| demonstationfukewko.shop/p | 172.67.147.169 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1demonstationfukewko.shop/p IP172.67.147.169:80
File typeHTML document, ASCII text, with very long lines (14358), with no line terminators Hashe72a1874b494bb4925addbab4b184722 ec23163f609ac759534af8ff1f2ea1f08c658da0 449dfcfe27676e487b80c81003252ba4f17e51fb452cf7505ab4b0f64362e4be
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /p HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: t5TVuO94g6Mniphv4J3cT3S7udh7QxwCIU0Dp6S+54TwwtDSEOjrjrptju507XlYLYn3PAnSD4kkGP4QbwBmBCcfp07FDOPO/NJAPEKSym2KGPxHWgE4U1fnKRnIubdpzx2FPU9QbSXlMIRsWuPJvQ==$Ms0e0o4iY6/TQeJANpkalA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hTUGVEwLsmaXcnT4WV0PKbMELl3PHlcgdxJF7Io9ZSOusv5szy8dXXTFg%2F6vjMDohT1Y6uCljlhq%2FsAQmgUES8TCBTYB3SC%2Fc%2F0NcsVxYavY2z4ZimfSw4njjQxE2V6BXcjkrXhAP3X8Zn0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0a6d192b1bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0a6d192b1bfe | 104.21.33.174 | | 114 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0a6d192b1bfe IP104.21.33.174:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size114 kB (113674 bytes) Hasha63361fb9bb9ffbf1c76d4132a235bff 5d6d8166c8bd816506d45d41328c04432e790d38 9e29505628a83c9271ab3123082e2728a115777f20b9de7d947ddfbd6dc3982f
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0a6d192b1bfe HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p?__cf_chl_rt_tk=hJ3pqJriozaYxxanZ_ZXL5CzqAEZv3febgOViglmfVc-1714003099-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 23:58:19 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GUcdspv0u6eHXEqX1ip9zgN55vy%2Bg3ZqfV9F5WesQs6pHfLL%2BXrF8zv9bcwW32cjt3CyrKOl5qo%2BFBwKSerOUMKNra4BLw%2BcLgBhGYW2Sxk55yJ%2Bx7BDu33PPvNF4pUofkpxbImJ%2FL3C98I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879a0a6ec8367130-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 104.21.33.174 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeHTML document, ASCII text, with very long lines (14511), with no line terminators Hasha33f1fb331bdaf87ea7cd0772e7d756f 1251461946d004a98b13d7edd740a283e92d35c3 323761120676efaa9e5e36ac6791b2dadf1e3487d724f92795e1f99afea828db
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p?__cf_chl_rt_tk=hJ3pqJriozaYxxanZ_ZXL5CzqAEZv3febgOViglmfVc-1714003099-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: LbaeRFEZaewKgq6VykbiFcPRjw0DV/MfZaDCeYg7awPJHfLg8mCJ9JOJPOz01F4mtatyu3SNGmrZltUmjYLqCL9sIjTGFR7xJBooV1d3SfP7l8mgL+cFtLT27p+W2KxstBVJfPJRsH9wOuOSMi2qKw==$UnVQGJlxmfPY0ivqdPJTiw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hAfD2OLnsbEWFpp3gux55JCr%2Fa4a2972F49ycMBkTtui2tq7mJ735KLpc81WFzimsbU21XDe%2FGohars34M0R3zZNIqNwXiOgzEWdPjWUACxmwfI%2FsMZgjhuExRTI9bKcOsn5%2BBD2ekufGak%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0a6f083f7130-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 104.21.33.174 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeHTML document, ASCII text, with very long lines (14424), with no line terminators Hash018aac7fa0887a3edd934929592c1d21 fc922c296b97a0b77dfcaa36ed7f8eb4d3bfbdaf 96f188a163d522e71c503d9daa4717301ce0bf77f52e16a7a53acc0e4b922a30
