| affordcharmcropwo.shop/api | 104.21.67.211 | 200 OK | 5.8 kB |
URL User Request POST HTTP/1.1affordcharmcropwo.shop/api IP104.21.67.211:80
File typeHTML document, ASCII text, with very long lines (14362), with no line terminators Hash2821c11eb86a783d6d707bc14b862da2 efe36a1037d31885fc180289f48399f22bfef87a d3aaad75dac41123548c346f07ba6c5164171d0ffd4d018818c6a7261493670c
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /api HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 16:17:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: gd4/yCxyCuVbkpBdIpy1Xm+NnaBorrQilP7PmAKDmHwZwsQtyDr7EqVJUulgXmQ6aXpof/2JzRHSTzFSrg1wDEXyHRPu7E5wtn3JZ2LpddL0+GsXMUIYtCJ+SSCrsjgR/dvAKXzcfa6NxJQnLhfb6w==$Ju5lpUuUPswlZDHWcaPXTA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TtlAduTk1mVzo5C0oYZywSO8fX75lwyd8wWTk2tfxSo%2ByVmYYp%2Bk5dAPeszKVUYHP8xhUEGd1zBGm2lGvmHW1RcGGu6b3%2BZ%2F4UQAF4Twpy%2FITDSOWYLAFABay5h4NX1YvdCPFm%2BXJj4K"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e9cdb16ae656bd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e9cdb16ae656bd | 104.21.67.211 | | 113 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e9cdb16ae656bd IP104.21.67.211:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (113390 bytes) Hash8a1722ae4e7fb015a6d9339d4a7e6d18 8aa2074614cc95d8b4b9876f269a6255ffaa9988 c8894c53d0ff37d341ad9f7154226cb098926be6cdc0474e51aaa5dafea71f40
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e9cdb16ae656bd HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api?__cf_chl_rt_tk=Rk.i6WYOn7S40l1tmvyMo_tlJE5P0XY171dDQrYp0kk-1714839472-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:17:53 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=23HqxclLTu%2BZo1kLaQaKmHUvZjhGN14Fc5CDnFLIFh3Ir2Hw2lPGljVimJqj8CkoLi7g5UTIG0jq62X5O6ymuN4PlyW%2FcyM7IlkzmaXNzSkZXy2YbreW%2BMf7pZH3X0UNW5t9Ev9JFvxY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e9cdb32cf5b529-OSL
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api
File typeHTML document, ASCII text, with very long lines (14484), with no line terminators Hashbd43d5ab1d1befcc7e2b0381c0d6a2e6 2236551a9dff392be5fc0fdda53d11e8848c23fa 9ccd247dea2e70524569ce401b908dc42eef9e9d1d7db7b5ca328ffaa8bce53c
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api?__cf_chl_rt_tk=Rk.i6WYOn7S40l1tmvyMo_tlJE5P0XY171dDQrYp0kk-1714839472-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 16:17:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: +syrh+KwuJS+YdUZY221cz+H6wNQGV720pq2SGrFaHnzSuc0lwRkCcN7HS1Fdl4X6jXdLF5MQy5IsOlWErZqV70iFgZDdYJdaEYte2iLOTQ1ACGqVjdSbSJz66JCcKWrM7uPknTQTAK/vvyKEPPPtw==$+Eb0QNamNiFKyvrAFYduDA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aDoUHjL4XU0kWOW%2FwnELqgAcx7UgyhWw0VYO%2B%2FcCO7tSmRX7zkjBRRXth%2BhPGU2hrmJxARoySz%2BXaAkE596vgz%2FF4Ee2tVyhsFEnfaaX%2BCkoWjeTJxUE%2FxVALWrXftoHjOSitsvImZ3o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e9cdb37d75b529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api
File typeHTML document, ASCII text, with very long lines (14398), with no line terminators Hashef948188d4d8d770182de93b000a99ea cf75fedd67d14020f19fe569336e1db8760b9141 05128dc257c9877cdba98c5314b0222365bba77c699fc8f0edbe9973fd12b525
