| 2ch.life/gg/res/1858482.html |  104.21.235.78 | 403 Forbidden | 4.1 kB |
URL User Request GET HTTP/32ch.life/gg/res/1858482.html IP104.21.235.78:443
CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeHTML document, ASCII text, with very long lines (6328), with no line terminators Hash4910681bde4bab563db67cea1c6f6cf2 6c619af69d7329f6c3fce9e208f5303ecf0079d5 341bbd9fb57b6755d0e02a1f496557fbcf980423b7deb5439d070dc0f548ba28
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /gg/res/1858482.html HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 27 Nov 2024 22:53:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Content-Options: nosniff
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: egmWdOnDDRUpqHEKGihPK6TiiaQ3g19CwbxL8lE+S1De3K4+vsJtGvRnYKPF0UDRpgKnmJXID/lzJI0olZG1kO8lU+Da0T3fVibgXIvQ87Hpi3dGYoZGhoLiLYQL3/7fQSbIo7Jew6bqJ6Dn9WjAWw==$QdMhhqv+E1ioCBUKBxc18Q==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2BIkQ9B6eOaQuMNi%2B9qgfRhVTFad%2F4wioLu0zhoxNsos3%2BRlewnDayP6dndpwzPFcFPZaa9BoTQW7xFUIB%2FUhhuEUw9V2oFWCu4RWmYhbxOZUYXRAkp9xUUonQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8e95b27cbbd99401-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=19007&min_rtt=19007&rtt_var=9503&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=400&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| 2ch.life/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8e95b27cbbd99401 | 104.21.235.78 | 200 OK | 36 kB |
URL 2ch.life/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8e95b27cbbd99401 IP104.21.235.78:0
CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash07ddeb3388b2d674f4ac0fa740cd3e35 27242f44a1ff580a8fdab122d4edcc8b7ea8f90a ab9fc004a1173643fbc7b7192734bc8e58814c65cf55081eb160e2ea878b7582
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8e95b27cbbd99401 HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://2ch.life/gg/res/1858482.html?__cf_chl_rt_tk=PJshKmmsQ7Aj1yaFTF.Vn5CG2zTnXqdP.EeLE8s76tA-1732748036-1.0.1.1-Qaj43jcTYTOct59dSrLVBEKo1F_On6.BEpB3hEZQLU0
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 27 Nov 2024 22:53:56 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3JTh%2FQEH%2FYxsHLsq2wOwrQa%2BMHUWhcfQAX%2F8Dvy5VGxeO2a3ismlxiyn0CzIjfqwa4Dq3xBxyMPhbupeLmc3izym7MV6gNOtz7PBqCsHoXC7R9VUlTnG6TTuTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8e95b27f0b929544-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=20245&min_rtt=20245&rtt_var=10122&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=512&delivery_rate=0&cwnd=85&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| 2ch.life/favicon.ico | 104.21.235.78 | 302 Moved Temporarily | 138 B |
IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain | | suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /favicon.ico HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://2ch.life/gg/res/1858482.html?__cf_chl_rt_tk=PJshKmmsQ7Aj1yaFTF.Vn5CG2zTnXqdP.EeLE8s76tA-1732748036-1.0.1.1-Qaj43jcTYTOct59dSrLVBEKo1F_On6.BEpB3hEZQLU0
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Wed, 27 Nov 2024 22:53:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://2ch.life/favicon.ico
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wzuA8lBRoIiscGErULl0O9RasW6%2F1gwz01wxdkzOs25KyofM3LX%2Bbe8TP4jv8vKAd6EEhVN2Vr1oc895ESC9G41gfwv2Wbs8GrRMVV6xMPnPfMqiHnQc76uusA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8e95b27f5bec9544-LHR
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=20937&min_rtt=20245&rtt_var=507&sent=31&recv=22&lost=0&retrans=0&sent_bytes=37333&recv_bytes=982&delivery_rate=1735995&cwnd=104&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| 2ch.life/cdn-cgi/challenge-platform/h/b/flow/ov1/2120938374:1732745687:hGHqZQlCVk_rtUsJKKFgPPQ5yhfCmONoI0V86WAQ95E/8e95b27cbbd99401/zp2nhei3yWKdiLefryFWtJZIx_756B6E.a97HOc7r_w-1732748036-1.2.1.1-qQEJyRdtCIrjR0pQe7fckQnpKCLxi8thyJYMLvt09I0Wpu2t4fyVtCIKyRrRPGu5 | 104.21.235.78 | 200 OK | 8.8 kB |