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 6yTL5/wdypSIQrdMUnJOnYFIAI40sKzxXyBlhcq9anvlFv5MHV+YOxdRgN8lgka5bT63KTLAHwQ6lEJnukr+Jzk5hXBkTGZnfc8s5+8TJP5OpJ34G+s6EzYC2tP3owNtncd75BGQNfe5n5EYiex92A==$/6l8/NC3vldDGdctoCX4kg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJprdpI3a3YnoKT%2BQLbuaW%2BW1%2FYmnTQyZyvJAnuVGB3STvJ2jY1JWf0EeIqSbQ3oqIFiqmokYHj9Qo4LYdosW4I%2FOQ%2BI1m5FH6OJoEJd0UElnhdz4UYIACTvaKPA1UECVk5qCWG%2FWMtablY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0a6f68b4568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/448981719:1714001033:ZFcXhk2rgGSzIg1fgUNuOhn04QatiF0e-dnR5Bn30GM/879a0a6d192b1bfe/1aa4cc66c79e661 | 104.21.33.174 | | 12 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/448981719:1714001033:ZFcXhk2rgGSzIg1fgUNuOhn04QatiF0e-dnR5Bn30GM/879a0a6d192b1bfe/1aa4cc66c79e661 IP104.21.33.174:0
File typeASCII text, with very long lines (15984), with no line terminators Hashcdba45f8eca69a59a00d7d2121f2c4d9 b202574844aa0cafc435de1adddc0e8a5e5079fa 9cb4d565796cfbca8ada2e9d906e7acbb89f237a21c42fa8e3be2767be4a3074
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/448981719:1714001033:ZFcXhk2rgGSzIg1fgUNuOhn04QatiF0e-dnR5Bn30GM/879a0a6d192b1bfe/1aa4cc66c79e661 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p
Content-type: application/x-www-form-urlencoded
CF-Challenge: 1aa4cc66c79e661
Content-Length: 1871
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 23:58:20 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: CZPPeeKtiJ8CwvzWMmIFexJDvZvwFJq7Xistzu3PZgWlt5iVFnl5poUHpNdaStcB$Wgwjvo84f3VWzZQWXqKR4A==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AbLfan1Rajj6Olu2XOkNlKXgtEOQ8Xvt8BkwBwqtAA31BIUZzFznK16Q2G3zjlK0L4iP%2BOvmEcR0Vf6MT1BQnd0wTgc%2BO4Db0EfYW75QQezkPp2VILIG4mHlP7E0JTXsymt4ojerR0EBe7E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879a0a703e9a56bf-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7b6ig/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:20 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 879a0a715f1d712d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879a0a70fefd712d/1714003100693/P77j5ZmKwbbKT4t | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879a0a70fefd712d/1714003100693/P77j5ZmKwbbKT4t IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 10 x 13, 8-bit/color RGB, non-interlaced Hashe246b3090da04deb0e56e84c2a8d9d78 7ea475703621e05ad4098cf0c522aa83abd6b558 d4606929ca3e817665d48055eba272c8fcde589de0ca1fd38032e9f2227175af
GET /cdn-cgi/challenge-platform/h/b/i/879a0a70fefd712d/1714003100693/P77j5ZmKwbbKT4t HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7b6ig/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:21 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879a0a79798c712d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1569623752:1714001226:DrjipXYXE-GuvdeBi6Rf3VTKo96_06GDZKb9GE-eiUo/879a0a70fefd712d/39c90a67a49d127 | 104.17.3.184 | | 24 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1569623752:1714001226:DrjipXYXE-GuvdeBi6Rf3VTKo96_06GDZKb9GE-eiUo/879a0a70fefd712d/39c90a67a49d127 IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22584), with no line terminators Hashf9b8e1ee2f955889292f5d32e076b81a 2f55bd7584e3cd37bcc7ae8e624a191d81502a57 079fba85a4c9d7be3636ffe5d78c22ce84f7af8265fdd8d7ec3ab4b023fa07c5