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 16:17:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: xqOQzSIsh2RmSjrswPWs1IRSw1h9GD22aZqozArWrWuruwrBlMwJTIjfcaKeb5r73szZUCJk5PYcbclz1ZPEuRapxJDgBom4yydHOj/db0CVAsAI79R5Gi8/JCs+KX1WdlsOyNvLm3mW2ZYP1oL6uQ==$dLTnvfx7Y8FjV760qcNLJA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NtjagnlBeVHNg26CwvCPkP4ewnkcauJ4wPGqP2yRx5LwetcACsihQIoWcHXUdBIBS7hYn2zIqfyI%2BRiNpQL8Vz%2FaJfeKc23kAgmmpf8MOJnn3fYeluFBwJtslrJxN5P%2B1%2Fv6i5hND7eE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e9cdb3ca7b56a9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1994060004:1714836685:qu2mgvfC0GlH8OXQHfYIG6gKEJJHDqrMXbDOaH5Ww3k/87e9cdb16ae656bd/da9d9689401a8cc | 104.21.67.211 | | 12 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1994060004:1714836685:qu2mgvfC0GlH8OXQHfYIG6gKEJJHDqrMXbDOaH5Ww3k/87e9cdb16ae656bd/da9d9689401a8cc IP104.21.67.211:0
File typeASCII text, with very long lines (16416), with no line terminators Hash8f8f8adbbc67610d650685f0d620b1d1 aaed3c924ca0bf0623d4b7349883ec622a2e9a41 338371b1476d8b50ac7cfcfa5acd647f6c5059dfe7af072b1e7472de34def9f1
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1994060004:1714836685:qu2mgvfC0GlH8OXQHfYIG6gKEJJHDqrMXbDOaH5Ww3k/87e9cdb16ae656bd/da9d9689401a8cc HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: da9d9689401a8cc
Content-Length: 1829
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:17:53 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: ufK++QWER9jRh4EDyygCNl3P2it+6Si7hw0jQJsZLoqqdxZkb4kvFZ7PKFK7SJds$kEOWNYJ44AEnC4pW9SCDlg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1MiJfYGh6rWhEBYvB2g2mCSEIFz0kmJZMyKOKgWBD8YHq9xJY72h8llBNV1mJ4S8PZz46m1E8v60Ucug7FSSO6%2BiFf21%2BJuhLt2K03FqlSpWQ0IW%2BbooQOLY2yhlXE05UtR55zBjk4m"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e9cdb4dcc30b69-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hrtpe/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:17:53 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87e9cdb66d80b50c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87e9cdb5dcb0b50c/1714839473997/It0whVEZhmXur2X | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87e9cdb5dcb0b50c/1714839473997/It0whVEZhmXur2X IP104.17.2.184:0
File typePNG image data, 14 x 29, 8-bit/color RGB, non-interlaced Hashd3d825e67f3d82bd1241101d81cd1d24 b36b840744b47b84d3f1c6ff088ddfa15b114ac1 619e348db166f938ad3ba4cc30555aef7d725801e171b85365d77f0624aa32c6
GET /cdn-cgi/challenge-platform/h/g/i/87e9cdb5dcb0b50c/1714839473997/It0whVEZhmXur2X HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hrtpe/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:17:54 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87e9cdbb4c84b50c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/740557858:1714836644:jasH2Yl-h6EZMDXaljV9UtH9hTpm1KKBjAENWxbjoHU/87e9cdb5dcb0b50c/9b001c8c188a7ea | 104.17.2.184 | | 110 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/740557858:1714836644:jasH2Yl-h6EZMDXaljV9UtH9hTpm1KKBjAENWxbjoHU/87e9cdb5dcb0b50c/9b001c8c188a7ea IP104.17.2.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size110 kB (110383 bytes) Hashf5defa336f3e3202a94c12d7b31f9b73 46d88b1ab51d53fb544a4db469e53072f0df18c6 296365af465522bd34a15b40db01d3dc96546c87fcd4db3328b39a65803725b7
