www.chatany.world/h5/reg.html?invite_code=ZTF94Z
54.230.111.69200 OK 2.4 kB URL HTTP/1.1 www.chatany.world/h5/reg.html?invite_code=ZTF94Z
IP 54.230.111.69:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1620)
Hash 4870277300f221386add77212d1927d3
d4cc4945ad44abc32f2e81ca2a5a9053dad13bbd
4264ef85d51e84c9a75c9cea9f1fe4b637e5325ae4a19ac15addaaadb84a689d
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.world Domain
GET /h5/reg.html?invite_code=ZTF94Z HTTP/1.1
Host: www.chatany.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 08 Feb 2023 09:12:02 GMT
Last-Modified: Wed, 08 Feb 2023 01:46:22 GMT
ETag: W/"63e2feee-13e6"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YdqAtaXxQIGDcoYjd-eep4r7OtsAF53xajONbE_Tp1d4dWcPTAE7BQ==
Age: 41185
Vary: Accept-Encoding, Origin
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4733
Expires: Wed, 08 Feb 2023 21:57:20 GMT
Date: Wed, 08 Feb 2023 20:38:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12166
Expires: Thu, 09 Feb 2023 00:01:13 GMT
Date: Wed, 08 Feb 2023 20:38:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 20:34:13 GMT
content-type: application/json
age: 254
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13875
Expires: Thu, 09 Feb 2023 00:29:42 GMT
Date: Wed, 08 Feb 2023 20:38:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yaeuARnrA+kSyBijEVttA+4SLprfV/Ajt3Tu3xRb/yWnaQNyZtLLuXclbuSkmu5vsR0b+oBLe5s=
x-amz-request-id: 5JGNXDB5KEDR73QZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 19:46:05 GMT
age: 3142
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www.chatany.world/h5/index.css?55f589qwe2
54.230.111.69200 OK 1.1 kB URL HTTP/1.1 www.chatany.world/h5/index.css?55f589qwe2
IP 54.230.111.69:0
Hash 30df33856e5659f3adad109aa99168f2
b9fd246899b1dfa0fb4a4247f6701187c29a8108
9764fbb051c1f9dc4c23aa1f322e0209aa318efcc67655c312551a3bdd284bab
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.world Domain
GET /h5/index.css?55f589qwe2 HTTP/1.1
Host: www.chatany.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/h5/reg.html?invite_code=ZTF94Z
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 08 Feb 2023 09:14:53 GMT
Last-Modified: Wed, 08 Feb 2023 01:46:22 GMT
ETag: W/"63e2feee-d2d"
Expires: Wed, 08 Feb 2023 21:14:53 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ykk2hbOooLal8pXKumeKynmOmbFos_bBO85nmXbHIopaLCPyLBcpng==
Age: 41014
Vary: Accept-Encoding, Origin
www.chatany.world/h5/index.js?aa92492613w123v20221122
54.230.111.69200 OK 2.3 kB URL HTTP/1.1 www.chatany.world/h5/index.js?aa92492613w123v20221122
IP 54.230.111.69:0
Hash ed4dd6013dad1990a8cd6978e133fb7c
8a2cc4503c677e7d3e5db027cd18689135da582d
b12e0789f656b46e4ed7c6ac2c7eb2bd9d1b00401952873d5d77f92cfeb06784
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.world Domain
GET /h5/index.js?aa92492613w123v20221122 HTTP/1.1
Host: www.chatany.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/h5/reg.html?invite_code=ZTF94Z
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 08 Feb 2023 09:15:46 GMT
Last-Modified: Wed, 08 Feb 2023 01:46:22 GMT
ETag: W/"63e2feee-1ab4"
Expires: Wed, 08 Feb 2023 21:15:46 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9pQoS0D-vtf36O6XiGlaT6Xtva-0si2YL4rbq8U5C_2BarGjKx9ikw==
Age: 40961
Vary: Accept-Encoding, Origin
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 20:38:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.chatany.world/h5/vue.min.js
54.230.111.69200 OK 34 kB URL HTTP/1.1 www.chatany.world/h5/vue.min.js
IP 54.230.111.69:0
File type ASCII text, with very long lines (65449)
Hash a5123d8e5fc5573b0a55fbb24a6042d0
17dd008543df4344004a7f8d2094d5090fffe9e2
0f47741f1898e1baa7d02d25d505840d830f890b51602a11445516f4bc3e7de9
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.world Domain
GET /h5/vue.min.js HTTP/1.1
Host: www.chatany.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/h5/reg.html?invite_code=ZTF94Z
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Wed, 08 Feb 2023 20:05:05 GMT
Last-Modified: Wed, 08 Feb 2023 09:44:13 GMT
ETag: W/"63e36eed-16de7"
Expires: Thu, 09 Feb 2023 08:05:05 GMT
Cache-Control: max-age=43200
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tCpeed1CUBZga3ExBkcHhWwlzk8iEZ4wUqosWRgX1_l8bzJzxPQZ2w==
Age: 2001
Vary: Accept-Encoding, Origin
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-10972982485
142.250.74.40200 OK 69 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10972982485
IP 142.250.74.40:0
File type ASCII text, with very long lines (7595)
Hash ab4324ee0ca32833d53a5c5a74079c50
526332e61b73cc58172f8dd8bd79b8dc22800ea3
dc791af00ccdd484068dd06c3bc44d38eec625420cf2e1878aea17b9e37a2e7b
GET /gtag/js?id=AW-10972982485 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 20:38:27 GMT