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1569623752:1714001226:DrjipXYXE-GuvdeBi6Rf3VTKo96_06GDZKb9GE-eiUo/879a0a70fefd712d/39c90a67a49d127 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7b6ig/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 39c90a67a49d127
Content-Length: 25413
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:22 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: I2vbzk30dtzaR5+RhpP5s8ba/8m6HK000SCR3SaPRj+MNpkYqLX8aQoWlL0w9Nay$L743S/Pg52qfrKS2d9C0lQ==
vary: accept-encoding
server: cloudflare
cf-ray: 879a0a7ceb33712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| demonstationfukewko.shop/p | 104.21.33.174 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1demonstationfukewko.shop/p IP104.21.33.174:80
File typeHTML document, ASCII text, with very long lines (14379), with no line terminators Hash41bab59e0c32dd13f261ca2231ec27a2 ab783698b3dc5768944c9c29fcb7b4f1eaff2948 acc4c43e97b4f2fb93732487221698791680b150a6fc3e408057a0aa5f172cb2
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /p HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: kz3UblKeNOzCgJ2/agWw95GLTAx429JPdoTNsPBOTu4m6rVQiPAh6dXFpnQmQU5aGWYa4UvGuNZ3FBNeQGgvJ2/21DGgKq2fQSZUGpV8xjXYihtr35D+ZZSeDaUUa/pDwI7oqJ6Ibfvj+WLSozjp9g==$qgSJD/2dCEDQWKkT2UhQ5w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDLYjsm9OF7v6BIyiqe1Dnrih3TbnjYj4zpMKZcT1S2Pguhdjp4tTE3SWpiSwYn%2FMWrUgT5Haafa%2FpFUFz%2BeBozCmb1dpTIJ0%2FNsiSNfiPC1eWU8zGiekvOFYZmqg1KMMqDd4bNjPZhW%2Fm0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0a9da83c56bf-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0a9da83c56bf | 104.21.33.174 | | 115 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0a9da83c56bf IP104.21.33.174:0
File typeASCII text, with very long lines (65536), with no line terminators Size115 kB (115018 bytes) Hash26ce18c4ef153b9c3969e8c685b4d5f0 2204824b35a31c8c72118d65bad8781cf9105b04 41ee4cfd5626c4a4620ff654afcf4eed0ce8452f3242247c36d214a318c3e4d7
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0a9da83c56bf HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p?__cf_chl_rt_tk=Sx_9abRD4gSGRB9NSXFkD.0BNlbs4y_WznE4v.L1mYM-1714003107-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 23:58:27 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d8zrZvzeEnSr%2FnQy11%2F4tF0poMpcrXLQc7uf4IRAYnEpD%2FZIHcWMR0XmG7j888EcIHd4lqYg9SSQW2QQQ4DFVWZJRF0eiPOruS7xKeFaR3BzJ%2B4EzBEcRWrrNuLKfVCEbVT2FmvmaUI2qkM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879a0a9dffbd7130-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 104.21.33.174 | 403 Forbidden | 6.0 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeHTML document, ASCII text, with very long lines (14532), with no line terminators Hash20b193d96591f24044213eeb4a2bf929 148ff3d85b2d909ea95cff1cbb5f57421ccc677e 8f11d0e711ec9ae885706de8fe82c127b81a76cbce36443255e670692123c2f6
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p?__cf_chl_rt_tk=Sx_9abRD4gSGRB9NSXFkD.0BNlbs4y_WznE4v.L1mYM-1714003107-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: xnzok3rgDEP0SsXTmJHBNSpV70LBFmcGqIjGxzipiMfd6LqtHXAUmu4NzHwj8PGjwo+qgBZ09DvBqQu1CwrlJCCIO3afhIStvSXfHAoBq5KWMGZQ3cGdEOAI3EvPWz2EfAy8SpH3Ev5lurmUu8XHkg==$gsjPdBnjuXaOXri0RPbF+A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3xhktQHW9rZx%2B%2F91vBq9G7pgyQrsahRrgoVR851q3%2Feo5%2BATUtWM7qu9NGnjwj20vsATTlx7oA0i6NoU4FWMUFG1f3bo%2FP9Vvat55OieVVPSXnxGtutUuXqtsf4C9vqBGo1QiG3E3pY5dE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0a9e3fd07130-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 104.21.33.174 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeHTML document, ASCII text, with very long lines (14447), with no line terminators Hashc9f1f2ec30d78e0cc440de870a878f9b 3f5c88fbf42692b92dca5e636d8b87f98ad1df6f 553efb1426cff661a2ef39c49156709ab660d99e37c108683b942a45e5895a55