URL 2ch.life/cdn-cgi/challenge-platform/h/b/flow/ov1/2120938374:1732745687:hGHqZQlCVk_rtUsJKKFgPPQ5yhfCmONoI0V86WAQ95E/8e95b27cbbd99401/zp2nhei3yWKdiLefryFWtJZIx_756B6E.a97HOc7r_w-1732748036-1.2.1.1-qQEJyRdtCIrjR0pQe7fckQnpKCLxi8thyJYMLvt09I0Wpu2t4fyVtCIKyRrRPGu5 IP104.21.235.78:0
CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeASCII text, with very long lines (13268), with no line terminators Hash6eb1ede21d5ae9277b95c4bb87eb1a2f 44694dd013d3b1c9f57ea86145bfd355925644f1 1e6e2777dd3189d75515513507c2a3562641d1afa8dd7ebb1ebe9f5c67b0760f
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2120938374:1732745687:hGHqZQlCVk_rtUsJKKFgPPQ5yhfCmONoI0V86WAQ95E/8e95b27cbbd99401/zp2nhei3yWKdiLefryFWtJZIx_756B6E.a97HOc7r_w-1732748036-1.2.1.1-qQEJyRdtCIrjR0pQe7fckQnpKCLxi8thyJYMLvt09I0Wpu2t4fyVtCIKyRrRPGu5 HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://2ch.life/gg/res/1858482.html
Content-type: application/x-www-form-urlencoded
CF-Challenge: zp2nhei3yWKdiLefryFWtJZIx_756B6E.a97HOc7r_w-1732748036-1.2.1.1-qQEJyRdtCIrjR0pQe7fckQnpKCLxi8thyJYMLvt09I0Wpu2t4fyVtCIKyRrRPGu5
CF-Chl-RetryAttempt: 0
Content-Length: 3153
Origin: http://2ch.life
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 27 Nov 2024 22:53:57 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: RkPxHyn2sNLoyXviE0LamBB6FSLOfVA0+MgF86s6XPUPbC6LnVtihN8X48KAfzDSiWfglpPuqog=$eYxsmHcv2pqXQH/Z
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ZLmmxNowQuliQgMMRVxvSI7xIQ0X8sga8ZDeYg89L8a0nJMWIlPpg38e9Mar5mqZsFQvPiTXNQxkG2iuY3uU2KrXzA0%2FR11D55B0QvAFzh7Hp5GItUxNSl%2FZA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8e95b280cd08956b-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=19390&min_rtt=19390&rtt_var=9695&sent=3&recv=5&lost=0&retrans=0&sent_bytes=0&recv_bytes=3982&delivery_rate=0&cwnd=110&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| 2ch.life/favicon.ico | 104.21.235.78 | 302 Moved Temporarily | 138 B |
IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain | | suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /favicon.ico HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://2ch.life/gg/res/1858482.html
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Wed, 27 Nov 2024 22:53:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://2ch.life/favicon.ico
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YRNdz1fbeASWRyqNx3HZE7XhSUt7ohNoBPfDFy2u1BBXhbldlL5PipxvXtWzv%2FPTyphpTv7Nw0IUtaTavnvUushRctOsD7yw02aAJFrYeYBbx1ukjIPReHztJw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8e95b27fbbc577b1-LHR
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=19953&min_rtt=19953&rtt_var=9976&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=348&delivery_rate=0&cwnd=99&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1 | 104.18.95.41 | 200 OK | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1 IP104.18.95.41:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zifcf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:53:57 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8e95b282cc7a5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e95b2813a715690&lang=auto | 104.18.95.41 | 200 OK | 102 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e95b2813a715690&lang=auto IP104.18.95.41:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size102 kB (101875 bytes) Hashaa44d4f42494c5c24ff815350a5b102e 345155fe5ccbebdb9287c6054f7a19b0afae18fa 8eabae5d083ade6383563bdfdc40510e49695f939f33074d341413d23dfb5738