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/740557858:1714836644:jasH2Yl-h6EZMDXaljV9UtH9hTpm1KKBjAENWxbjoHU/87e9cdb5dcb0b50c/9b001c8c188a7ea HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hrtpe/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9b001c8c188a7ea
Content-Length: 3513
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:17:54 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: x0Ak8nvCRnAqLyAFb6HNv/Zw3y+TuzFEU0g+0Ou8rplYZFo868ybm2lwafwWwxpiShtg0mCIqfLyDJOFNl3DSo0TnY6Oj5rYwEKAJTUJ0AOrTR8BDgSjybwk/PauaqNBprTtrQV3co7vdJ7vRUIRgSGjggH2GE1gMoTgh2cQ2WvUrsUUMOinLTjeNAyrHTxrRj7zZOIYEJLoeeHFQZK0ePgXflvTt5jspg56dnFIxoX51wJSSs/VEfIHA5vA7TL9hIICmJMPjykF6maolOHrtkmOPx3Ppardd10Z3MMI961+mkyq4BEMsqXkmHU+7YB9JiMHjiKrGLOUmajhkVHSX/U1STWodt8edJAXpmuy6rAstc5AgOAX0cFG4xEiGnwEWmEXBhGJ1TSuSdhNOccXw6FLp1/jZdI2QZdtaTFlk4QhUE0rlKQNngYyrpak6yRL$cD/PGkOBtR7elWSAXPqX4g==
vary: accept-encoding
server: cloudflare
cf-ray: 87e9cdb8688fb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1994060004:1714836685:qu2mgvfC0GlH8OXQHfYIG6gKEJJHDqrMXbDOaH5Ww3k/87e9cdb16ae656bd/da9d9689401a8cc | 104.21.67.211 | | 1.8 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1994060004:1714836685:qu2mgvfC0GlH8OXQHfYIG6gKEJJHDqrMXbDOaH5Ww3k/87e9cdb16ae656bd/da9d9689401a8cc IP104.21.67.211:0
File typeASCII text, with very long lines (2328), with no line terminators Hash9177aec349b5fcf41e606a94de3d385b 0171d3073c93b22500e9b27666f28d0d859f8707 10e21f5f2d94041f80b078df59cdd67198d74c22792fcdcbd74b7f654d332c5f
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1994060004:1714836685:qu2mgvfC0GlH8OXQHfYIG6gKEJJHDqrMXbDOaH5Ww3k/87e9cdb16ae656bd/da9d9689401a8cc HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: da9d9689401a8cc
Content-Length: 2490
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:18:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: RqXw7VbESHKmVpbDiVXCVg==$S6+QL7kgtDQkUSuNp09ofQ==
cf-chl-out: e6EwOMqCVOkxqwxpWNSeCnrA6chgCJzs9P5/OMEDMhAJgNLTVrGv7M5eI+57UOo2TwgvpElE2JWABpKOKuNR4m3SkdDWlBKnT0WyhZtzA9A=$U/UpNe7wuYA5Q5caGSsKWw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lf%2FgyA7CgGJ3VRIw7Yiy6QtMHaiVk7DBbpFA075dJKKBd9XsUsgLZiUYWWq3hemqnnkvtQ7WmXFMoFUmbej%2FjK1H8QOgHXiqnOeyXYPZaKgD7N2zGZcFy4tBHAErt7sd40XYewB7%2Fraa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e9cdf618930b69-OSL
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/api | 104.21.67.211 | 200 OK | 5.9 kB |
URL User Request POST HTTP/1.1affordcharmcropwo.shop/api IP104.21.67.211:80
File typeHTML document, ASCII text, with very long lines (14383), with no line terminators Hash8236988c7c545981a0e4779d5ad9278c 5fb0f477db94656e78eb020d743cb858441b9958 d128e77287bdcc1266ac3d94ecdae8a1e50372a4bb8547525816b2732fd3cf8f
