hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
188.114.96.1200 OK 1.8 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 8b06e8efe648162247b0884d88af9312
83c40e5f2febcaed03788235aa86821c4ef26e0f
ef355ed1e01ed41069c3dde0100b49ad97a90c386b05f4c84a3ce2260f8f254c
Analyzer Verdict Alert urlquery suspicious Suspicious - Suspicious JS code
GET /wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1 HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 07 Feb 2023 01:49:06 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wioczIWkCiudr469DVhxN5WX23Mu4NLMuF%2FvcBDMJx0hSGxgHcwEpC%2BYh%2BhM%2BbMBUiHU%2BsRb%2BReUTO6zbaOnk5pCOEIXrLKQm2JUwGBhOkmT5BKDfy97dD0BmAhIYg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339a4f94b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11078
Expires: Tue, 07 Feb 2023 18:41:09 GMT
Date: Tue, 07 Feb 2023 15:36:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3869
Expires: Tue, 07 Feb 2023 16:41:00 GMT
Date: Tue, 07 Feb 2023 15:36:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7661
Expires: Tue, 07 Feb 2023 17:44:12 GMT
Date: Tue, 07 Feb 2023 15:36:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 15:34:08 GMT
content-type: application/json
age: 143
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4DzE2Cl4n2xCnpIV5XsaonySTHlEaPpxp2w8xOmFgRWMk0L4ah+1CHcCmiQ1MTq+myww/D9oC7Q=
x-amz-request-id: D66NNMHPZSQ75TA6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 14:45:36 GMT
age: 3055
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
hannah.chat/wp-includes/ID3/-/dist/dhl.css
188.114.96.1200 OK 319 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/dhl.css
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators
Size 319 kB (318583 bytes)
Hash 0a0250e67c185591cddbebd477b1af54
33ee3440e00ac57ee2a9fc25e63da251853c846e
690c39cbff99b2f2c28763c2163528a7de0e21c452eee6d0ad758b86fc1860b0
GET /wp-includes/ID3/-/dist/dhl.css HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
ETag: W/"63a6f0e2-15b189"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 46
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LeZp0Dgl0t%2FjQkWP%2FiXKUIUui1y2gSvQWXtrU87r73EJCrD%2Fv%2Btb1jOCRyGocZxj9J6UsMg6fRWVKYsJj3Ivpsl4r%2FLt4G9zr6NEy1qtAnwr2X%2BBU39XHRiyI3v2dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339c1acab4f9-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/js.cookie.js
188.114.96.1200 OK 1.4 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/js.cookie.js
IP 188.114.96.1:0
Hash f63feb15779788114f62dfeb2f0396bd
fe401a591daaf69f78588ce2cd798636bcca4ca2
3eaf67280345f7c5862b82151bb96052591607ee2fc11538f3bed2fd4395a497
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/js.cookie.js HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
ETag: W/"63a6f0e2-d60"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 46
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cV9q%2Fw%2FnYvU%2FVX04XhK1AuIpTyy5wwM8ALtPq%2Fd5FDr7IbDom75dxXKNsN0Fm8LaKXzgwTkucdav8CJs5vFXx7yNrNvJJu5mzx5f6lsicRscH0s5SR8XZhwQnzoBnA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339c28371c16-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/jquery-lang.js
188.114.96.1200 OK 7.1 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/jquery-lang.js
IP 188.114.96.1:0
Hash e7d1fa0ef393b02cdd68f877b4dc05f3
5edbcb0f875108195952f0160f8708bf18bfd5b0
d04ca054fbfd8b91bcd1009844823f75ea3349c7039001e7a5889b6663c3b052
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/jquery-lang.js HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
ETag: W/"63a6f0e2-6c2d"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 46
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQIgDzTB38Y0u8E17xP%2BBOMVstFcqx620rzFgEuNMMxDpzjrRRQ7%2B%2BRO0S0QilE1KTmUO%2BoakCm5iL4bDKcYntV5O9KrXLkxkcvGSRYm%2FieZj9NIWT%2BuIuuXYxovuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339c2ba0b524-OSL
alt-svc: h2=":443"; ma=60
code.jquery.com/jquery-3.5.1.min.js
69.16.175.42200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.5.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash 3700d0b271343804b9b9aa1c13efa521
3d6b03dbd74872ca3dfbb0529f6c80943788f918
fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e
GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hannah.chat