expires: Wed, 08 Feb 2023 20:38:27 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 18:39:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68950
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
g.alicdn.com/sd/nvc/1.1.112/guide.js
47.246.44.251200 OK 850 B URL HTTP/1.1 g.alicdn.com/sd/nvc/1.1.112/guide.js
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (1696)
Hash 62f3ef89bb0153419f06025596346461
09c532fc7d96bf23ccf08221681a95b1fea1c028
4ca1f1bd693fc3ca93b16c6e7446b29171da4cbabccec5bf413985a338393a26
GET /sd/nvc/1.1.112/guide.js HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 850
Connection: keep-alive
Date: Wed, 08 Feb 2023 19:40:22 GMT
Vary: Accept-Encoding
x-oss-request-id: 63E3FAA68FF6FF373379CBE7
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3397782613215987052
x-oss-storage-class: Standard
Content-MD5: IOc4+1mj9tLaokjPZhbJoQ==
x-oss-server-time: 14
Content-Encoding: gzip
Cache-Control: max-age=2592000,s-maxage=3600
Access-Control-Allow-Origin: *
x-bucket-code: 3
Ali-Swift-Global-Savetime: 1675885222
Via: cache10.l2de2[0,0,200-0,H], cache14.l2de2[1,0], cache14.l2de2[2,0], cache4.se1[0,0,200-0,H], cache5.se1[2,0]
Age: 3485
X-Cache: HIT TCP_MEM_HIT dirn:11:451772807
X-Swift-SaveTime: Wed, 08 Feb 2023 19:45:09 GMT
X-Swift-CacheTime: 3313
Timing-Allow-Origin: *
EagleId: 2ff62c9916758887078696781e
g.alicdn.com/sd/nch5/index.js?t=2015052013
47.246.44.251200 OK 37 kB URL HTTP/1.1 g.alicdn.com/sd/nch5/index.js?t=2015052013
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (32022)
Hash 4348f4761f860f3a81da9e6390f816b0
685c75ef55c91fc052a37b97cb01aac10de732b5
72fe8520e7ed9548e0dad0f99ae585f62941a5ca40acab514d51fb629d688af8
GET /sd/nch5/index.js?t=2015052013 HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 36920
Connection: keep-alive
Date: Wed, 08 Feb 2023 19:43:05 GMT
Vary: Accept-Encoding
x-oss-request-id: 63E3FB4901FB553536DEDF65
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12363359091715530324
x-oss-storage-class: Standard
Cache-Control: max-age=3600,s-maxage=3600
Content-MD5: DtwDY8sG0rLMAy2oKZjXOg==
x-oss-server-time: 1
Content-Encoding: gzip
Access-Control-Allow-Origin: *
x-bucket-code: 3
Ali-Swift-Global-Savetime: 1675885385
Via: cache21.l2de2[0,0,200-0,H], cache17.l2de2[0,0], cache17.l2de2[1,0], cache3.se1[0,0,200-0,H], cache8.se1[1,0]
Age: 3322
X-Cache: HIT TCP_MEM_HIT dirn:2:401433604
X-Swift-SaveTime: Wed, 08 Feb 2023 19:43:20 GMT
X-Swift-CacheTime: 3585
Timing-Allow-Origin: *
EagleId: 2ff62c9c16758887078654415e
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 19:51:20 GMT
age: 2828
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2855
Expires: Wed, 08 Feb 2023 21:26:03 GMT
Date: Wed, 08 Feb 2023 20:38:28 GMT
Connection: keep-alive
push.services.mozilla.com/
52.25.166.168101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.25.166.168:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: B1vxNuA7Pt3Msm+3T4MBXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /8n5ucpukUIcIXFgFursJZsw8/o=
ocsp.trust-provider.cn/
47.246.44.205200 OK 600 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 0bd6d8d7fd5a62e99ba67b0a157adb04
f5f882abcb8fc60341dfb86edc16b856e3a5e64c
3a27fd2e3462ef2cc7eea66a5d30704c87c7bd7ff7589bf5789beeb729265094
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Wed, 08 Feb 2023 20:09:51 GMT
last-modified: Mon, 06 Feb 2023 03:25:18 GMT
expires: Mon, 13 Feb 2023 03:25:17 GMT
etag: "f5f882abcb8fc60341dfb86edc16b856e3a5e64c"
cache-control: max-age=601660,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb2
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7967015eaeee3aa0-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675886991
via: cache16.l2de2[0,0,304-0,H], cache26.l2de2[0,0], cache3.se1[0,0,200-0,H], cache5.se1[1,0], cache1.se1[8,0]
age: 1718
x-cache: HIT TCP_MEM_HIT dirn:2:410979385
x-swift-savetime: Wed, 08 Feb 2023 20:11:04 GMT
x-swift-cachetime: 1727
timing-allow-origin: *, *
eagleid: 2ff62c9516758887095844932e, 2ff62c9516758887095844932e
cstaticdun.126.net/load.min.js?t=201903281201
47.246.44.229200 OK 27 kB URL HTTP/1.1 cstaticdun.126.net/load.min.js?t=201903281201
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type Palm OS operating system patch data "var _0x3c9c=['error','http://support.dun.163.com/feedback/captcha','NECaptcha_plugin','replace','concat','collect','theme','tim"\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 31850b3fba7df8d6d8c82b58830193c1
2330b669652d8e449a4132859b988500be0dcdd1
443485bfe3c125bbd23a1f80a0783479d6c4dd9a5731b083b638c929d0646139
GET /load.min.js?t=201903281201 HTTP/1.1
Host: cstaticdun.126.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 26900