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /api HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 16:18:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: UQK/vpXE61JCYooTbDinCni55lAhkNHssoOVkg40PmvJPvs1Qji0EbC9Om6LR1sk3GwNUG2tRN761Qq8JgQNaaP0ju5YmZ8JAVUAd+xIzVHKtyW0l8OIu9YIzPEq3BSzfQMfLc/rdJ0UIAhid3xTEA==$p2G48LR00fcH5gtTzsfGNQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2j22kBu%2BtlwQqdQS2c6CI97zPIbaBpYmLoRPSSmsMelf2rP%2BDVLWsF6ERGyC80XIg%2B2EXhVWSsOwQ%2BiiU%2BF7Ib5KVY9C235ZKAaPg5qquaz3VVT3LP32Ce9mA1HZIdBx5hxd8cuHxD%2FI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e9ce032f0d0b69-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e9ce032f0d0b69 | 104.21.67.211 | | 112 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e9ce032f0d0b69 IP104.21.67.211:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (112017 bytes) Hashb1e7d1b1f42d650fadf3c839d5044e69 d5815d8d29c8cca652455aa2cef02f82bace679c 81c17ca9833d4830810301a07e86250ca8f591596a82ab57c737ca24924abdd5
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e9ce032f0d0b69 HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api?__cf_chl_rt_tk=4JDbkpGjEwOm8yXPo8Q0kkIoHSVm3KACyazdaLQd8Ow-1714839485-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:18:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=90V7vAWksO6ZWksVb9wd%2FrGBe%2FKvT%2BPVQuoqvRjeFmbJlSP2qKkb54nVORot0gwg0XZ8l9V0Z3fqsULwZvX1HI%2F0CdAVVqC58YaNJNyFtmRt%2FkikK7ND0O8S7Rxe%2B%2Bf3AkOBKo8XK%2BZu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e9ce039dc8b500-OSL
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api
File typeHTML document, ASCII text, with very long lines (14505), with no line terminators Hash1951351862502657359bebf36e0cddbd 9524eee79d6f752711eeffbb025fe2bb7eb4c07c fb32bc5ca1ea3f5c7aa30820dcae6fa52c6aa0891b4c25a7753e5d05d47470f8
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api?__cf_chl_rt_tk=4JDbkpGjEwOm8yXPo8Q0kkIoHSVm3KACyazdaLQd8Ow-1714839485-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 16:18:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ZIMgSjNLKjDy1IGoW/nSZ2hMsWXXrx4fEY1ZfMeRqA8ZlOAGxaUC1J4QtKbgnI2kdgXLrMlAz3PxjIQfJQe8dvaYuViMx6Q2xUByjcsYI+0IXXk+nlMFV+Z5orKPW+YuT69dl4J2R18TAGg+qr5DIw==$dWr3Ca2Q6UtGtpFUkMNfvQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mn4SrjQzsWt4HL0uD9oBppcI3%2BxDqZ2cCEp3xzRs%2BDmEt4gxHnQEML2bfJSSoGpQLEY9j8SMZxEP2DR52a45y9h%2FPi%2BRb%2BY0cFmPQFxRqAHzzNnr4joOEo8TnDM2AZc4MgtQE7p%2FNHdP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e9ce03fe7eb500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hasha72e97cfe0fd0c7f867fb44de24d5ccb bd6ab9b4a27678260684a036ba1e239b540637c4 3fcb4e5c5bd191c22565d6b4cfa4678928bef10f92bb2fc147fce3e908bb5b76
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 16:18:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: yWeS1PhDCtUh0Gbx1tYZXm5YRbaVSGa2g6v6b3WmQuTAAwEfT3QJy3N6yhkL6sWg89H91Isg0xh9KU2Zuxk6esNEz9OIg1uXHjlBE2Vs/5RovoAe5QseqTpjXsvmHVN2oyZlTZjSo62+Mrddo8mnXw==$fHOcfBJ2ijNeG98xhXO2Xg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SwGlZ42ldnxi07glyh%2BaRyC8dFzLDC7C3%2B1jGfNV4jczPc%2BQanBaWtmuvx6lGWcFxueV1AeZGeMnSbPGe7Twm9vgQCHkNW%2BOXkDSZlhPzybRQ5pYu%2Be6mzW4znbFEUrGemBNF%2FwPixcd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e9ce044f43b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1316479568:1714836574:UI9JaXSim-pPxPzsA83rue6WB_VgYPbHYk366f-PNNo/87e9ce032f0d0b69/126f7bc957693e3 | 104.21.67.211 | | 12 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1316479568:1714836574:UI9JaXSim-pPxPzsA83rue6WB_VgYPbHYk366f-PNNo/87e9ce032f0d0b69/126f7bc957693e3 IP104.21.67.211:0