Connection: keep-alive
Referer: http://hannah.chat/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 07 Feb 2023 15:36:31 GMT
content-encoding: gzip
content-length: 30879
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675784191.dop205.sk1.t,1675784191.cds228.sk1.hn,1675784191.cds208.sk1.c
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 07 Feb 2023 15:36:31 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ad2d72821808ee5f77c0598fed0f8bd1
adcd92881d1c5ac3cca4687dc6347369240f4726
c7ce86611bf0b0063c0bcb2c6a6a4b85fe6be2d89e382b8907e8bbb2e1e5962d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 15:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
142.250.74.42200 OK 93 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32072)
Hash e0e0559014b222245deb26b6ae8bd940
e2f3603e23711f6446f278a411d905623d65201e
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hannah.chat/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 93100
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 14:19:37 GMT
expires: Wed, 07 Feb 2024 14:19:37 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 4614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ad2d72821808ee5f77c0598fed0f8bd1
adcd92881d1c5ac3cca4687dc6347369240f4726
c7ce86611bf0b0063c0bcb2c6a6a4b85fe6be2d89e382b8907e8bbb2e1e5962d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 15:36:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hannah.chat/wp-includes/ID3/-/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff
188.114.96.1200 OK 41 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 41084, version 1.66\012- data
Hash 03f859bf58e4d37841070de34be7d978
3436d4fa17e7ee470c3d62b08787cfa7de408408
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
fortinet Phishing
GET /wp-includes/ID3/-/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/dist/dhl.css
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: font/woff
Content-Length: 41084
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
ETag: "63a6f0e2-a07c"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 45
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TwoIBB3DGlhtdvzMYFtIDpHyxEVnWeNT9xberJlgSnEYC0hkEp2%2FW7RFt7jntpLTJRklsHWSQHv7WGDNdbDonXnO7weetAis4YVLBWMz66mouE1U%2BMR%2BBXKAloG5Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795d339d5d8db524-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/DHL_footer.html
188.114.96.1200 OK 6.1 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/DHL_footer.html
IP 188.114.96.1:0
File type exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591)
Hash 7bd91b053c9ce556235aa71c3ce90b14
f1527024cd9fc8bb836b7e5338bb0044280cc497
7a28d9fdda339bc3ba353a16b1c7975f7b756e60965383c6bebc07523c2681ff
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/DHL_footer.html HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jan 2023 14:37:14 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u6peUXCY1DO755VJbp%2FyxVSsxqQBJBWDDYwGcYkMC%2FO7OXWgaUruXG4dIMNaO7lFYfyFO%2FTi%2FwEH7ZzISuHUytro576NJd%2BKohnHuiewB5qf7ANcbIBjU%2FpdY3bDSw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339d9cecb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/DHL_head.html
188.114.96.1200 OK 3.1 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/DHL_head.html
IP 188.114.96.1:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836)
Hash 8fdfbfdd533b80d07981ddc6f47ef222
abac1d1870a9e57e0bf7e5ec57482235737e302b
2606fcb61748aa2ea1938d14b61a6a9f6a71a546cb833fc1fd7e37547024a2da
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/DHL_head.html HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zfvRlmLxGqZtDfPhv%2BO0lh58%2FO0gQQTJknxFW31N2DGBIkpBBiP4609uCiPJAK5vi4hRmRjBRcngLGY7EQiKC%2F7ZHcFiiGQ6pkdsDO2hktENwVCBZWB9VNsepfErDA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339d99981c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/load.php
188.114.96.1200 OK 1.1 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/load.php
IP 188.114.96.1:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 00bc3dd87ce1bd10213a09b068ea5c06
434dbc5283f773233bc9c223a21bd12fd0f49cd2
24cacfa00e7a4bd95f98cd16323f856a2d635ed35627173defac5b360ed4052d