Connection: keep-alive
Date: Wed, 08 Feb 2023 16:37:48 GMT
Timing-Allow-Origin: *, *
Cache-Control: max-age=300
Expires: Mon, 06 Feb 2023 04:42:48 GMT
Last-Modified: Mon, 06 Feb 2023 01:46:01 GMT
Vary: Accept-Encoding
Ali-Swift-Global-Savetime: 1675874268
Via: cache2.l2de2[0,0,304-0,H], cache17.l2de2[0,0], cache4.se1[0,0,200-0,H], cache5.se1[1,0]
Content-Encoding: gzip
Age: 14441
X-Cache: HIT TCP_MEM_HIT dirn:4:391274796
X-Swift-SaveTime: Wed, 08 Feb 2023 16:37:52 GMT
X-Swift-CacheTime: 43196
Access-Control-Allow-Methods: GET,POST,OPTIONS,HEAD
Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: *
EagleId: 2ff62c9916758887096058942e
www.chatany.world/h5/assets/bg2.png
54.230.111.69200 OK 239 kB URL HTTP/1.1 www.chatany.world/h5/assets/bg2.png
IP 54.230.111.69:0
File type PNG image data, 750 x 1334, 8-bit/color RGBA, non-interlaced\012- data
Size 239 kB (238866 bytes)
Hash fa54b45ea109b0498cf21c5e5b66fc3f
6ad4cd5c60c6f956ec22628a7fd59cd89fee42da
2907d019705a6545f3af8a55bee1e95bd6bb6793e36059b5e8ebfb191b1ce1da
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.world Domain
GET /h5/assets/bg2.png HTTP/1.1
Host: www.chatany.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/h5/reg.html?invite_code=ZTF94Z
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 238866
Connection: keep-alive
Server: nginx
Date: Fri, 03 Feb 2023 09:11:59 GMT
Last-Modified: Fri, 03 Feb 2023 08:57:26 GMT
ETag: "63dccc76-3a512"
Expires: Sun, 05 Mar 2023 09:11:59 GMT
Cache-Control: max-age=2592000
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DP3fHWquEtep7uPO7VM1dsxmB67UioPX9kjAwSdNrPn-9O79rDQ30g==
Age: 473190
Vary: Origin
www.chatany.world/h5/assets/wenan.webp
54.230.111.69200 OK 76 kB URL HTTP/1.1 www.chatany.world/h5/assets/wenan.webp
IP 54.230.111.69:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ddf727eb20d61c6a96720172c7268f20
71d3a6d84ce40d25534e389a5a20ed070e0e22cf
f36649ad3b57a3b094c6bdf6d08f0f46784fa6bb13d60642146201b1af0a898a
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.world Domain
GET /h5/assets/wenan.webp HTTP/1.1
Host: www.chatany.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/h5/reg.html?invite_code=ZTF94Z
HTTP/1.1 200 OK
Content-Type: image/webp
Content-Length: 76106
Connection: keep-alive
Server: nginx
Date: Wed, 08 Feb 2023 09:12:33 GMT
Last-Modified: Wed, 08 Feb 2023 01:46:22 GMT
ETag: "63e2feee-1294a"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CNe5C8Fus_W96uqi1ppENi68xmrJfgB25SUxUnqqXC-tIIc6KmbVlQ==
Age: 41156
Vary: Origin
cstaticdun.126.net/plugins.min.js?v=27931479
47.246.44.229200 OK 23 kB URL HTTP/1.1 cstaticdun.126.net/plugins.min.js?v=27931479
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (61303), with no line terminators
Hash 38c90350efea451fed2c70a91e114837
d055b360295eba71a27d517d03524ba86b7ff9ba
a5505d1e1aa1aa5a18d7c042df58f3c956bd849322787d43e42b26bf86119c08
GET /plugins.min.js?v=27931479 HTTP/1.1
Host: cstaticdun.126.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 22751
Connection: keep-alive
Date: Wed, 08 Feb 2023 16:36:35 GMT
Timing-Allow-Origin: *, *
Cache-Control: max-age=300
Expires: Mon, 06 Feb 2023 04:41:27 GMT
Last-Modified: Mon, 06 Feb 2023 01:46:01 GMT
Vary: Accept-Encoding
Ali-Swift-Global-Savetime: 1675874195
Via: cache16.l2de2[0,0,304-0,H], cache3.l2de2[1,0], cache8.se1[0,0,200-0,H], cache8.se1[0,0]
Content-Encoding: gzip
Age: 14514
X-Cache: HIT TCP_MEM_HIT dirn:11:268196711
X-Swift-SaveTime: Wed, 08 Feb 2023 16:37:05 GMT
X-Swift-CacheTime: 43170
Access-Control-Allow-Methods: GET,POST,OPTIONS,HEAD
Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: *
EagleId: 2ff62c9c16758887096776994e
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12096
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 20:38:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12096
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 20:38:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12096
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 20:38:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12096
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 20:38:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12096
Expires: Thu, 09 Feb 2023 00:00:05 GMT
Date: Wed, 08 Feb 2023 20:38:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9c2a9eee923b84d4e06438a8b2acaff
520b122e3ce52220af153fee26bb7067283f9075
9ff4236fdcd05210a9c8bb48ea68179e142b1b05c8b19dd66282590dff69fa22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdcf61053-67f6-4767-ad44-fa802c5ef5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10058