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: qrEGi4pjlvHupcDCLJ4UPJTf+MvmbewpM3sYSKl5msnOMRFdgJ7zrRNnVyBfPMX0Mdp9GNAHEc0OriJhYZtqeQSZxpmu6fSsPkNwMPw5Sc40Ha6pB/jYyIDtpvgYhbStS1f/uQ6AZlYP0+16E79lZw==$JqL0cHoBuGqD2ptBaxFUkg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o9odWelY%2FlTTRfkhcZmCLS4Qxi%2F6ip9e38vUsfdG94SCBDTduClbQt%2F5igK5hJcfcuJRdYbzpXL%2FtMlhxc1fH2%2BHtCQbAZvCwYbXGWgpXjFKvxzJGuOX0oQ9ar37N0aKvFxfhtzQnhKkiDY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0a9e7d8eb503-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit | 104.17.3.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit IP104.17.3.184:443
Requested byhttp://demonstationfukewko.shop/p CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:27 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 879a0a9e8d3d712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e07oa/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:27 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 879a0aa0ade1712d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879a0aa02da1712d/1714003108294/6I1eYrkBNfb9OlL | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879a0aa02da1712d/1714003108294/6I1eYrkBNfb9OlL IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 96 x 39, 8-bit/color RGB, non-interlaced Hash817ae4f54c3744245d27285af6e45d9b 90b5c43cee8428ee613dde079f77261746158b0d 38b03a9552fd3ab1379596427fe114fca0d76d24a50e61f5b0f09fca3190b587
GET /cdn-cgi/challenge-platform/h/b/i/879a0aa02da1712d/1714003108294/6I1eYrkBNfb9OlL HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e07oa/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:29 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879a0aab5901712d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879a0aa02da1712d | 104.17.3.184 | | 178 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879a0aa02da1712d IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size178 kB (177945 bytes) Hashfebc49a576861fd306107c2220942164 47bc2913bcb62951557ae0518a3352421b2b23be 2217575cfc395a82bfdd2ecad48898256796e8f1fab08506cf98ec9f41a3816a
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879a0aa02da1712d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e07oa/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:27 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 879a0aa0ade3712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580055904:1714001342:Ce7VQ9XCq_2syZdfDismZ_Sg2_lEgLojzkZXYt4mrXM/879a0aa02da1712d/988036b48dc57c2 | 104.17.3.184 | | 33 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580055904:1714001342:Ce7VQ9XCq_2syZdfDismZ_Sg2_lEgLojzkZXYt4mrXM/879a0aa02da1712d/988036b48dc57c2 IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22568), with no line terminators Hash6a2107e2cfb3d4fefa7de67e30eecb5c 4455b370cc4ee46b3d9a68d28e64e5a7f4564e3e e688c49507d25793b88776639a097cbd082665b9c8d68b5c821fc121de06524a