File typeASCII text, with very long lines (16416), with no line terminators Hasha7707dc9cc78c44c8df03450df466a9d b92aae17650650301ce41a697665c0880df3ae33 d3c25ee30f92a8a5c7473a56b7c17a6615e20bf2949ecc337cfedec1ee023a49
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1316479568:1714836574:UI9JaXSim-pPxPzsA83rue6WB_VgYPbHYk366f-PNNo/87e9ce032f0d0b69/126f7bc957693e3 HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 126f7bc957693e3
Content-Length: 1865
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:18:06 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: pmioRWTwlx9xdWCG/Mu/jYVZAJ87eEST9i4zyXpFfbQ1UXUdxlipE/AwnHU/4gOg$zQiT9DQGIUoM/Ay/cEFyzQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFlduycAQhGA8NPvXJh%2FL2Rc%2BjmD0YTbpdjDqnzgk5Am9Acfc7lMXfKPAUEANTVJ0EMnI6uzZiYDGR%2BGkVBD8DtPq4CDkm6rLrfK0Dlyft7GQcrj0dfsB1cLloVURCX0tSLGX2FxP2GT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e9ce053ad87130-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ckopl/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ckopl/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hashaa03515779411ef6fbeeedb5d1f09469 31e998735db836553a8338e51b7719f237ee859c 5275870162832e25774591f8f934f7233b803c75dba402eea25ac98b99727ef3
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ckopl/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:18:06 GMT
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
document-policy: js-profiling
cross-origin-opener-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-embedder-policy: require-corp
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
vary: accept-encoding
server: cloudflare
cf-ray: 87e9ce062e7eb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87e9ce062e7eb50c/1714839486854/FHgrEFzxNOJA9pX | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87e9ce062e7eb50c/1714839486854/FHgrEFzxNOJA9pX IP104.17.2.184:0
File typePNG image data, 29 x 88, 8-bit/color RGB, non-interlaced Hash7cc48fe5f34b4e43dc4b5fd951d343f1 f2672b815ff30ad0f011f067c2b729bbb8b6a3a0 352fe4e2336ab0ecf13d8519ee27ca8092a498c64990c04f19fac6ac6936e08b
GET /cdn-cgi/challenge-platform/h/g/i/87e9ce062e7eb50c/1714839486854/FHgrEFzxNOJA9pX HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ckopl/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:18:08 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87e9ce115f83b50c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1316479568:1714836574:UI9JaXSim-pPxPzsA83rue6WB_VgYPbHYk366f-PNNo/87e9ce032f0d0b69/126f7bc957693e3 | 104.21.67.211 | | 2.5 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1316479568:1714836574:UI9JaXSim-pPxPzsA83rue6WB_VgYPbHYk366f-PNNo/87e9ce032f0d0b69/126f7bc957693e3 IP104.21.67.211:0
File typeASCII text, with very long lines (3240), with no line terminators Hashffb051be1d814818b31be46f6e1afb73 5ae58851e7a9b6060504bddb6910455a802de9c4 0080cfd0ab2c3adc336d43d4bdb2209726045998e969a2fa90b00814e7d8f986
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1316479568:1714836574:UI9JaXSim-pPxPzsA83rue6WB_VgYPbHYk366f-PNNo/87e9ce032f0d0b69/126f7bc957693e3 HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 126f7bc957693e3