x-amzn-requestid: 94374454-1e89-4c43-895b-0a90f39b851d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O5vEgcoAMFctg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c50a-0bf11cad4b0818c36188ba91;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1R4SRNvqhRHbrDZsGB06NJbBXf8WRgJEHmXTbop8pqf8etTJSlmQwQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:06:05 GMT
age: 81144
etag: "520b122e3ce52220af153fee26bb7067283f9075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbe359ce6fb136add75c8f3d3cc06330
e6584afcf39b6fad21eccbcce95c6645b8e1b3b8
29478bf1b8168dc457bb7d298448a78e1040bd3aa80cbf11cfa37475568590d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8170
x-amzn-requestid: d1ddb47f-3472-4015-8d55-72f435671f03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f5aSPHiroAMFpSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e070da-114975440d70915472cdba2f;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 03:15:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0w6JgtsKSRHLPJ3LyY6YUI8N7PS-gVlLuivQUq9jdyeYYm3STiJJIQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 04:13:34 GMT
age: 59095
etag: "e6584afcf39b6fad21eccbcce95c6645b8e1b3b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d2eccb9280b851aa1725df5681f6bbd
b4e2b14ee5bc9ee6c9c05666c34b2d1b6ec425b5
c64ece16f4c550feb05db1bccbf74b49d839e77fea31893d48a3f0c267939c92
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa8532aa1-7280-445c-9c4c-b562d09929d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10328
x-amzn-requestid: 0b0b3fcd-416c-47ac-afa0-51be0ab85665
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PPlGGqoAMFxYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c596-219ee5023d71e4ce17d49233;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1uPNh-FvA8oI5ZuruNle0ATMPSsyl-_ZjLrUnPQJrogPVREc8wrHMQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:12:09 GMT
etag: "b4e2b14ee5bc9ee6c9c05666c34b2d1b6ec425b5"
content-type: image/jpeg
age: 80780
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8a3fa4f1ec82d501942f9db3de2cb7d
b91c2aea7f2fb26131c8929b254c5596a1bb25ff
9d246eeab8ba04c775a03fd960c8859934a0accb737e845e89aba40bc573fdaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: b2b61a71-5326-4fc6-baba-7baad29cf7c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkbHfDIAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c482-5cc4028d01d05305637af317;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xc32O6lBfn7jYg9I3VlZ5FnR9YpJtU3DbYD_ozsf_-R_Ih1-2e1-CQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:10 GMT
age: 82579
etag: "b91c2aea7f2fb26131c8929b254c5596a1bb25ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 544181f4aba24fc687a14522dd20f720
2b117270563b8c466ec774acce55271c38f6135b
607c45cc5b4726b92c8507988bbb90ac6a44a3cf22b290030d440266350099a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99e021e8-f66e-44fd-94ca-b30d25a8f5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4961
x-amzn-requestid: c3b9db99-726f-4473-a6b6-9cff0dceb949
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswe1GeRoAMFiAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-17b52fcd74e374f1104af709;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dSxTM3mmYK8cLOy5_x4o-lew1goEgwT4fBHi0pM-HSK_qBC6rDAlzg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 15:13:11 GMT
age: 19518
etag: "2b117270563b8c466ec774acce55271c38f6135b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 726928e5de19ef978faebbe933c34008
bdaba3ed0c7efb65de88af96063d830683c8499b
c6d208fcee052da80de1bf2dcccbbc48853511b8888c4777799ee676abba51b5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf4a5986-35e6-4c6b-9dba-c981908d9ec1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8644
x-amzn-requestid: d6d71f42-f887-4ad0-a2b7-9073d3857b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjRHBFoAMF4_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47b-57490f255d8d30a561fdcd3a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xU_uVO78ZQRKon3Cz-fVcHJuPEMMgzDsVuY8BXoKL6ntJwkl-SLeQA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:03 GMT
age: 82586
etag: "bdaba3ed0c7efb65de88af96063d830683c8499b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10972982485/?random=1675888765754&cv=11&fst=1675888765754&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&auid=1477303251.1675888766&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.98200 OK 911 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10972982485/?random=1675888765754&cv=11&fst=1675888765754&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&auid=1477303251.1675888766&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (1929), with no line terminators
Hash d176791903babebf6645063f646adbb1
442f09cf92d65f128ede92f58f46b4a11ee9b291
be9af4218c0576661416d37ee322522f9fb93d0da3227df1f6574109498a88ad
