Report - donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr

Report Overview

Submitted URL
donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
IP
104.21.13.108
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 04:55:23
Access
public
Website Title
Final URL
donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
Tags
phishing microsoft outlook
urlquery detections
Phishing - Microsoft Outlook

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-10	17 kB	1.2 MB	104.17.3.184
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-09	1.8 kB	129 kB	142.250.74.170
donclion.top	unknown	2024-02-10	2024-02-12	2024-03-27	9.0 kB	395 kB	172.67.199.215

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (33)

	URL	Size	First Seen	Last Seen
	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q1x10/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal	3.7 kB	2024-05-10	2024-05-10
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q1x10/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash e11565a77d9b2d5354c6e068272ecf82 cfa9158041ce1235ecfad171ade6ea8c6672c71e 7a66ec19bce2c5746e7dc0245b4e63f68c5f4e9ff6e3a5fd03532119bdd36187 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817561e09af56b5	433 kB	2024-05-10	2024-05-10
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817561e09af56b5 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 9aed7d4da3106a632a627ab2dec9ad85 0e5b4998f4e0cc7f1944f9c4627ece0336cadc7e 41979e110ccd79eea30f006a0ed12d17ed7e8187276ddfdf947696b4647a8723 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js	43 kB	2024-05-08	2024-05-17
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 21:17:22 Last Seen2024-05-17 15:34:59 Times Seen1392 Hash 86183dd14ee10d1dee92b37b5069d716 9ec32d650ece484bbe624ca734a0a65e22d35dd6 ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4812d6ac08cabcb54a038bf612af9451	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 4812d6ac08cabcb54a038bf612af9451 137b1be0d6d56128048a44ac4e87671d2b89c626 aa2bc1a7042919e0a52a60d3ddebefb0aab01f883a25342ccb0df649a40b3b59 Loading...

	#2 Eval - f666f33e03297690aee7f10e4ed4798b	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash f666f33e03297690aee7f10e4ed4798b f187e207ab572ab247bbe1ac7c8f38f67cb04e77 9d041b788ee858934a349201caa5b01b4107747e30bf1f14ab88d4e86c9d34a9 Loading...

	#3 Eval - 887f086bdb4ba14c5f7aacf1f774132d	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 887f086bdb4ba14c5f7aacf1f774132d f3f90d3cb77caa51c20ddb12130e67ff4c476267 a14f67e90ce305322b2a5ecfc313199c860bd4e335e84d54d90dc4bf0f11abd7 Loading...

	#4 Eval - a38a4a362331d582c8df17d7fa06f4c5	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash a38a4a362331d582c8df17d7fa06f4c5 f3e2eb96f5342e44bb4dd56efac0845216ffbc85 baed8c4d47d45c0254ba2f9fa9364374fe35e6148c0e9ba05897abb40c93b869 Loading...

	#5 Eval - 60eb1f5441092fa1435215366302963f	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 60eb1f5441092fa1435215366302963f 2235a2aa9e344ae01f1458d80da8fe6014295ef9 a677d37eddfff290a2021ac4f2cab0bca12b74616d33d872e04075589d90b694 Loading...

	#6 Eval - aa7950ce483fa9a0941e097c8d70d94d	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash aa7950ce483fa9a0941e097c8d70d94d 30180fd6a22524a54f4ad468660b116c96a139ad 8f94aecffdd31d9057394ff7eac8fdc33d95b9bdb794df44b3697eee2eb4c256 Loading...

	#7 Eval - c6cd5b7e59369bdc38ef6f4578826794	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash c6cd5b7e59369bdc38ef6f4578826794 376a63614d1312f630bd64295a5253761d417966 f7f09b8b7993545b7b88bcef674501b30df0ff259b0a64f4c1f61e8464344fe0 Loading...

	#8 Eval - b3b2099fbde09f5b41ccce6c507e1674	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash b3b2099fbde09f5b41ccce6c507e1674 19f1fb86e968af439100430774545f717c852e47 65bba5dff94770bdcd1f23ee1d95948a330950ea4e69e7af13d4ea0f58586591 Loading...

	#9 Eval - eebe03954de482012a761263696b6dfc	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash eebe03954de482012a761263696b6dfc 68250dd3145670eb96ae7bba10a09e4a72ffd92a 409ab71f2b134c68bffc85019626b8632437b7e2e2628ae31d5f7cbef189c5dc Loading...

	#10 Eval - 4a0be1dedb4c95fd7763033b01d4712d	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 4a0be1dedb4c95fd7763033b01d4712d 6bda2bde0648a87befab2612c6a777fcde434ed4 872985adaab36c8167fa52cca8d0db81a1d413d05ae24c0698264111271dd1a6 Loading...