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/580055904:1714001342:Ce7VQ9XCq_2syZdfDismZ_Sg2_lEgLojzkZXYt4mrXM/879a0aa02da1712d/988036b48dc57c2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/e07oa/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 988036b48dc57c2
Content-Length: 25326
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:29 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 70eN3tEOcIUOAhNdKHJWAGn37bxkm81thT19iE7J1RfqeHFfBgm3R5yhISrVDTCt$u2EAVLxOKtX2JCIoN0gFlQ==
vary: accept-encoding
server: cloudflare
cf-ray: 879a0aac593d712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/905142638:1714001106:9do1-3LjPd8GWQhBVmB2TJt9-Z4DrFnGIV_qQytk3J4/879a0a9da83c56bf/3e42ec321d7804c | 104.21.33.174 | | 1.8 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/905142638:1714001106:9do1-3LjPd8GWQhBVmB2TJt9-Z4DrFnGIV_qQytk3J4/879a0a9da83c56bf/3e42ec321d7804c IP104.21.33.174:0
File typeASCII text, with very long lines (2332), with no line terminators Hash5af4e2ecbe75f14e01e1bc07e6289f6a a8582fb27e84df9a9487b7cec5bb44d0d85217f9 52bbc8b89d24b4a71414cc738687259f861aa209392549a36322bc8576c3dae4
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/905142638:1714001106:9do1-3LjPd8GWQhBVmB2TJt9-Z4DrFnGIV_qQytk3J4/879a0a9da83c56bf/3e42ec321d7804c HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3e42ec321d7804c
Content-Length: 2539
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 23:58:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: qhhQEzajQJqdf+6/yLgAAI/8PwMaoUMjPLj/CYbSUd4XdtOMVabo06v+JC67CKyUTAW2hdD7tZdDtGR/gv3VDlH9IUERcRc2slJpBXb6yrY=$B2e/1g33PiUOyfWncxp1+w==
cf-chl-out-s: B1l5pLYTBmhkaLGxpG/pTz9Xgg51etG+zS5/CVCLQlehB0UeovbNRnbRCiWx4Y2RluVraHdqUuJ8TMLvgVzAnzDOWDNeXp6FFYXlMVG3GJs=$TvtnJ9CMdrXi9QO4kwo/kg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NmpAjPomJbLELtJwwRiWK5zsya3JRH1IWvXf%2F1ViMj%2BIL8GFTKNT7l8Dny2Ph8I4cURLRK8beevfxec5H0x98pRj%2FT1AQlh%2BXnfBg7c%2F%2B5zBf%2FML7FRz3TCEQr0qB9nayQ%2FYVF0127orN2Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879a0ac0994fb523-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7b6ig/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | | 32 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7b6ig/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hashec455d7431cbe0c44a3546ac33ebd14b 94d331c4dd6077d850aa8d74c3e3d8d32e1a5521 8300a4459c0ce76c8e7d2d0c0b5e8fc2b0e6e4b83b84de7f644ad7115bfa4339
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7b6ig/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:20 GMT
content-type: text/html; charset=UTF-8
document-policy: js-profiling
referrer-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
vary: accept-encoding
server: cloudflare
cf-ray: 879a0a70fefd712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0ad9eab2b523 | 104.21.33.174 | 200 OK | 114 kB |
URL GET HTTP/1.1demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0ad9eab2b523 IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size114 kB (113476 bytes) Hash207f26280052c9fdbce421bf815e21b2 02ce1c50d0e3b201c6a8e3c16bdd94e70f801baa a3a41a41f5451748407f039b2a37c6bd5d3db244f8b143cd757ebe523c34e329