GET /pagead/viewthroughconversion/10972982485/?random=1675888765754&cv=11&fst=1675888765754&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&auid=1477303251.1675888766&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 20:38:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 911
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 20:53:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 84889b914548f7820766f27a40699cfa
bc674cdb5819759b5ecd5aabfde47f56127f5d89
e2a69fe4edd028d00a8a744b62ef51dada2aff144da0cd9813efc887a11f70a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/10972982485/?random=1675888765754&cv=11&fst=1675886400000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2524575157&rmt_tld=0&ipr=y
216.58.211.4200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/10972982485/?random=1675888765754&cv=11&fst=1675886400000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2524575157&rmt_tld=0&ipr=y
IP 216.58.211.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10972982485/?random=1675888765754&cv=11&fst=1675886400000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2524575157&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 20:38:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10972982485/?random=1675888765754&cv=11&fst=1675886400000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2524575157&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10972982485/?random=1675888765754&cv=11&fst=1675886400000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2524575157&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10972982485/?random=1675888765754&cv=11&fst=1675886400000&bg=ffffff&guid=ON&async=1>m=45be3260&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html%3Finvite_code%3DZTF94Z&tiba=Register%20%7C%20CatStar&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2524575157&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 08 Feb 2023 20:38:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 20:38:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cf.aliyun.com/nvc/nvcPrepare.jsonp?a=%7B%22a%22%3A%22FFFF0N4N0000000099B3%22%2C%22d%22%3A%22nvc_register_h5%22%2C%22c%22%3A%221675888765610%3A0.0002195891540703876%22%7D&callback=jsonp_07309127283398026
59.82.58.127200 OK 287 B URL HTTP/1.1 cf.aliyun.com/nvc/nvcPrepare.jsonp?a=%7B%22a%22%3A%22FFFF0N4N0000000099B3%22%2C%22d%22%3A%22nvc_register_h5%22%2C%22c%22%3A%221675888765610%3A0.0002195891540703876%22%7D&callback=jsonp_07309127283398026
IP 59.82.58.127:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type ASCII text, with no line terminators
Hash a84fc8ccf6715802f0158b0232448113
9c1c05cd418797f99d24920caeb58610315dbe28
ce4b29424c6e5915293b197bb3849f724f46d866327e92de94372e7103d52abf
GET /nvc/nvcPrepare.jsonp?a=%7B%22a%22%3A%22FFFF0N4N0000000099B3%22%2C%22d%22%3A%22nvc_register_h5%22%2C%22c%22%3A%221675888765610%3A0.0002195891540703876%22%7D&callback=jsonp_07309127283398026 HTTP/1.1
Host: cf.aliyun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 20:38:30 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 287
Connection: keep-alive
Content-Language: zh-CN
Server: Tengine/Aserver
EagleEye-TraceId: 21507ab516758887109282260e1852
Timing-Allow-Origin: *
g.alicdn.com/sd/nvc/1.1.156/nvch5.js
47.246.44.251200 OK 3.4 kB URL HTTP/1.1 g.alicdn.com/sd/nvc/1.1.156/nvch5.js
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type Unicode text, UTF-8 text, with very long lines (9663), with no line terminators
Hash e857ef01510153969655687b0862e2ff
5949ca60f96ebcfbae39390495daebd8a31bf5f1
f80d09e7bd23c0b0600454a88baf036edbbab08d832af00c32db7717e632bdce
GET /sd/nvc/1.1.156/nvch5.js HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 3390
Connection: keep-alive
Date: Wed, 08 Feb 2023 05:29:22 GMT
Vary: Accept-Encoding
x-oss-request-id: 63E33331601F6234363A2DD3
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7462698270074571788
x-oss-storage-class: Standard
Cache-Control: max-age=2592000,s-maxage=86400
Content-MD5: ojAgosrfEoAHyPZaKDpN3g==
x-oss-server-time: 26
Content-Encoding: gzip
Access-Control-Allow-Origin: *
x-bucket-code: 3
Ali-Swift-Global-Savetime: 1675834162
Via: cache10.l2de2[0,0,200-0,H], cache11.l2de2[1,0], cache11.l2de2[1,0], cache1.se1[0,0,200-0,H], cache8.se1[1,0]
Age: 54549
X-Cache: HIT TCP_MEM_HIT dirn:2:221579346
X-Swift-SaveTime: Wed, 08 Feb 2023 06:01:27 GMT
X-Swift-CacheTime: 84475
Timing-Allow-Origin: *
EagleId: 2ff62c9c16758887110758958e
c.dun.163.com/api/v2/getconf?referer=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html&zoneId=&id=c6621514d07441d18d4c952f70cc8d35&ipv6=false&runEnv=10&loadVersion=2.2.3&callback=__JSONP_vkcr4yu_0