Content-Length: 3303
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 16:18:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: 2UYiTYlllFTJ1BQriQ1rRUpqKO30gCKR/IScbIwPn2wMnu02J3FbH43o4DUh5hTJgLlzzzHCrCSYD80to8adnVAa/NIfUPHOELpTr3jtgIorYJrBQNuXgidN6P3vnL2w$en0OJNtyqcrEI642WCxflA==
cf-chl-out-s: dcnW3wF3LmNMNMxEJsqXMQ==$R8WOBeWP/ZxvVi66S2bF4w==
set-cookie: cf_chl_rc_i=;Expires=Fri, 03 May 2024 16:18:14 GMT;SameSite=Strict
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eu2H75LMYJgtFPnpWL8ElhIzYBz2PqENGhPCCAdbCwufgzZ3DMNjq9MPNAyKfqMTYHsf9kd0FVUFSY%2FqEDpv4neuk3q1UMQYdMWyJWOKt6XyHnaA7GGvJZRSQJCDoukcuggtQxOiV09B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e9ce393d3b7130-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1228782390:1714836634:boaidznvqE3q3mv3G615HS77jGq3oEEJUv85ZXH3XBY/87e9ce062e7eb50c/f451e55b2567779 | 104.17.2.184 | | 3.4 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1228782390:1714836634:boaidznvqE3q3mv3G615HS77jGq3oEEJUv85ZXH3XBY/87e9ce062e7eb50c/f451e55b2567779 IP104.17.2.184:0
File typeASCII text, with very long lines (3564), with no line terminators Hash920669f26cba83406e7f61510d3b2bac 01a2d36f746065c4770de79e398e45c8ec63a7c6 990bb92c7535c1bf5aa6ede05f92dc63ce8c5bfd577a48abd55f51724c2b73b6
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1228782390:1714836634:boaidznvqE3q3mv3G615HS77jGq3oEEJUv85ZXH3XBY/87e9ce062e7eb50c/f451e55b2567779 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ckopl/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: f451e55b2567779
Content-Length: 37114
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:18:14 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: 5rNeRXI+VV8UtY4xlJhAWQ==$GxBzOd9lNa+2s+24m1yDXw==
cf-chl-out: 3o+gAywi4Feuhjqke0oRG1wU1xlrMgS2HzeSSjWQnUIr72WwGWQ4HvJKqDEwa9I/YejCsRyNsWhfHB3vJrSIYR6lkS15rJrYmPBYliyk/vuXueIJMmako3N8u0qsy+8D$r5azOvDv4y+3dQD0oXo3Rw==
vary: accept-encoding
server: cloudflare
cf-ray: 87e9ce389fdcb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1228782390:1714836634:boaidznvqE3q3mv3G615HS77jGq3oEEJUv85ZXH3XBY/87e9ce062e7eb50c/f451e55b2567779 | 104.17.2.184 | | 27 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1228782390:1714836634:boaidznvqE3q3mv3G615HS77jGq3oEEJUv85ZXH3XBY/87e9ce062e7eb50c/f451e55b2567779 IP104.17.2.184:0
File typeASCII text, with very long lines (22288), with no line terminators Hash910cf764cd72e4337d544cd0cdacc608 c32b05ba4f099bb2f812ac808762cc16bb7b40b8 7f58494da8cbcef6d7b3f9ca07a6f334647ec23875cc5efd48341d7d9eee79c4
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1228782390:1714836634:boaidznvqE3q3mv3G615HS77jGq3oEEJUv85ZXH3XBY/87e9ce062e7eb50c/f451e55b2567779 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ckopl/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: f451e55b2567779
Content-Length: 27515
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 16:18:10 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: aWaAnZfnISmrv65tb6LWaN/Y7noYEAQSMHdrxwb3TLhirtjS9RRtx1wt0SmycmyS$sHcp04tTa4OpFn5J6p6D8Q==
vary: accept-encoding
server: cloudflare
cf-ray: 87e9ce1e2be3b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|