	#11 Eval - 29416a51b24b7e41d06dae855e941b76	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 29416a51b24b7e41d06dae855e941b76 828a6f03579faabd1b3d67d0012719d8d194b16e 5abad8726554414a42822516fb5a9e6d1f002c5adc0b5b8c9d3605e53a5f6b93 Loading...

	#12 Eval - d613dfcf03e35906e4bf55937bda3f0c	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash d613dfcf03e35906e4bf55937bda3f0c cc28305941faf467ecd286756f5429fb51aeb5b7 d6bec64e078a09c32af5675e0dc19ebcc2ed7b470ba9d55a2ee43389b9d9045b Loading...

	#13 Eval - 9e73dd6cfdc302e10e97ace248ebf826	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 9e73dd6cfdc302e10e97ace248ebf826 8ffbfd5e93cc33e0a870247c191b518b8f65a724 928a4b2fab26a1a6fe126f9ae17a939a897be441d73f199565b2d7d3cfa52517 Loading...

	#14 Eval - 9389627d21f631db815c440ce00711ca	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 9389627d21f631db815c440ce00711ca 8c98e90dd79588c91ab2c4d81b1d4ef5256a7c89 b47eed35d65084edb4c6c64d2f0df7df4c299d040fc9d6dde58f05f6540f09a4 Loading...

	#15 Eval - 4120b133095189800bde92940e8828d5	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 4120b133095189800bde92940e8828d5 da7c7b7c8995e9b95ec7fea6023bdf4874af125a ba56acbab02d506d0180fed54cae1d99939565f691bf5fa18725f1ea7fa264bb Loading...

	#16 Eval - 07f9ac1da369af8fe6cce9e46cdd5789	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:24 Times Seen1 Hash 07f9ac1da369af8fe6cce9e46cdd5789 c0b73b4544700399002be0decac20913aec33625 22481d0c30836220ea64061e39045f1a5b6c211d6689c6513977df24041f6634 Loading...

	#17 Eval - 0603f9676ccf89548a1538ae9e659865	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:24 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 0603f9676ccf89548a1538ae9e659865 b153a4dc2c613afc70141394d2937d8c74d59dbe e33bf1687c002413b2ac1b582c1cea400073fcae2d98f7a544fa997c088b960a Loading...

	#18 Eval - 782de4e6f3ec733afd5456453d8a1695	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 782de4e6f3ec733afd5456453d8a1695 c32a0027054988172045690d663c98e2b434eac4 89328b781e697bc3061d413d4e4067d7a08ace974cf797ce883d1c9f273b7733 Loading...

	#19 Eval - 2104e51b45819fb48be29bd684a7a765	62 B	2024-05-08	2024-05-17
Pretty Observations First Seen2024-05-08 21:17:23 Last Seen2024-05-17 15:34:57 Times Seen967 Hash 2104e51b45819fb48be29bd684a7a765 4c63e1a706403ae3b72fd6bd15bb42ba662b456c 409852cd2d9ad570bc66e5cc8c403b729033ebacfadc90fd9548df7f494a5869 Loading...

	#20 Eval - 2982c60bc036e535401f499f29b313d9	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 2982c60bc036e535401f499f29b313d9 e60a48dc08575d81d2ffa12fdc43b758ac95d149 805da863477743dbc1c5714f09d5616b82133e9da51f9e0f7bffe818cda1f41a Loading...

	#21 Eval - 1f702532a4c88c21bef1ec56fc91927e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 1f702532a4c88c21bef1ec56fc91927e e2ee0799218a6e946f67233cbb39ea4a5fd85ef2 1ae9679f4d37cb657e372e7ab35732d0eb9d22b33dd409bb5efb49bfeb49c2ca Loading...

	#22 Eval - 8df507946fedb8d79f24d33b56f22515	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 8df507946fedb8d79f24d33b56f22515 719d3d46df4460a371958a11f6e256f6977bca05 c02a3ba8f603fd9f6fdc7724729fef8a671dfec11e3167f6eddc3789245bb180 Loading...

	#23 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-20 15:55:39 Times Seen353261 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#24 Eval - 8e8807f89cf1257372e16034201b9225	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 8e8807f89cf1257372e16034201b9225 c1179e5df7512a5a58d37b7ce0ded5e390814d9f d4aea52b818271f856cd4c8aad02b2bfce35fecdedb676470664eaa2623f9dde Loading...

	#25 Eval - 6e535bb1635f4d017d18fb8430009f16	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 6e535bb1635f4d017d18fb8430009f16 7a35753187dd3127e4accf1c5b55b8ac0d5b50b4 4902bfd23414c8394d9b625a70592496fb4d55910a697a6c29e4089b5139ca11 Loading...

