ww16.km1.ga/
7.0 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10263)
Hash 8661b587f96003216c63f456adc03da3
78af170b6ddc7f02ae6b2c1a8b8297df53dd9ec5
895830333c50c9ba27f706d1161eae05456f0fd6a4b3f76a6cf6e979857c7b1b
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET / HTTP/1.1
Host: ww16.km1.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Fri, 01 Dec 2023 05:05:44 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_N9cLGfrJ7jBHu6ADppFRTxXIJCUmkAI3dsZwwHHOvd6B/7U2NQBpnxHEWLDZIiMviACIzz6+ao5wYfI/AAAWSw==
last-modified: Fri, 01 Dec 2023 05:05:44 GMT
x-cache-miss-from: parking-698fb476bf-mbx66
server: NginX
content-encoding: gzip
ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
7.0 kB URL User Request GET ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10263)
Hash 09ed8d878363fb98b981ebf03e6492b4
32c55290b1c53efc4383412eafe64255dc5b8498
963641bcb64b32e97148cde92336024b2013bf1ace7305e9698d7f131e08c192
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /?sub1=20231201-1605-1342-9cc2-ad1a9ed10317 HTTP/1.1
Host: ww16.km1.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Fri, 01 Dec 2023 05:05:45 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_qHPOH/sDuaVcBAc/LfQ9/hDXKun6YnCOXBdJPwcsYF+71DAdlNDoOwXvhdLwfoRUKIFkFrDIf6eAUth/rzgKtg==
last-modified: Fri, 01 Dec 2023 05:05:44 GMT
x-cache-miss-from: parking-698fb476bf-lvhcl
server: NginX
content-encoding: gzip
img.sedoparking.com/templates/bg/arrows.png
200 OK 13 kB URL GET HTTP/1.1 img.sedoparking.com/templates/bg/arrows.png
IP
Requested by http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
File type PNG image data, 426 x 475, 8-bit/color RGBA, non-interlaced\012- data
Hash 6dc0bad9aa452ff871b282dabd47131e
01411e6726e033240caa3926141a6adbc18a2d73
3059fbd6cd3550047483dca4071c93e5cf4cc79ce8bafc4388166fbc5279644b
GET /templates/bg/arrows.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.km1.ga/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 05:05:45 GMT
Content-Type: image/png
Content-Length: 12642
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Fri, 08 Dec 2023 05:05:45 GMT
X-CFHash: "6dc0bad9aa452ff871b282dabd47131e"
X-CFF: B
Last-Modified: Mon, 11 Oct 2021 05:39:44 GMT
X-CF3: H
CF4Age: 0
x-cf-tsc: 1700056312
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 49b9bee2db1c575334c3bb5e90c5ee46
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
www.google.com/adsense/domains/caf.js
200 OK 54 kB URL GET HTTP/3 www.google.com/adsense/domains/caf.js
IP
Requested by https://www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0019%2Cexp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.km1.ga%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0MDcxNDUmdGNpZD13dzE2LmttMS5nYTY1Njk2OWE4ZjJlM2I0LjI1NjIzMzEyJnRhc2s9c2VhcmNoJmRvbWFpbj1rbTEuZ2EmYV9pZD0zJnNlc3Npb249TF93RFlOREM3R055Mktod01FXy0%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301157&format=r3%7Cs&nocache=9871701407149904&num=0&output=afd_ads&domain_name=ww16.km1.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701407149917&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=579967862&uio=--&cont=rb-default&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww16.km1.ga%2F%3Fsub1%3D20231201-1605-1342-9cc2-ad1a9ed10317
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type ASCII text, with very long lines (1888)
Hash c86c47042de1793f2a3da0eb723c1adc
533a39138c249689f439cbfc0f3bcb5284fba67d
b5e16c003b2b2706c4c2c65d559b9a55351fd37716c969a2b50fe8afb93b4fa6
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.km1.ga/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Fri, 01 Dec 2023 05:05:45 GMT
Expires: Fri, 01 Dec 2023 05:05:45 GMT
Cache-Control: private, max-age=3600
ETag: "9734699286587705072"
X-Content-Type-Options: nosniff
Link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
ww16.km1.ga/search/tsc.php?200=NTQxMzk0Mzg2&21=OTEuOTAuNDIuMTU0&681=MTcwMTQwNzE0NTQyYTMzNTA0ZTExNjc0OGUxYjY2NDllNTk3OTU0MDkz&crc=a7f5f12345c8d951278fa97d06b849664a6ccf77&cv=1
200 OK 0 B URL GET HTTP/1.1 ww16.km1.ga/search/tsc.php?200=NTQxMzk0Mzg2&21=OTEuOTAuNDIuMTU0&681=MTcwMTQwNzE0NTQyYTMzNTA0ZTExNjc0OGUxYjY2NDllNTk3OTU0MDkz&crc=a7f5f12345c8d951278fa97d06b849664a6ccf77&cv=1
IP
Requested by http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /search/tsc.php?200=NTQxMzk0Mzg2&21=OTEuOTAuNDIuMTU0&681=MTcwMTQwNzE0NTQyYTMzNTA0ZTExNjc0OGUxYjY2NDllNTk3OTU0MDkz&crc=a7f5f12345c8d951278fa97d06b849664a6ccf77&cv=1 HTTP/1.1
Host: ww16.km1.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
date: Fri, 01 Dec 2023 05:05:45 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.17
x-cache-miss-from: parking-698fb476bf-xqxcz
server: NginX
img.sedoparking.com/templates/logos/sedo_logo.png
200 OK 15 kB URL GET HTTP/1.1 img.sedoparking.com/templates/logos/sedo_logo.png
IP
Requested by http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash def00c11b1596db4efee6a9fbe64fc27
bd298981e6d8d7e4ffa18abcf687041f4246672d
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4
GET /templates/logos/sedo_logo.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.km1.ga/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 05:05:45 GMT
