsqqpq4DV9wCUuW0vhpyDCGBQ0WYKeMm5hWV7ctgDXdzh%2BcAPD3svKod4xCqS3N%2BjufoT8yQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a274b9a8b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/$bsdfona@slurpmail.net
104.26.11.176302 Found 0 B URL HTTP/2 accesspoint6.matne.ru/$bsdfona@slurpmail.net
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
POST /$bsdfona@slurpmail.net HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 3116
Origin: https://accesspoint6.matne.ru
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/html; charset=UTF-8
location: ./PS-632e06da327e2
set-cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; path=/; expires=Sat, 23-Sep-23 20:19:53 GMT; domain=.matne.ru; HttpOnly; Secure; SameSite=None
PHPSESSID=ku524bvckf9in88vmi0ti28q06; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F4h3bvVspk9ONlHVpQoCT5jPkPp6ponXgt4Yszn6q44P9IVxRFPypIW1%2FvzXSN8wLR895eItHsaETj0os1b3nbkfqvyeoSxAarHfHLfEb58wkGu7zuaeeG9Sjp5cN6Ic6u5ES265Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2707b82b50b-OSL
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=74f5a269295bb50b HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_rt_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49OFe8PCtwUOGoRU0o92iMKWIRKjbLAEpwyJR8kHhYLZvId7sBzHWxzuVLhWauzXQDa5dU4ehJh4msbKEjApxFUUzuW4G3sir3CHaQ%2FTXAB1xGEaWjwaovnKEG6I%2BhS8mwGJou66zg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a269dab1b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/favicon.ico
104.26.11.176403 Forbidden 0 B URL HTTP/2 accesspoint6.matne.ru/favicon.ico
IP 104.26.11.176:0
GET /favicon.ico HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net?__cf_chl_rt_tk=LtVB15fPavN4RDpyZ5AydMNYoIEL6rFsQ0NO9B9Foc0-1663960792-0-gaNycGzNCCU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 403 Forbidden
date: Fri, 23 Sep 2022 19:19:52 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C6riX8mhWHqoX6aJbyLchTdGjl%2F7E4ayDRLquLKyyKvgyWYQnMWqy%2FxyCSQ4QGmOMSFHH0p40MPQQnoPYGAqrvIeF2PtWIJEN2fIjdXsdmCJEJzQiVH7BejQRqmCO%2F14MaTc8KMpBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f5a26a1b23b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/0.035844151514579294:1663960056:39N0F-pCu1sn1OaZyDIlW8Y8dbMVk3Ykvhfw8o3tFAk/74f5a269295bb50b/e1c44d89c7d7e1f HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
CF-Challenge: e1c44d89c7d7e1f
Content-Length: 15784
Origin: https://accesspoint6.matne.ru
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/$bsdfona@slurpmail.net
Cookie: cf_chl_seq_e1c44d89c7d7e1f=IAy6U710B6R7jgV; cf_chl_prog=e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:53 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_chl_rc_m=;Expires=Thu, 22 Sep 2022 19:19:53 GMT;SameSite=Strict
cf_chl_out: JVMuAqHSznKUlur0hfJKLaMedFNVWXaoYE2ypbURDyf/ul99RA90HLIFp8JVUCehYb6f6I4BoPeY88lTh9bQqQ==$rw/vhOzGOjdvpVQoHK2zlg==
cf_chl_out_s: hOxTdadTwIbV11L6gzFL+zJkRlLaPOodk50WfHuNzZFwpD1KdhGQd0KzZTatSEhDYiiEuuJrT8KU1etxc/UDtA==$J3VMUzaKpUssIrUb6SSLAA==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMOx43R6CkgajA2iEXIKPKc68n5l6up4Gf5z9Dn1ZowUCegRFkrcbPPLxrQDcT13MisDwA3G%2B4Z5C5Rzs5N4KynqEZlDkOUNVq%2Bmah%2Fmi5kFI2N0P4C62%2FfuwoS%2B44%2BYO4wcXN5oIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a26e893ab50b-OSL
content-encoding: br
X-Firefox-Spdy: h2
unpkg.com/axios/dist/axios.min.js
104.16.124.175302 Found 0 B URL HTTP/2 unpkg.com/axios/dist/axios.min.js
IP 104.16.124.175:0
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accesspoint6.matne.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@0.27.2/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GDNW5SZGNP11TZCQYZM0TDFZ-ams
cf-cache-status: HIT
age: 515
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74f5a274df1bb4fa-OSL
X-Firefox-Spdy: h2
accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663948800
104.26.11.176200 OK 0 B URL HTTP/2 accesspoint6.matne.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663948800
IP 104.26.11.176:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1663948800 HTTP/1.1
Host: accesspoint6.matne.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: cf_clearance=hbgkiCz6vpwseGQU0rhqpEh9yXt9491CnNSU2pveQvc-1663960793-0-150; PHPSESSID=ku524bvckf9in88vmi0ti28q06
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 19:19:54 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
vary: accept-encoding
x-control-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wc%2FaXyeLb1Eu3DuC%2Ft6PaZlaxPXaFxxNhzpx84eYVzkcYX2gElutwkGFx%2F8LUuda0tn1MsecmE2hIcK8ejr7lfIYidbec6TIFUODksZP5hbSqT9l9N%2BW00p5bk19uYvGREPyLIJoug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f5a2766bdab50b-OSL
content-encoding: br
X-Firefox-Spdy: h2