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/load.php HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dT4fvAs%2B774qii8Bcu%2FKUyxe5QvJtZs4GntniPVmt0mKvEDsxcVubhNW1TeX9EVd0IcqW%2FN%2FVA1PVCwx7UauOWa9nt%2FphAq2hXdssHjtkAjwouOjjJ6GktzZ8SfDag%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339d8dc8b524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/favicon.ico
188.114.96.1200 OK 325 B URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/favicon.ico
IP 188.114.96.1:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 4491025aec3b8132cbe13a8dc52b2e0c
7483ce0855b5ce33c735d9043b8583995583f83f
b78e7b7ddf78ea8698f1f3e5906f80358d9907ae1934fa2024c12e2d2f3c9719
GET /wp-includes/ID3/-/dist/favicon.ico HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
ETag: W/"63a6f0e2-47e"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 45
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wVl4Z6jl%2Fr9GR3gm43gJZyZPtppt5W6hSriScd0O53NQyEX6E2Ws6upKQajkyiWrK%2BbcEs19bC1ov2BZhKV2kvDHgafGpQMl4AH5CZkONR0C5d%2Bx0Q%2BO%2FtIN1H0TA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339dee49b524-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff
188.114.96.1200 OK 9.3 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 9316, version 1.0\012- data
Hash 9355df62a665ef9249036bbccad8c54c
6b7779a10187a1a7473f604fbe3db96350868c6a
6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
fortinet Phishing
GET /wp-includes/ID3/-/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/dist/dhl.css
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: font/woff
Content-Length: 9316
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
ETag: "63a6f0e2-2464"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 45
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=15jebddcnSv6%2F2ggnpg2kR%2BcNO%2FDaae%2BKo%2FHSpX92wTqg3ohKy29mELhbyTIrbMeBUqrDLciOHXLXgr73kUkYilLjF1OtbXKeqeAwxooMFTh4lFXR4EASN3ZpCsOeg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795d339e0e80b524-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/langpack/en.json
188.114.96.1200 OK 306 B URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/langpack/en.json
IP 188.114.96.1:0
File type JSON data\012- , ASCII text
Hash 2de0397421cbe35a8b0c1bd49c711208
f67090088d2a7d68033e3692b1e195365f0c4dad
b1743d16fef802a278e481e8aca66537384816183978360ff7b08e2ebb940028
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/langpack/en.json HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
ETag: W/"63a6f0e2-202"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJM6%2FeTVOBrYG%2BqyRaAujm0xxqXHUHVADbrxkQ%2FnqcfynxAa%2BUwBuO3Dqq%2BjaZBEHdnjp%2BvFg1CLOU72n06wXqoeLzcUCzFH2zPAQOucMOirP51WScCxwNvHDHnWvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339de9f31c16-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/langpack/en.json
188.114.96.1200 OK 306 B URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/langpack/en.json
IP 188.114.96.1:0
File type JSON data\012- , ASCII text
Hash 2de0397421cbe35a8b0c1bd49c711208
f67090088d2a7d68033e3692b1e195365f0c4dad
b1743d16fef802a278e481e8aca66537384816183978360ff7b08e2ebb940028
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/langpack/en.json HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
ETag: W/"63a6f0e2-202"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BpAWwVyxDv2Yc7Lz1gc3tF5dWvlfTaVMrhfpIw5d1cgDyJhDYkgyYLxsii5huyS9ezcoDHEltcVeP8mY9jkAwkqUm4FQXhmlgvAE73u4sWJ07Hefzo%2FUQNTBwZkI5w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d339ded78b4f9-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff
188.114.96.1200 OK 41 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 41328, version 1.66\012- data
Hash e39bd2e2657ce5dd6f9c33df18529233
6db81ebb91bfa67cef8f2f870f03046150568799
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
fortinet Phishing
GET /wp-includes/ID3/-/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/dist/dhl.css
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: font/woff
Content-Length: 41328
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
ETag: "63a6f0e2-a170"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 45
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Dp0%2FC16JG4%2Bolsmh%2Baj4hCgu1WZLxyZQhNh9hv2X3mj3UnWn6CW0fazvHT7PSslgIm1sIh8d6KJRMRa4oHl7tvdf6WcDZqral2uDyKp78xkeAwTLuiiCaNcQ%2Fr7QQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795d339e1ea3b524-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff
188.114.96.1200 OK 44 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 44260, version 1.66\012- data
Hash 4a350e02a03ac62e72e9ea575b31ce84
d47b03b96b6e7034a1473a293bb594e597a41dc2
87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
fortinet Phishing
GET /wp-includes/ID3/-/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/dist/dhl.css
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:31 GMT
Content-Type: font/woff
Content-Length: 44260
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
ETag: "63a6f0e2-ace4"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 45
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDHowhIxi6q0DXaBWEaB5F5O9hmlFCmcxnlqCQPca4GcCq8qITZFRmOL3P9jgDydsOdJ%2FQWoNk0jJt8dl9trwO7CUQQVmqR5mtllCITO11wga%2BbKSyroibpk%2FhoCAw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795d339e2a661c16-OSL
alt-svc: h2=":443"; ma=60
ipinfo.io/country
34.117.59.81302 Found 72 B IP 34.117.59.81:0
File type ASCII text, with no line terminators
Hash b79f12127b13f3298b65130f55033eea
0c5df3d4734c5d754f78df4dd08f329ce38ab901
76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0
GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hannah.chat/
Origin: http://hannah.chat
Connection: keep-alive
HTTP/1.1 302 Found
access-control-allow-origin: *
location: https://ipinfo.io/country
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
date: Tue, 07 Feb 2023 15:36:31 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: gzip
transfer-encoding: chunked
Via: 1.1 google
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 802df672d7d34aaafca6e7e5594a2bf4
0bca64025527e2a6fa92b4cfdcf36e91b531c868
c2bd8918ea58155707e630b138833ff09a4e7375917e738677ef3a7e85d4fe7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2BD8918EA58155707E630B138833FF09A4E7375917E738677EF3A7E85D4FE7F"
Last-Modified: Tue, 07 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10679
Expires: Tue, 07 Feb 2023 18:34:30 GMT
Date: Tue, 07 Feb 2023 15:36:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 14:51:19 GMT
age: 2712
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ipinfo.io/country
34.117.59.81200 OK 3 B IP 34.117.59.81:0
Hash 19541a2746e08a6b8f5145bdbaa23e45
00b970928589b6bdb02743a4bb8400e429e26abe
cfe72034a9f298fb79a6c1f2302673bb449c826d446b3efafdde95e6c48dc3ca
GET /country HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://hannah.chat/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: text/html; charset=utf-8
content-length: 3
date: Tue, 07 Feb 2023 15:36:31 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 802df672d7d34aaafca6e7e5594a2bf4
0bca64025527e2a6fa92b4cfdcf36e91b531c868
c2bd8918ea58155707e630b138833ff09a4e7375917e738677ef3a7e85d4fe7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2BD8918EA58155707E630B138833FF09A4E7375917E738677EF3A7E85D4FE7F"
Last-Modified: Tue, 07 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10678
Expires: Tue, 07 Feb 2023 18:34:30 GMT
Date: Tue, 07 Feb 2023 15:36:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9957
Expires: Tue, 07 Feb 2023 18:22:29 GMT
Date: Tue, 07 Feb 2023 15:36:32 GMT
Connection: keep-alive
push.services.mozilla.com/
35.164.186.39101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.186.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: n2SY0c5U3mpy1Kxfa1cT+A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8eGiYXJjiBlytWK4wPhtGSjUVYc=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5100
Expires: Tue, 07 Feb 2023 17:01:33 GMT
Date: Tue, 07 Feb 2023 15:36:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5100
Expires: Tue, 07 Feb 2023 17:01:33 GMT
Date: Tue, 07 Feb 2023 15:36:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5100
Expires: Tue, 07 Feb 2023 17:01:33 GMT
Date: Tue, 07 Feb 2023 15:36:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5100
Expires: Tue, 07 Feb 2023 17:01:33 GMT
Date: Tue, 07 Feb 2023 15:36:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59419fb1cf4689bed183d0e9a6aed782
47d4a4bb26fafff0c6aebfe3dc7ddfa4970f8e9a
e6009407bd61bee1ae16ec30ea5914be77c56ee65dfb30595b10a1cedc6798c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12682