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8e95b2813a715690&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zifcf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:53:57 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8e95b282cc825690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e95b2813a715690/1732748037937/QpYdQGDGVZA3psL | 104.18.95.41 | 200 OK | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e95b2813a715690/1732748037937/QpYdQGDGVZA3psL IP104.18.95.41:0
File typePNG image data, 62 x 69, 8-bit/color RGB, non-interlaced Hashb362ae60b2a07ed6ee4d38b3ee048939 a2cdc4bba5bc311a58fb18091a2d3eea53a53abc 4633a8f725703f681658ccae59fbe003dd789381891029d73e3b576dbf70262f
GET /cdn-cgi/challenge-platform/h/b/i/8e95b2813a715690/1732748037937/QpYdQGDGVZA3psL HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zifcf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:53:59 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8e95b28e3b7f5690-OSL
alt-svc: h3=":443"; ma=86400
|
|
| 2ch.life/favicon.ico | 104.21.235.78 | 200 OK | 469 B |
IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hashd669592d2eb344163527af8bd810c74d 85f66567d793d3e7cb7357bafd2061530d1fa6c6 529e5ae57c6e308f078445086c156466350f0d3156eab84fc0bbab3df6f2ea6e
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain | | suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /favicon.ico HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 27 Nov 2024 22:53:57 GMT
content-type: image/x-icon
last-modified: Thu, 04 Aug 2022 21:25:08 GMT
etag: W/"62ec3934-47e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=14400
cf-cache-status: HIT
age: 2680
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N8RzABIr6ccuOJlI6ob0PCCRGTF%2FuME2sv25zZbQf9qDiywUL7WJoU%2BN207erPp6xFms7Tf0WvttyG9gkJIdVYc%2FCWuKpqApWezP9SI9N5D4uCCPFKhAHVVGgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e95b28268ec412d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20855&min_rtt=19141&rtt_var=5832&sent=9&recv=10&lost=0&retrans=0&sent_bytes=4536&recv_bytes=1214&delivery_rate=226568&cwnd=83&unsent_bytes=0&cid=d85515339fa3f51d&ts=63&x=0"
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1171135093:1732745819:jBECxrFOLJQSDvfmL7GN2UQlQN1Y0but0NOa-I_a7bM/8e95b2813a715690/nr8B1ff2vxWWkpsOvmTU1mb3mZjagN1ykoo5QVf58vg-1732748037-1.1.1.1-ZGVtirsokabM4wLgAsWkPAoyPPJ..z5gJM9BWabBey.IklHEvQqJo8KvZQNe.sHu | 104.18.95.41 | 200 OK | 2.8 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1171135093:1732745819:jBECxrFOLJQSDvfmL7GN2UQlQN1Y0but0NOa-I_a7bM/8e95b2813a715690/nr8B1ff2vxWWkpsOvmTU1mb3mZjagN1ykoo5QVf58vg-1732748037-1.1.1.1-ZGVtirsokabM4wLgAsWkPAoyPPJ..z5gJM9BWabBey.IklHEvQqJo8KvZQNe.sHu IP104.18.95.41:0
File typeASCII text, with very long lines (3972), with no line terminators Hash98c8e5903b738ee9f0a23e4fe85a2801 6b72e4df012b1d769a54478b0df3cf8fcb7e748b 463d1aa4a5d53a635401ddb6019ce170f96601245bcec5212d72c605d4a9392e
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1171135093:1732745819:jBECxrFOLJQSDvfmL7GN2UQlQN1Y0but0NOa-I_a7bM/8e95b2813a715690/nr8B1ff2vxWWkpsOvmTU1mb3mZjagN1ykoo5QVf58vg-1732748037-1.1.1.1-ZGVtirsokabM4wLgAsWkPAoyPPJ..z5gJM9BWabBey.IklHEvQqJo8KvZQNe.sHu HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zifcf/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: nr8B1ff2vxWWkpsOvmTU1mb3mZjagN1ykoo5QVf58vg-1732748037-1.1.1.1-ZGVtirsokabM4wLgAsWkPAoyPPJ..z5gJM9BWabBey.IklHEvQqJo8KvZQNe.sHu
CF-Chl-RetryAttempt: 0
Content-Length: 21143
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:53:59 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: dgnxyuuT6elO9DoS6IdYDW1QPaClzdjvkCrfLWq/Hm8UGhPlELNpW83DYmwfU3OdV0iZkntvqEKhh1tulzrF7+XUeuB87ZzUcy7+wmG9ku5+pcXK2TNNCVUKL70=$upKIoQ8gsuxzEoos