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879a0ad9eab2b523 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p?__cf_chl_rt_tk=_S0Th07eMSWmPX2G7KDW3RzhAIgF9DUEDVlLuwIiLO8-1714003117-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 23:58:37 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2R9sTukAJsnxhNHrbKsJX7yfyYGGxuDnvbYdtlXQ%2FdlvkQ2kb9pBALn%2BBj89mXJLJ3wAoGV4lPn4UgUpSepOiqf5ex9jZYSXhGPEdzHN79kqX1YPdDkYE9Mgcs7WtZRl%2F0UrMr2%2FedIy0rc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879a0ada3ca8b4fa-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 104.21.33.174 | 403 Forbidden | 6.0 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeHTML document, ASCII text, with very long lines (14532), with no line terminators Hashde4c205bb6b4617070f407529f3c3b31 f1a771eb65d217dbff40b8155c5a98323670740a 095daec0be01479bb42936ddf7764c2b571056568b7087927422401b303fd5ec
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p?__cf_chl_rt_tk=_S0Th07eMSWmPX2G7KDW3RzhAIgF9DUEDVlLuwIiLO8-1714003117-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 64EuXumiz86OBadW063l6KAq97HAghG6ShRub84pKpbEzgu71WUVXGUDbU5p/GCIKUhEWZ21ccyb8iDhiQZc177MLjquNViEnIQVHNI2PayEnhA31WMs83lzJv/xowW8yk3CDm308kytGB5c3gm/7w==$LSUiMgSzRz4s48MbO3OXgw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R0dZcHvN4PH93wPCjgA0KEsrXuQMc0OkqoGVcn23dn1i72lfDY9LdiaKaG7Hj5YfNEX%2FrLHPOgGLufMZ7OSWPG%2F4zaqj0No8ZMJT6S6e99%2BF62ZwHIY9ZnguZCQdjqi%2ByBVF6tmNB35BC9U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0ada8cc2b4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 104.21.33.174 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeHTML document, ASCII text, with very long lines (14447), with no line terminators Hashfb08f079391b80f5efd6a6c8e9b90913 0c355b7dd74df73e5e9a0008b2c325f706de221a c870557801fca48372dd4869175a09af55a21a76bafc56aa6aa40bfb5f9783c1
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: E0AzRPqGU18dyIc8bcHgTj5NaPrn7KfX8/3JfGEtAgGQInDstA056kUB/cIoy9BWnWqAJi1GqfOCIONKRXXKUx3o4HoYz9QsJUoGuJPylKGMKtyv5RvhLkmTYEv0HBTj7jNse6bLSCDO6zsV6b43Og==$d5qD1BLJUHdQQSegMmLq9A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QNBCSfVec99u3epmAxP3gBEEHZrr1WfmwYE5DGCSc4unb4s7Y5qHlzSua9lkMCBHUEMEVDjs94%2FGqnnky4dy%2B12F%2BywGcHIXzYP15o914d5L3CRB78hadoVC26Z4fiHnrkokFO5VSnGPb6I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0adae8b61c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/200696669:1714001221:ZQxVfK1wj7bwNFXHRiarVPDEHMdDTRZpVc8A1MINUVs/879a0ad9eab2b523/fff2cace4e26677 | 104.21.33.174 | 200 OK | 12 kB |
URL POST HTTP/1.1demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/200696669:1714001221:ZQxVfK1wj7bwNFXHRiarVPDEHMdDTRZpVc8A1MINUVs/879a0ad9eab2b523/fff2cace4e26677 IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeASCII text, with very long lines (15984), with no line terminators Hash8c15c1bb3fd3a629a82a8a5848247ed2 2628477ea33ff4453cd499a1198b408b322821b2 32965feeee712d31b689d79eba2d5f4f80481d10098e96c6e0fbdeed38d5a647
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/200696669:1714001221:ZQxVfK1wj7bwNFXHRiarVPDEHMdDTRZpVc8A1MINUVs/879a0ad9eab2b523/fff2cace4e26677 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/p
Content-type: application/x-www-form-urlencoded
CF-Challenge: fff2cace4e26677
Content-Length: 1844