18.198.7.174200 OK 434 B URL HTTP/1.1 c.dun.163.com/api/v2/getconf?referer=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html&zoneId=&id=c6621514d07441d18d4c952f70cc8d35&ipv6=false&runEnv=10&loadVersion=2.2.3&callback=__JSONP_vkcr4yu_0
IP 18.198.7.174:0
File type ASCII text, with very long lines (648), with no line terminators
Hash 9e4b0b870950830323cee3317c6a8a62
5006b8a70ab53a30dd00c6feea43876db6543aa1
739f7573ba1aca733781723654585eaae15d83caf9d9f1ced0b6a14d0af08264
GET /api/v2/getconf?referer=http%3A%2F%2Fwww.chatany.world%2Fh5%2Freg.html&zoneId=&id=c6621514d07441d18d4c952f70cc8d35&ipv6=false&runEnv=10&loadVersion=2.2.3&callback=__JSONP_vkcr4yu_0 HTTP/1.1
Host: c.dun.163.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 20:38:31 GMT
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP="CAO PSA OUR"
Set-Cookie: _gid=GA.9366514114.76938884178907
Timing-Allow-Origin: *
Cache-Control: no-store
Content-Encoding: gzip
X-Via: EUFK,CN31,CN31, EUFK,CN31
www.chatany.world/favicon.ico
54.230.111.69200 OK 3.9 kB URL HTTP/1.1 www.chatany.world/favicon.ico
IP 54.230.111.69:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371)
Hash 1b65a6d0081d3255f4c1dc29a88201ac
b88e09c7eddc898a514cc5eb38a64d5b4e7a3502
ccb4b94b878862393bc7bad43b421caaa2c6207d81e855fae86034cdaf4fefd6
NIDS Severity Alert suricata medium ET INFO HTTP Request to Suspicious *.world Domain
GET /favicon.ico HTTP/1.1
Host: www.chatany.world
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/h5/reg.html?invite_code=ZTF94Z
Cookie: _gcl_au=1.1.1477303251.1675888766
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Cache-Control: no-cache, private
Date: Wed, 08 Feb 2023 20:38:31 GMT
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlZKQXhkU0VNcmRjbTJibzRobGl4M2c9PSIsInZhbHVlIjoiRzRqditRNkJPd1lXVklXTDRNUkoxbG9rK0hRdm9tYjlNdU4zdGYzK0k0d1VUVnVWZlk5RVBPUDlPUENRanN5RVBNZ09rZlNUSkRMZU4yZTFKbzRJbis0aHdVWTR2T1lBNUZnNG9ZV2dpZjluZlVCQzVZYnhUVVR5aW1xaDJaYXciLCJtYWMiOiI5OTJmYWExYzQzYTJmMmRiNzBmZWFmZDQ5YjAyMDI5Y2QxMmUwOThhNTBlYzAyZjg3NmFiZWUxMjJmOGNiZjkxIn0%3D; expires=Wed, 08-Feb-2023 22:38:31 GMT; Max-Age=7200; path=/; samesite=lax
plus_session=eyJpdiI6InFWVnFOSjBaU2xmNWozMkFnV2xCZFE9PSIsInZhbHVlIjoiK3ZMemZQeTJmbkVXbVhYY0pINlFrUkpxVjZIMVBjVnBFREVORU1sMHR4Zlp2UnVoNHg3eThBa1Evc01rTFA0VjlxNmFnOXRRT3NkOHdtVEVyTWVGMXRPNXpHOUlUUmxKS1FXVlhOeGl2NzBBaGM2WjJGNWdRTXJzOCtSaDk4YXMiLCJtYWMiOiJkYzg1OTMwY2FjMzg0MjY3M2JmYTU4MzhkMWM1ZTUzMmI3ZTI0ZWJjNzA1NTFmNWE0ZDljZWI5MDk4Yzk1NmI3In0%3D; expires=Wed, 08-Feb-2023 22:38:31 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 8QXdf8zBxI-IO74jmNoGwE4jj1VEu1ItvHW_YPlzPgXn9DhLMwQ-Uw==
Vary: Accept-Encoding, Origin
cstaticdun.126.net/2.21.1/light.v2.21.1.min.js?v=2793147
47.246.44.229200 OK 16 kB URL HTTP/1.1 cstaticdun.126.net/2.21.1/light.v2.21.1.min.js?v=2793147
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash 02890b8e1c760f4650c2e278da88611c
4e1a472cbe584d1ef163c9eb727659597ff50f41
9efd0a9e0cafb821f6de964925999f8f0efe4163d333ffe8d8d9195bf7505a91
GET /2.21.1/light.v2.21.1.min.js?v=2793147 HTTP/1.1
Host: cstaticdun.126.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 15496
Connection: keep-alive
Date: Wed, 08 Feb 2023 16:34:09 GMT
Timing-Allow-Origin: *, *
Cache-Control: max-age=300
Expires: Mon, 14 Nov 2022 16:33:41 GMT
Last-Modified: Mon, 07 Nov 2022 05:53:30 GMT
Vary: Accept-Encoding
Ali-Swift-Global-Savetime: 1675874049
Via: cache4.l2de2[0,0,304-0,H], cache14.l2de2[0,0], cache7.se1[0,0,200-0,H], cache1.se1[1,0]
Content-Encoding: gzip
Age: 14662
X-Cache: HIT TCP_MEM_HIT dirn:11:230901959
X-Swift-SaveTime: Wed, 08 Feb 2023 16:35:38 GMT
X-Swift-CacheTime: 43111
Access-Control-Allow-Methods: GET,POST,OPTIONS,HEAD
Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: *
EagleId: 2ff62c9516758887111246733e
cstaticdun.126.net/2.21.1/core.v2.21.1.min.js?v=2793147
47.246.44.229200 OK 200 kB URL HTTP/1.1 cstaticdun.126.net/2.21.1/core.v2.21.1.min.js?v=2793147
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type Unicode text, UTF-8 text, with very long lines (51731), with no line terminators
Size 200 kB (199889 bytes)
Hash b17bfe8f858efa2b1d0036fdb03e33b3
a63d8a2058da96983cef448c26e069ab3e4459e3
603ed5f2025b031d6e1253a251b6fe02d1d5860f992e3d0d64231f0fd40e8332
GET /2.21.1/core.v2.21.1.min.js?v=2793147 HTTP/1.1
Host: cstaticdun.126.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 199889
Connection: keep-alive
Date: Wed, 08 Feb 2023 16:34:18 GMT
Timing-Allow-Origin: *, *
Cache-Control: max-age=300
Expires: Mon, 14 Nov 2022 16:33:14 GMT
Last-Modified: Mon, 07 Nov 2022 05:53:30 GMT
Vary: Accept-Encoding
Ali-Swift-Global-Savetime: 1675874058
Via: cache20.l2de2[0,0,304-0,H], cache17.l2de2[1,0], cache8.se1[0,0,200-0,H], cache8.se1[1,0]
Content-Encoding: gzip
Age: 14653