cf-chl-out-s: J07l52RgvHEgQ8uYdiyLkEZe0IDKXwgTWMfyfoO+t3MIHLGYQee0IIMUIUArLgJucWSeaZSJoRjgo4M/vxMqy4c1I3OxSwQm7mp0tWJPwhj/4N5po2fm57qZL705QgLMwvyG5IFWLFrUwJHZffTi+avMlDfCok7vQ5z0zeU/7zidXXMjpb6+m4Hmpm0tfEShbvZrFYwE+Zl3YbfLGk3wltyccmI4EH2qxQfzPAV5b+w0ofD/gwhKwunXTGK3WIxWAB4keiYAoTM3yHvVRJ4CPb4zLG4hAdgUoCsLUL153S2GmgZUKkpi0dcr6UvW40q7qeBlOhQ+y+CuoRrzezGVGAV51kvFE18mYhYvZozHuWsEzlRIWtCX/jp05PUAceUiNgjaWUr8rvLVPO+hWjbmFZwOd1R27qqG/6fGCZU1/gMtql8mCT5pfFz23G3kuMtI0Kx3Z1UDeHl8L1CNsSjG1Nvgihpzp8PdHXj94JdsfIEya94mDUXQre3sIzBMVEmN8+hOLKQ=$14a9Qhi53DGwmil9
server: cloudflare
cf-ray: 8e95b2902e2b5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 2ch.life/cdn-cgi/challenge-platform/h/b/flow/ov1/2120938374:1732745687:hGHqZQlCVk_rtUsJKKFgPPQ5yhfCmONoI0V86WAQ95E/8e95b27cbbd99401/zp2nhei3yWKdiLefryFWtJZIx_756B6E.a97HOc7r_w-1732748036-1.2.1.1-qQEJyRdtCIrjR0pQe7fckQnpKCLxi8thyJYMLvt09I0Wpu2t4fyVtCIKyRrRPGu5 | 104.21.235.78 | 404 Not Found | 7 B |
URL 2ch.life/cdn-cgi/challenge-platform/h/b/flow/ov1/2120938374:1732745687:hGHqZQlCVk_rtUsJKKFgPPQ5yhfCmONoI0V86WAQ95E/8e95b27cbbd99401/zp2nhei3yWKdiLefryFWtJZIx_756B6E.a97HOc7r_w-1732748036-1.2.1.1-qQEJyRdtCIrjR0pQe7fckQnpKCLxi8thyJYMLvt09I0Wpu2t4fyVtCIKyRrRPGu5 IP104.21.235.78:0
CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeASCII text, with no line terminators Hashfedb2d84cafe20862cb4399751a8a7e3 81f344a7686a80b4c5293e8fdc0b0160c82c06a8 f1234d75178d892a133a410355a5a990cf75d2f33eba25d575943d4df632f3a4
OPTIONS /cdn-cgi/challenge-platform/h/b/flow/ov1/2120938374:1732745687:hGHqZQlCVk_rtUsJKKFgPPQ5yhfCmONoI0V86WAQ95E/8e95b27cbbd99401/zp2nhei3yWKdiLefryFWtJZIx_756B6E.a97HOc7r_w-1732748036-1.2.1.1-qQEJyRdtCIrjR0pQe7fckQnpKCLxi8thyJYMLvt09I0Wpu2t4fyVtCIKyRrRPGu5 HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cf-challenge,cf-chl-retryattempt
Origin: http://2ch.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Wed, 27 Nov 2024 22:54:00 GMT
content-type: application/json
content-length: 7
cf-chl-out: UHAiqisF3vyDGiJFokfT7n9lQt57YEVOz0A=$aDYVXELMz/8K5n2N
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4A25%2FbQODvFEf%2B6QBDs%2FHj8SLfm0Z7d7yL%2BK%2B28j6A%2FTCaTwiRw3JgE5XRSAuzsEBX7oTkyEhy2miiCnlzowFmLTOuwuUyb0GXEBV6yjQlb2c%2BzAXyWVEQLww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8e95b297bb4cbe98-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28382&min_rtt=19810&rtt_var=9447&sent=16&recv=10&lost=0&retrans=0&sent_bytes=5583&recv_bytes=2272&delivery_rate=14733&cwnd=12000&unsent_bytes=0&cid=8e2766a7c7fcb731&ts=1001&x=1", cfHdrFlush;dur=0
|
|
| 2ch.life/gg/res/1858482.html | 104.21.235.78 | 525 No Reason Phrase | 6.8 kB |
URL User Request GET HTTP/32ch.life/gg/res/1858482.html IP104.21.235.78:443
CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeHTML document, ASCII text, with very long lines (394) Hash687877fce0c617f73bea07c2676d544a 9a369264e27570f60a1257a05191eb5b2498ced1 a997bb110d8bf3e4d48bd393c5071a7527ee5d8f2376f579378af391a5083f10
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /gg/res/1858482.html HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 525 No Reason Phrase
date: Wed, 27 Nov 2024 22:54:03 GMT
content-type: text/html; charset=UTF-8
content-length: 6838
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iF5OsQ6UQ9k%2Fnf5XWNmhBlPXcnnMWfKiIT4cAHMsz%2BLMWFcaUeklxG%2FmEhvjfzJUSkTa2yU2IfALcAZT356F%2BVkhdHDqnVY0tCnWvsNWq7ak6jU4i3BbCccbMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8e95b2a97d6ecd25-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24193&min_rtt=20022&rtt_var=10487&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4078&recv_bytes=1144&delivery_rate=32064&cwnd=12000&unsent_bytes=0&cid=2f8e0322f1b424c8&ts=7532&x=1", cfHdrFlush;dur=0