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 23:58:37 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: uDRR2tclPciJMiOen4bgP3NrXqkgGhepG7gEKCjvc3bwF2z90EcwS8vMUxkcrtG2$VN5qEojx3bZgqoEYdUFRWg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2BIAStua1wzoyk%2FLMGBAcHjL41XWuHCxLqIiLgObCfHFvdsNeLQ65f5%2FZyZBx741NoiBvBT9yphz7B8oF%2FoqFytuJAQOrUEz8crpt7vTT392wSMxJp8FCfmRRPeP%2F%2FmPUFcuOwWWVG3astc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879a0adbbe09b4ff-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://demonstationfukewko.shop/p CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hashad7f18f2a286fab5b178d0ddd82ecc62 867ea1af37c7a8b87180dc21a7ff6f4499c0433a 6ab3f0ab6fbaf278aa61d5517740e260beeef86be66692c44423c44c59413475
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:37 GMT
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
document-policy: js-profiling
origin-agent-cluster: ?1
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
referrer-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 879a0adc789e712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a | 104.17.3.184 | 200 OK | 93 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash911df2f43b570c77e8cde5515eb11088 53f84e249317c479501407f495465ac5cc6168aa 952478890bd8e0aa8cd7369e9697f05192d564df80f7f62d40fc775d5086ea43
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 84d0bfdbe70fd0a
Content-Length: 3281
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:37 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 5cjF3GaT4QJcUA3TID5cnh6afPhUBLNnR7lgpcwuemb5crJWEQcTChCkNs1boL0vKbjroG5x+SuA1Zvb+dfqaSE0dXfC9VImY4NKX3UtO9rbhc/8XxxJLoiTqJevw/XCHJQVbxEfafkWjzbTj1zYH48gLRlmU90NSFyVvbOS3u0f/OBcd1hKE+iJZfNmbJpOmQR1DezquECjg95uaBU+YT1nf9OcgxKNXQa5LCBx4XWxk5qjqS2C+5UBzPESQ9Z03O+AC+sW6VyRI9MtflC7qrbhqn1Jd4GxJ2vl8inaeb84qylLxIbAoOIBncm9s7WCTCF0qlavnKE4PsjQ/WlQEwR6iCj+b/2ijW7UsLgLUV5dGA7Wlc4jUt2EnS++fsc6gem9X35xyCVodK/dDErfjw==$hhME9/IRIyscbntw3lgYCg==
vary: accept-encoding
server: cloudflare
cf-ray: 879a0adef97a712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a | 104.17.3.184 | 200 OK | 5.9 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (3580), with no line terminators Hash504f39fa30ac42f5e3652b1ff7aee10e 8d1832b754b844900204dc24769651c817b58b0e 851eaee1af8c43159b0f2a6c064fb4c7bd4fa9a4ce589e104c08881aa0bf6e38
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 84d0bfdbe70fd0a
Content-Length: 35592
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:43 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: llTPM7RQn2MjidEBM7OaihuxzJzYfwmH4WZ6AYHd8HhxELgbZ05dywNROwytFNTQnVOF/hCikEdApr6Cs69i6ibMSqN99nKJ6lnHcUQFIO3vfHOICpoyIelmG3yLtfL6$nLpXeS8yGdZhjDoqY+JsQg==
cf-chl-out-s: 51TF0D9o6hb7p5teeOpJ9IhGQZat9XCcrqqfpz+cfTV6ce/a+l4NK7F8PxlFDxZK1rBaiyn2rMojf5xnc8GQNJFofkWF902Fzc6eAhLwusynW/lttWj9wnRiJp5ABNfK98+8pyNWLS6lUSsTcwGdQFGtqkr9e+W2t4/bYgRdpOEkjGUg+2Xh3SZCxRdinw/8hVipl8QaUpDglFaCi96kUqiGgvvbDzJW0fmL0vBzKmq9I0paLkg01AdVhNWCJVoHAApP5scGM2/ciY7WJ5eAZt56YggWh2gzUqE0rg0B1+/+XfyoQg3KfjhksiGHjnf03OdCFkFOPGP1NjCy+0M+Hw0zOvoDBHKTAWCTjogeiSIz/ydwf4vpQ3iiRjTraK5+ND+mTV/+jnRs5eaF12WhjY+CNt+b/h3Ezj5dFz5y506xIUm6VvplxZ+MZH+PCRnJbhNbbfDVbmiR6VvMpynpuFuo97EFAYVN6wFKJ+tEqN9vZiKrENBe9kSG/0MUVGP1MbEIPVSHoz9mcgnHfJ3wrWgaLRahra3nIWMmMO9DFlkDOAAUNsvjrwdEN4MgrNU+NxyH+HP3y/0JFX2AUW4Tl4MHujZZNrJZcf7gi3GB0e4DQYvKK3YPhO0xsm/ndrqL$CxXaxuDQKqULqpAkLsgKlQ==