x-amzn-requestid: d858d90a-b1ca-401c-8e00-8ccd9c0a7504
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f78mUEsfIAMFreg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1748e-2783de3e3de9c520246bf06e;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:43:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: eq8Kle9uYWJ3vmaJD50r-oaTb_O2ObQgLNlTcYn9XQoHCyAO3isqyQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:44:49 GMT
age: 64304
etag: "47d4a4bb26fafff0c6aebfe3dc7ddfa4970f8e9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 14:35:27 GMT
age: 3666
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75b0935816ca54d5d20a9fffa5531e0d
bd8374980c16b7d5a28e55b8bef2215713b1ebb2
4ab6f49d22d029681754b617001f93467d63035acdaf12905c2314cab77991af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13390
x-amzn-requestid: 0664e077-13a4-4a97-afc2-3969cee56958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f2pu6Fb7oAMF_0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63df565f-057ee8fa26aa83d21f875d73;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 07:10:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cAwOWu-_JYTMa0l-1A07FxgOGtG7P59D7XlovXByRA9dQxfsS2An7w==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 18:44:40 GMT
age: 75113
etag: "bd8374980c16b7d5a28e55b8bef2215713b1ebb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6154ab9-bb20-4d77-a86e-15f604bb237a.webp
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6154ab9-bb20-4d77-a86e-15f604bb237a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4dd67c975f1c1f91ca92f37c9e098231
b9096efb56b6e196b13722e767a9d2762737cbb9
39f21e5db4089d6cf94646b76cd9032e9831ed03f7c2f0d980fac09c893a52db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6154ab9-bb20-4d77-a86e-15f604bb237a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8110
x-amzn-requestid: fdfa4af0-a6e4-4664-a86b-48fd6f374d96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f77JCFyzoAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e17239-205cdd9d70f23cb358c65222;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:33:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zHo_IPM2j3t4prd4ZuLR7c-GPrWHxSxqSUprBxrT9n_DG8ySpkpb8g==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:46:30 GMT
age: 64203
etag: "b9096efb56b6e196b13722e767a9d2762737cbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd09b3928-4257-4aee-9978-7c13c20b5a23.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd09b3928-4257-4aee-9978-7c13c20b5a23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92008e687831334af1cdbf4b8a57579f
e6ff750f12836637adf5b253d64c2102fdf3c180
39af3e630e0271b54139849c1b596efbdc69a23ce943e5330341d49f77798c7c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd09b3928-4257-4aee-9978-7c13c20b5a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7183
x-amzn-requestid: 02695a8d-2ab8-4d77-bfbe-f99418d8ef00
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f78YOGsyoAMF5wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e17434-2614cef4059e7fd5009cb46d;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:42:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5wy_7Z30HRIcZufSPCTKu9UoJD1o_NDlhuyL5bvidDwbqC_3p99yYA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:44:57 GMT
age: 64296
etag: "e6ff750f12836637adf5b253d64c2102fdf3c180"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eedb4de12585c70ddb5b8f94fe6a59e2
83c9437e71a0a03b3e8ff652155a85eafa76cdda
d4493a30f62e9ad224b3595ba3af8a322e2d4a3d9238a1847973f962bdcc0c82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4227
x-amzn-requestid: b45f2ab7-0102-4542-9514-54fb93a0e27f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f77sTH4jIAMFnsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1731b-4a24bcb1102e58543cd81343;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: V_4NzIAVBOZMjf_YIM3bowFdlP1y4peI5JI-jO105s3NVjmyYnC0Tg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:48:48 GMT
age: 64065
etag: "83c9437e71a0a03b3e8ff652155a85eafa76cdda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hannah.chat/wp-includes/ID3/-/dist/DHL_track.html
188.114.96.1200 OK 2.6 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/DHL_track.html