|
|
| challenges.cloudflare.com/turnstile/v0/b/a6e12e96a2d5/api.js?onload=sLNwD4&render=explicit | 104.18.95.41 | 200 OK | 16 kB |
URL challenges.cloudflare.com/turnstile/v0/b/a6e12e96a2d5/api.js?onload=sLNwD4&render=explicit IP104.18.95.41:0
File typeJavaScript source, ASCII text, with very long lines (47694) Hash1685878b80eecb073e51c13f17a5e530 0fffa666f98f2d8c1156d46d7f9ab90c5b089af3 c61e2e1347b9aca3d8f0c9725490470651a1f6c02841ff71f90305ea391ca6d2
GET /turnstile/v0/b/a6e12e96a2d5/api.js?onload=sLNwD4&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://2ch.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 27 Nov 2024 22:53:57 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 21 Nov 2024 17:58:42 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e95b2801c3c56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 2ch.life/cdn-cgi/images/cf-icon-ok.png | 104.21.235.78 | 200 OK | 946 B |
URL GET HTTP/32ch.life/cdn-cgi/images/cf-icon-ok.png IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced Hashdfaf0fbb758c874be231335db178381d 8f2597eb7ba4c89892aac0559816db3f5280b23e ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b
GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2ch.life/cdn-cgi/styles/main.css
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:54:04 GMT
content-type: image/png
content-length: 946
last-modified: Fri, 22 Nov 2024 16:00:52 GMT
etag: "6740aab4-3b2"
server: cloudflare
cf-ray: 8e95b2abe843cd25-LHR
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 28 Nov 2024 00:54:04 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
|
|
| 2ch.life/cdn-cgi/images/cf-icon-cloud.png | 104.21.235.78 | 200 OK | 1.5 kB |
URL GET HTTP/32ch.life/cdn-cgi/images/cf-icon-cloud.png IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typePNG image data, 152 x 77, 8-bit colormap, non-interlaced Hash3ec81e5e3a4de9fec46ce9e6999b9e27 8f03b6857ab8d31feb65f97b1ae6b678efdc2ddd 3a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58
GET /cdn-cgi/images/cf-icon-cloud.png HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2ch.life/cdn-cgi/styles/main.css
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:54:04 GMT
content-type: image/png
content-length: 1484
last-modified: Fri, 22 Nov 2024 16:00:52 GMT
etag: "6740aab4-5cc"
server: cloudflare
cf-ray: 8e95b2abf846cd25-LHR
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 28 Nov 2024 00:54:04 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
|
|
| 2ch.life/cdn-cgi/images/cf-icon-server.png | 104.21.235.78 | 200 OK | 1.4 kB |
URL GET HTTP/32ch.life/cdn-cgi/images/cf-icon-server.png IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typePNG image data, 95 x 75, 8-bit colormap, non-interlaced Hash2c11e67182601007f577f8bf2c72fee8 01dc915d4745f00632021c05d3eef634747a9c3d 41553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b
GET /cdn-cgi/images/cf-icon-server.png HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2ch.life/cdn-cgi/styles/main.css
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:54:04 GMT
content-type: image/png
content-length: 1384
last-modified: Fri, 22 Nov 2024 16:00:52 GMT
etag: "6740aab4-568"
server: cloudflare
cf-ray: 8e95b2abf849cd25-LHR
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 28 Nov 2024 00:54:04 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
|
|
| 2ch.life/cdn-cgi/images/cf-icon-error.png | 104.21.235.78 | 200 OK | 854 B |
URL GET HTTP/32ch.life/cdn-cgi/images/cf-icon-error.png IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typePNG image data, 48 x 48, 8-bit colormap, non-interlaced Hashe5577f04b6d92590410e26bd2292933b 16946b2c99d98a57f83eac170ce94b012b7d1a7b 67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f
GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2ch.life/cdn-cgi/styles/main.css
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:54:04 GMT
content-type: image/png
content-length: 854
last-modified: Fri, 22 Nov 2024 16:00:52 GMT
etag: "6740aab4-356"
server: cloudflare
cf-ray: 8e95b2abf84acd25-LHR
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 28 Nov 2024 00:54:04 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
|
|
| 2ch.life/favicon.ico | 104.21.235.78 | 200 OK | 9.8 kB |
IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hashd669592d2eb344163527af8bd810c74d 85f66567d793d3e7cb7357bafd2061530d1fa6c6 529e5ae57c6e308f078445086c156466350f0d3156eab84fc0bbab3df6f2ea6e
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain | | suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /favicon.ico HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2ch.life/gg/res/1858482.html
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:54:04 GMT
content-type: image/x-icon
last-modified: Thu, 04 Aug 2022 21:25:08 GMT
etag: W/"62ec3934-47e"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=14400
cf-cache-status: HIT
age: 2687
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=imOqoa0UclZI4mOYHz%2B3dbre7zwjjODDzxKHrr55JKB9b2Ct%2FYgOD%2B4zaMqkYBZFUKBps0IAT1oj1aojTZJAHW9OcydFxBmdTu3Pl%2B4TAVdyd3NNARlaWF0cmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8e95b2ac388acd25-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24060&min_rtt=20022&rtt_var=5400&sent=34&recv=17&lost=0&retrans=0&sent_bytes=20693&recv_bytes=3416&delivery_rate=226174&cwnd=12000&unsent_bytes=0&cid=2f8e0322f1b424c8&ts=7788&x=1", cfHdrFlush;dur=0
|
|
| 2ch.life/cdn-cgi/styles/main.css | 104.21.235.78 | 200 OK | 8.0 kB |
URL GET HTTP/32ch.life/cdn-cgi/styles/main.css IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typeASCII text, with very long lines (8058), with no line terminators Hashf05b791d939d996f45bac11e12cf755b b492b16cfd44b512b25a041c77d4a43cbf0cf81d fbe756fe507774e5868de0ef5ff58e4d4fe18c4bb8c76e7bb0d374b43108bf59
GET /cdn-cgi/styles/main.css HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2ch.life/gg/res/1858482.html
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:54:04 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 16:00:52 GMT
etag: W/"6740aab4-1f4d"
server: cloudflare
cf-ray: 8e95b2abafddcd25-LHR
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 28 Nov 2024 00:54:04 GMT
cache-control: max-age=7200, public
content-encoding: gzip
|
|
| 2ch.life/cdn-cgi/images/cf-icon-browser.png | 104.21.235.78 | 200 OK | 484 B |
URL GET HTTP/32ch.life/cdn-cgi/images/cf-icon-browser.png IP104.21.235.78:443
Requested byhttps://2ch.life/gg/res/1858482.html CertificateIssuerGoogle Trust Services Subject2ch.life FingerprintE8:B9:26:5D:BB:AE:EE:5D:4E:08:E6:C8:14:E5:57:1E:CA:BF:90:EC ValidityMon, 11 Nov 2024 21:19:30 GMT - Sun, 09 Feb 2025 21:19:29 GMT
File typePNG image data, 100 x 80, 8-bit colormap, non-interlaced Hash59caf3c7eb63af78f12db37f41433779 8024e688e78e910ae1ea3bc25be7a7ab65444b02 78a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65
GET /cdn-cgi/images/cf-icon-browser.png HTTP/1.1
Host: 2ch.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2ch.life/cdn-cgi/styles/main.css
Cookie: cf_chl_rc_ni=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 27 Nov 2024 22:54:04 GMT
content-type: image/png
content-length: 484
last-modified: Fri, 22 Nov 2024 16:00:52 GMT
etag: "6740aab4-1e4"
server: cloudflare
cf-ray: 8e95b2abe842cd25-LHR
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 28 Nov 2024 00:54:04 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
|
|