X-Cache: HIT TCP_MEM_HIT dirn:4:370425677
X-Swift-SaveTime: Wed, 08 Feb 2023 16:35:38 GMT
X-Swift-CacheTime: 43120
Access-Control-Allow-Methods: GET,POST,OPTIONS,HEAD
Access-Control-Expose-Headers: *
Access-Control-Allow-Origin: *
EagleId: 2ff62c9c16758887111111010e
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash a51f30a7340e8d932713c342500a68f9
489eac8ff428bda37c6c6928253571e158bbc84f
41f5314c08f73d2f7078e0ba5332a6aae842fc912fa1041656860e075a45d5fa
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 20:38:31 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 12 Feb 2023 17:26:56 GMT
ETag: "489eac8ff428bda37c6c6928253571e158bbc84f"
Last-Modified: Wed, 08 Feb 2023 17:26:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 799
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79672b5cbed2b4fd-OSL
g.alicdn.com/AWSC/WebUMID/1.93.0/um.js
47.246.44.251200 OK 68 kB URL HTTP/2 g.alicdn.com/AWSC/WebUMID/1.93.0/um.js
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash 80e5c35f822194338e288f220c9fcad5
94c48ee8a57406440705881097f0a2df5123015e
afde5a89c5bac45d8ecf097c4dcb62d8da3a8cdc7088ea46e48d6b33d82ebb9d
GET /AWSC/WebUMID/1.93.0/um.js HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 67905
date: Wed, 08 Feb 2023 07:19:48 GMT
vary: Accept-Encoding
x-oss-request-id: 63E34D141621A431336B2553
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2332966527039349753
x-oss-storage-class: Standard
cache-control: max-age=2592000,s-maxage=86400
content-md5: pM/3ginlb95fKNGZlnmh0Q==
x-oss-server-time: 4
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1675840788
via: cache6.l2de2[0,0,200-0,H], cache23.l2de2[1,0], cache23.l2de2[1,0], cache7.se1[0,0,200-0,H], cache8.se1[2,0]
age: 47923
x-cache: HIT TCP_MEM_HIT dirn:5:7524941
x-swift-savetime: Wed, 08 Feb 2023 07:19:59 GMT
x-swift-cachetime: 86389
timing-allow-origin: *
eagleid: 2ff62c9c16758887112001113e
X-Firefox-Spdy: h2
g.alicdn.com/AWSC/uab/1.140.0/collina.js
47.246.44.251200 OK 106 kB URL HTTP/2 g.alicdn.com/AWSC/uab/1.140.0/collina.js
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Size 106 kB (105494 bytes)
Hash 39bc7e5f2b862a3ab837ece827b9e15c
0f33a91bf980ca3cd3fe8143f49d4288174e6f7d
a5add42f16178a734151fc3699669fcb57c9ae13053d74f0532370aacbb0fa46
GET /AWSC/uab/1.140.0/collina.js HTTP/1.1
Host: g.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 105494
date: Wed, 08 Feb 2023 04:36:13 GMT
vary: Accept-Encoding
x-oss-request-id: 63E326BD9B865C32300F2A14
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17940526130122019226
x-oss-storage-class: Standard
cache-control: max-age=2592000,s-maxage=86400
content-md5: dftrlNyzqciau1mj/9dUbw==
x-oss-server-time: 211
content-encoding: gzip
access-control-allow-origin: *
x-bucket-code: 3
ali-swift-global-savetime: 1675830973
via: cache1.l2de2[0,0,200-0,H], cache3.l2de2[1,0], cache3.l2de2[3,0], cache4.se1[0,0,200-0,H], cache8.se1[1,0]
age: 57738
x-cache: HIT TCP_MEM_HIT dirn:11:236779695
x-swift-savetime: Wed, 08 Feb 2023 04:36:14 GMT
x-swift-cachetime: 86399
timing-allow-origin: *
eagleid: 2ff62c9c16758887112011115e
X-Firefox-Spdy: h2
acstatic-dun.126.net/tool.min.js?v=27931479
47.246.44.229200 OK 2.5 kB URL HTTP/1.1 acstatic-dun.126.net/tool.min.js?v=27931479
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (528)
Hash e5caa26b5d2b26aad388343701de03a4
af141063e26f1a99d39e7502ba4f639c624fb8e1
2c194340dd3470fa0baf22ad35a3dff51f94241dd0b983b08135ac344247d342
GET /tool.min.js?v=27931479 HTTP/1.1
Host: acstatic-dun.126.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 2517
Connection: keep-alive
Date: Wed, 08 Feb 2023 16:42:05 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *, *
Cache-Control: max-age=300
Expires: Thu, 10 Nov 2022 04:42:57 GMT
Last-Modified: Mon, 31 Oct 2022 09:36:46 GMT
Vary: Accept-Encoding
Ali-Swift-Global-Savetime: 1675874525
Via: cache3.l2de2[0,0,304-0,H], cache6.l2de2[1,0], cache8.se1[0,0,200-0,H], cache7.se1[1,0]
Content-Encoding: gzip
Age: 14187
X-Cache: HIT TCP_MEM_HIT dirn:11:74500597
X-Swift-SaveTime: Wed, 08 Feb 2023 16:42:11 GMT
X-Swift-CacheTime: 43194
Access-Control-Allow-Methods: GET,POST,OPTIONS,HEAD
Access-Control-Expose-Headers: *
EagleId: 2ff62c9b16758887122648590e
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash e774041c7ec0578086d6ff305f7c683f
5b188edf511a79d85ad69d75cc5a1760f6369dac
d4e9a8648904eca099f12734732648e3f2397087d3635b61fa737f3f933d76a5
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 20:38:33 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 12 Feb 2023 17:26:01 GMT
ETag: "5b188edf511a79d85ad69d75cc5a1760f6369dac"
Last-Modified: Wed, 08 Feb 2023 17:26:02 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 605