Content-Type: image/png
Content-Length: 15086
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Fri, 08 Dec 2023 05:05:45 GMT
X-CFHash: "def00c11b1596db4efee6a9fbe64fc27"
X-CFF: B
Last-Modified: Mon, 11 Jan 2021 07:44:34 GMT
X-CF3: H
CF4Age: 0
x-cf-tsc: 1700056313
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 90d1429f863a06bc98516978c1ab252a
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
www.google.com/afs/ads/i/iframe.html
200 OK 728 B URL GET HTTP/2 www.google.com/afs/ads/i/iframe.html
IP
Requested by http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1559)
Hash 7746f16672583b404ea8466227f54d6b
10f2545423a781d234eb0f8a3acc9fe1fa82e629
975b7167919baa4001b295ed151530794245ab1ec697c82c345145a03b778c39
GET /afs/ads/i/iframe.html HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww16.km1.ga/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-JnxIg7F_HQoxbyUktnW7_w' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui; base-uri 'none'
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-length: 728
date: Fri, 01 Dec 2023 05:05:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Tue, 14 Nov 2023 07:00:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0019%2Cexp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.km1.ga%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0MDcxNDUmdGNpZD13dzE2LmttMS5nYTY1Njk2OWE4ZjJlM2I0LjI1NjIzMzEyJnRhc2s9c2VhcmNoJmRvbWFpbj1rbTEuZ2EmYV9pZD0zJnNlc3Npb249TF93RFlOREM3R055Mktod01FXy0%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301157&format=r3%7Cs&nocache=9871701407149904&num=0&output=afd_ads&domain_name=ww16.km1.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701407149917&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=579967862&uio=--&cont=rb-default&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww16.km1.ga%2F%3Fsub1%3D20231201-1605-1342-9cc2-ad1a9ed10317
200 OK 587 B URL GET HTTP/2 www.google.com/afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0019%2Cexp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.km1.ga%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0MDcxNDUmdGNpZD13dzE2LmttMS5nYTY1Njk2OWE4ZjJlM2I0LjI1NjIzMzEyJnRhc2s9c2VhcmNoJmRvbWFpbj1rbTEuZ2EmYV9pZD0zJnNlc3Npb249TF93RFlOREM3R055Mktod01FXy0%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301157&format=r3%7Cs&nocache=9871701407149904&num=0&output=afd_ads&domain_name=ww16.km1.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701407149917&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=579967862&uio=--&cont=rb-default&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww16.km1.ga%2F%3Fsub1%3D20231201-1605-1342-9cc2-ad1a9ed10317
IP
Requested by http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (643)
Hash 29ec66c2e1da5f7152bb5bc54507c1c5
f7af530b4654e18b33ac3624d2afae93aec02760
6eb11dfef239f8b6998b4aebc50f9b46ec5b6c5d0b2887dd2c79e64aa327d202
GET /afs/ads?adsafe=low&adtest=off&psid=9618345430&channel=exp-0019%2Cexp-0051%2Cauxa-control-1%2C445328&client=dp-sedo92_3ph&r=m&hl=no&rpbu=http%3A%2F%2Fww16.km1.ga%2Fcaf%2F%3Fses%3DY3JlPTE3MDE0MDcxNDUmdGNpZD13dzE2LmttMS5nYTY1Njk2OWE4ZjJlM2I0LjI1NjIzMzEyJnRhc2s9c2VhcmNoJmRvbWFpbj1rbTEuZ2EmYV9pZD0zJnNlc3Npb249TF93RFlOREM3R055Mktod01FXy0%3D&type=3&uiopt=false&swp=as-drid-2777688820344496&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301157&format=r3%7Cs&nocache=9871701407149904&num=0&output=afd_ads&domain_name=ww16.km1.ga&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1701407149917&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=944&frm=0&cl=579967862&uio=--&cont=rb-default&jsid=caf&jsv=579967862&rurl=http%3A%2F%2Fww16.km1.ga%2F%3Fsub1%3D20231201-1605-1342-9cc2-ad1a9ed10317 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ww16.km1.ga/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Fri, 01 Dec 2023 05:05:45 GMT
expires: Fri, 01 Dec 2023 05:05:45 GMT
cache-control: private, max-age=3600
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-LqNI6cO8_KyagooRL-JUEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 587
x-xss-protection: 0
set-cookie: CONSENT=PENDING+492; expires=Sun, 30-Nov-2025 05:05:45 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ww16.km1.ga/search/fb.php?ses=833c92cd7d210d00017014071456103722d9cfb8ac&ec=23
403 Forbidden 82 B URL GET HTTP/1.1 ww16.km1.ga/search/fb.php?ses=833c92cd7d210d00017014071456103722d9cfb8ac&ec=23
IP
Requested by http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
File type exported SGML document, ASCII text
Hash b8c4d1fac45db0a65d6b29a24cd03b98
cbfef348d832c6f9314bcf2d769134de3f780bdf
6b83ac6820cafb971566055f48729373b4be5a9743eb6bbc12b40fc568d2f9c3
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /search/fb.php?ses=833c92cd7d210d00017014071456103722d9cfb8ac&ec=23 HTTP/1.1
Host: ww16.km1.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ww16.km1.ga/?sub1=20231201-1605-1342-9cc2-ad1a9ed10317
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
date: Fri, 01 Dec 2023 05:05:45 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.17
x-cache-miss-from: parking-698fb476bf-6x2qm
server: NginX
content-encoding: gzip
64.190.63.136
142.250.74.164