IP 188.114.96.1:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (356)
Hash c6e1b24beaf19e43e591baddc95fee66
2ff7abb3652231aaf83a68c4019e7cb04896bccd
a7bc2cfc20e01ecbd45e3984acf1f3f74a1392705c6e9852abd6c336caba297f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/DHL_track.html HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
Cookie: langCookie=en
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jan 2023 14:28:48 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SqV4Z2HxzQZJUEELiO7BGM%2FZFLMSQw57nU8jgnKfTn9rmGc60YJUu6d8%2BKJengU2ZjrS3XyBfPPsSmGQjlA0jI70X8dVLl2Gz6KdL6xI0VHq%2B65O3vtrM7wJJHl4DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d33a9edb11c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/jquery.validate.min.js
188.114.96.1200 OK 7.9 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/jquery.validate.min.js
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (24237)
Hash 0b2eb7800347f7fe6e93ae5bb7a229a6
d723f627fad289633b3bd8d235b1481254bbdafe
f7e3fcc30e34ff9d6f9de6cc9d764f9135eb8f294e8d3da3e590e02d5b262ea2
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/ID3/-/dist/jquery.validate.min.js HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/fcd3c377587078408feaf764b0beafa6/execution.html?validation=e1s1
Cookie: langCookie=en
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
Vary: Accept-Encoding
ETag: W/"63a6f0e2-5f38"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 45
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XKiFz5Fz4PVIkZtCeL0jo30Jp7BDzAsDftcA8YKTg8fRDaIUEPL555Na%2BP49jA5GISZsUO3zJCaq9K8SrsXZrqNxHJceaXwFnLLGtOasB%2Fpuh48s5ZBU6BbCnwIT7w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795d33aa2ddf1c16-OSL
alt-svc: h2=":443"; ma=60
hannah.chat/wp-includes/ID3/-/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff
188.114.96.1200 OK 41 kB URL HTTP/1.1 hannah.chat/wp-includes/ID3/-/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff
IP 188.114.96.1:0
File type Web Open Font Format, TrueType, length 41352, version 1.66\012- data
Hash 4e23ecf085132857bdb54b4da7373151
a50215c22a591536b21e509100d1707c6886ffd6
b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4
Analyzer Verdict Alert urlquery phishing Phishing - DHL
urlquery phishing Phishing - DHL
fortinet Phishing
GET /wp-includes/ID3/-/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff HTTP/1.1
Host: hannah.chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hannah.chat/wp-includes/ID3/-/dist/dhl.css
Cookie: langCookie=en
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:33 GMT
Content-Type: font/woff
Content-Length: 41352
Connection: keep-alive
Last-Modified: Sat, 24 Dec 2022 12:30:26 GMT
ETag: "63a6f0e2-a188"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 45
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QOnr5pkM1XZDecMcUOlCjKRh2Voz60aDYOrSQ3tewti05wCSkpR53ljXv5G0FopCPR1dy1h0rGLS4DZFhPPBocXcVb7SRM6h9s0REy7Axwxn%2BRcmpka9tVP0Og8Ugg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795d33aa5e031c16-OSL
alt-svc: h2=":443"; ma=60
cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
151.101.65.229200 OK 7.5 kB URL HTTP/2 cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (21060)
Hash 1f61c1b15b25ba046056238766ff3a43
2b8db740e4e913e9dc87a6060dea2a6b17ad0ec8
fe78a2c604b4757dd5d114e0efb7e74c8f4acfe840bf6b6c01517205744a7648
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://hannah.chat/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.16.1
x-jsd-version-type: version
etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 07 Feb 2023 15:36:33 GMT
age: 1210470
x-served-by: cache-fra-eddf8230069-FRA, cache-bma1633-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7503
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash c5208018d1d99803d00b00df47c5e8f3
aec7e670b4155f043da7057374d0b2f0e8ec06f8
e5b12a0503ea331a896e4da49d34bfe0a72394bdeab3df1bd8cc87379c1ec344
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 15:36:33 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "7E8747B93D17744738BCD07B77632DC2F766CA94"
Expires: Wed, 08 Feb 2023 03:00:00 GMT
Last-Modified: Tue, 07 Feb 2023 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1467
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795d33aaec6e0b51-OSL