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79672b68ee76b4fd-OSL
ac.dun.163.com/v2/config/js?pn=YD00682909958394&cvk=&cb=__wmjsonp_ad2c92c0&t=1675888768238
18.198.7.174200 OK 575 B URL HTTP/1.1 ac.dun.163.com/v2/config/js?pn=YD00682909958394&cvk=&cb=__wmjsonp_ad2c92c0&t=1675888768238
IP 18.198.7.174:0
File type ASCII text, with very long lines (1088), with no line terminators
Hash b9bfc312183aa62142cbf216ac6739e1
c69d7704686b5eaddd9a447d4672c773fcf05f88
093529244bf419377efed00ffa86558e43d57fb73bdfc2cca3b8cd69da2402b9
GET /v2/config/js?pn=YD00682909958394&cvk=&cb=__wmjsonp_ad2c92c0&t=1675888768238 HTTP/1.1
Host: ac.dun.163.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 20:38:33 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
acstatic-dun.126.net/2.7.5_e2891084/watchman.min.js
47.246.44.229200 OK 35 kB URL HTTP/1.1 acstatic-dun.126.net/2.7.5_e2891084/watchman.min.js
IP 47.246.44.229:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (666)
Hash dda9936e3573faa187374b087192fbed
6a3be02e77d2cd06a0c3ac45a67b05af05c22561
ae09179e9ec384cab0c95c68c783ce5354bb0d75b93e67a38e10affdd96e57f1
GET /2.7.5_e2891084/watchman.min.js HTTP/1.1
Host: acstatic-dun.126.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 35116
Connection: keep-alive
Date: Wed, 08 Feb 2023 16:54:08 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *, *
Cache-Control: max-age=300
Expires: Thu, 10 Nov 2022 13:59:21 GMT
Last-Modified: Mon, 31 Oct 2022 09:36:46 GMT
Vary: Accept-Encoding
Ali-Swift-Global-Savetime: 1675875248
Via: cache12.l2de2[0,0,304-0,H], cache1.l2de2[1,0], cache2.se1[0,0,200-0,H], cache7.se1[1,0]
Content-Encoding: gzip
Age: 13465
X-Cache: HIT TCP_MEM_HIT dirn:3:332017674
X-Swift-SaveTime: Wed, 08 Feb 2023 16:54:23 GMT
X-Swift-CacheTime: 43185
Access-Control-Allow-Methods: GET,POST,OPTIONS,HEAD
Access-Control-Expose-Headers: *
EagleId: 2ff62c9b16758887133882077e
ynuf.aliapp.org/w/wu.json
203.119.175.235200 OK 156 B URL HTTP/2 ynuf.aliapp.org/w/wu.json
IP 203.119.175.235:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Hash 817bddc7c2246701d27f0326b6583111
8b80ec8fb39cd134a077656896d958915740942d
2b1ea7f0d48ebdd6845cd1a2b148c20600d2b59b31fcf89256b6c69bd041fa52
GET /w/wu.json HTTP/1.1
Host: ynuf.aliapp.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 20:38:33 GMT
content-type: text/javascript;charset=utf-8
content-length: 156
x-application-context: umid-web:cn-prod:7001
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: Accept,X-PINGARUNER,CONTENT-TYPE,X-Requested-With
etag: G3526200BE9D43392454700A31C05FC9ACBA34259675CDF7E9C
cache-control: no-cache
set-cookie: cbc=G90E3452649E804BDEB08CE634C8EF875ACEC2C299F7EB588FD; Max-Age=31536000; Expires=Thu, 08-Feb-2024 20:38:33 GMT; Domain=ynuf.aliapp.org; Path=/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
server: Tengine/Aserver
eagleeye-traceid: 21507a0516758887134331234eb7a9
timing-allow-origin: *
X-Firefox-Spdy: h2
ac.dun.163.com/v3/d
18.198.7.174200 OK 250 B IP 18.198.7.174:0
File type ASCII text, with no line terminators
Hash fe110f6cda5f4997430c718ef0ff594b
d96b367bf1fa7df2cb7a3e01edeba1abe93ac384
47bf46cc2c14f757ad5b98cf6a0d61e05a2d6792d183a576506e7d3094ffe81b
POST /v3/d HTTP/1.1
Host: ac.dun.163.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 842
Origin: http://www.chatany.world
Connection: keep-alive
Referer: http://www.chatany.world/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 20:38:33 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ynuf.aliapp.org/service/um.json
203.119.175.235200 OK 136 B URL HTTP/2 ynuf.aliapp.org/service/um.json
IP 203.119.175.235:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type JSON data\012- , ASCII text, with no line terminators
Hash 32f000bb56e35cb7ccc20d908066f581
bcfd1c796bf311fbb8d2699c54c50d2bf14ea211
11bfe2708e9497c6c76a059f82d7c8f2fccec9eee7559901665d7abff0ce9c43
POST /service/um.json HTTP/1.1
Host: ynuf.aliapp.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 601
Origin: http://www.chatany.world
Connection: keep-alive
Referer: http://www.chatany.world/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 20:38:33 GMT
content-type: text/plain;charset=UTF-8
content-length: 136
x-application-context: umid-web:cn-prod:7001
access-control-allow-origin: http://www.chatany.world
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: Accept,X-PINGARUNER,CONTENT-TYPE,X-Requested-With
set-cookie: umdata_=G33990F417D0BBD2B6DDD52CC173BD611FE88CF161296BB4026; Max-Age=31536000; Expires=Thu, 08-Feb-2024 20:38:33 GMT; Domain=ynuf.aliapp.org; Path=/
p3p: CP=IVAa PSAa
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
server: Tengine/Aserver
eagleeye-traceid: 21507a0516758887138321242eb7a9
timing-allow-origin: *
X-Firefox-Spdy: h2