vary: accept-encoding
server: cloudflare
cf-ray: 879a0b03dd3a712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a | 104.17.3.184 | 200 OK | 22 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22572), with no line terminators Hash4d26132bf165d3e60a373c11de6e9454 d0ac5e4c7e7b3c6527118a44ac738e7509086205 84c8adb0a8cbc2a7170271a810de9d5bacb5dc291c790498ce74f59300b36c56
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/580226558:1714001057:EaFXXWJhGujAY6ZnPi9BhmSpX0lysiHaC11aovOx7jA/879a0adc789e712d/84d0bfdbe70fd0a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 84d0bfdbe70fd0a
Content-Length: 25808
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:39 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: nh8iMGluYA/suyUAIhFPlAsx9U/9TcWNFpGXdwDzh2AdQICKc4lEnaE0JwCcv7mU$i7B18FFuf4yEogb9Rx44Gw==
vary: accept-encoding
server: cloudflare
cf-ray: 879a0aea9d74712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| demonstationfukewko.shop/favicon.ico | 104.21.33.174 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP104.21.33.174:80
Requested byhttp://demonstationfukewko.shop/p
File typeHTML document, ASCII text, with very long lines (14425), with no line terminators Hash465e9a83bc8a0615dcbbdb3fbfcfdcdd 351d0e6c2706413864ff68db5761ade58177589b f062add9813ed343400fecc5a72c9cac89c51e37b02f8a8197c7bae84966938b
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://demonstationfukewko.shop/p
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 23:58:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 8eFHiZMf2a0gJHCfN9+mI+HWp/5LNYWghIt7zHu0nEq6i4H9I/0Wy0UbPiG1HewSHpBH/miGJ/FSMdOb1+ZuIjbZz+kSc6/x5ytksal8SVrRaNQmMDSfIYfvTPF1oDcxogtBFFj+2lUvquy3Wdfcyg==$UlBB0tbUykWXPp9HlSV4Mg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQp2%2BsFh04%2BvKAGMM0luEkB4FZsHmGJvnv1L7sWA%2BnaxAkJY4cEHC94PknPqHXMpwi1kXba5WM9OVr7hHd4VRXUrbHf5i6SnamEb3rZhsXEs0FM6Yz9lXTQDIXa2FQgy2lbhC6hUOg3Z5xE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879a0b05ecc0b4ff-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879a0adc789e712d | 104.17.3.184 | 200 OK | 430 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879a0adc789e712d IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size430 kB (429674 bytes) Hashff00affb07c9101e60cb94d8cff4ca6e 1f008fc4df36f38776181695b1558ca5bad85c8b 9397e207279a63efac5d6cf587dbe1be6a818c3b163d76dd45e17e4dd8f0d33e
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879a0adc789e712d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 879a0add18c7712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879a0adc789e712d/1714003117933/msmlp1LwrgQ_x99 | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879a0adc789e712d/1714003117933/msmlp1LwrgQ_x99 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 83 x 18, 8-bit/color RGB, non-interlaced Hash4768f1e3a54c59801b0e952c765c29da 2a20eda9085532183ea6a491bcc04c65b7ac84b4 2e5b783cd1a9bb14754107b54f0a3998fbde91259857677daf7501aa95538bd8
GET /cdn-cgi/challenge-platform/h/b/i/879a0adc789e712d/1714003117933/msmlp1LwrgQ_x99 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6fya/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:58:39 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879a0ae8bcb6712d-OSL
alt-svc: h3=":443"; ma=86400
|
|