	#26 Eval - bf7135f4cc3017054506cd5a431d4700	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash bf7135f4cc3017054506cd5a431d4700 2fc2a83a6b2eee35d2861588c509c33de3ac0ac5 14ce780006cc2946b93676f4398208ae9a4cce63ed1dd80f80bdb3feff3caa35 Loading...

	#27 Eval - 4b1b7bd7e288b90ff61469e2f5d5f583	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 4b1b7bd7e288b90ff61469e2f5d5f583 35e3d118e72e80c8bed012221da62bfb9d41ee83 d6dc6a69e84d4e9a6925fd9c204c811113a0d024eb71a38d541727876a19e4a6 Loading...

	#28 Eval - 69283589ce16e6c93bc05b79de450241	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 69283589ce16e6c93bc05b79de450241 3a2e58b765e1b4d03dc9dc62a3957108aeb056ed 3160333a64dd5af72d9286af0a1ee93e4b63490643b453b33225d9c5705fb96a Loading...

	#29 Eval - 5a4c7332ed95a6fc955f57b0a3acd64c	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash 5a4c7332ed95a6fc955f57b0a3acd64c 9cffd7dbece02af826a9b52c105d51c6c2053bc7 c60c4c998964819f116ac7c402e01e9347d7a493c6a3897be99c7f9e683c0b33 Loading...

	#30 Eval - af51386e926f467fd9bd9e263c2fccc6	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 06:55:25 Last Seen2024-05-10 06:55:25 Times Seen1 Hash af51386e926f467fd9bd9e263c2fccc6 9362d14d8947c49f6a6321509ad1daa7f4bdfb3d d64e9c00063b5615589e6e6c93136cbdbddbd67d9b208a313b21206ccc251c19 Loading...

HTTP Transactions (44)

URL IP Response Size

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 10 May 2024 04:54:57 GMT
content-length: 0
location: /turnstile/v0/g/1b3559406bc8/api.js
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817559398fc56c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

142.250.74.170

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31191 bytes)
Hash
cf2fbbf84281d9ecbffb4993203d543b
832a6a4e86daf38b1975d705c5de5d9e5f5844bc
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

HTTP Headers

GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:33:17 GMT
expires: Fri, 09 May 2025 01:33:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 98501
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

donclion.top/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.199.215

0 B

URL
donclion.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 10 May 2024 04:54:58 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fwuc%2F9GTiGHPSnw9sugIggvmEeiP5D4BvHOAxSiSHNhCiIzVXllNdYnfozOYtl%2FMngdzn44FWThUi2lw0o%2B%2Bb1iGN3%2BzOSPNE%2F9uvT6Hpvh1TS7SCz39aRTPCmF1bVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817559599e4b4f7-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ec0mb/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal

104.17.3.184

18 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ec0mb/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42150)
Size
18 kB (18462 bytes)
Hash
1f3764d5f4cb9b4150505306c413d49a
2241aea9469a3d755fa2f650cd422a3a845ef624
643701890ef1815370d0ae3cbe2378d7fcd53dd6db4344ff2ebe59bb2f5f92e7

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ec0mb/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:54:58 GMT
content-type: text/html; charset=UTF-8
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
server: cloudflare
cf-ray: 88175595bde556b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

donclion.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js

172.67.199.215

126 kB

URL
donclion.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (7791), with no line terminators
Size
126 kB (126371 bytes)
Hash
8bf50261d5e3e3e242afb232d1d2dfe7
feb99e92e8880dff38d81d5bccf4d74f14017ad4
9c30ae421576f51be0acfac947e3ae691132f9e18b72daaf9f6cf788093e3c55

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:54:58 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M6Z9yRNAEfSer2TWXs4SybfOAd9%2FYl%2BSwjqMWVTCA%2BcbSMLDZIjYr6m%2FvUL7sqDhrMZwkKkurX9DjhoiCirlkUhZRwb2jyPtdvBbb0EwqYS1zXGWbpA7XLFA0G6pT1U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88175595ca08b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/88175595bde556b5/1715316898615/f914f188426429bd1e9837290c00413f005b34fe5bca6bb2e227fd481892e957/79hr8vmq39YiGsZ

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/88175595bde556b5/1715316898615/f914f188426429bd1e9837290c00413f005b34fe5bca6bb2e227fd481892e957/79hr8vmq39YiGsZ
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/88175595bde556b5/1715316898615/f914f188426429bd1e9837290c00413f005b34fe5bca6bb2e227fd481892e957/79hr8vmq39YiGsZ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ec0mb/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 10 May 2024 04:55:00 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g-RTxiEJkKb0emDcpDABBPwBbNP5bymuy4if9SBiS6VcAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIPkU8YhCZCm9Hpg3KQwAQT8AWzT-W8prsuIn_UgYkulXABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 881755a2583156b5-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88175595bde556b5/1715316898616/iNW88sujdULNxYq

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88175595bde556b5/1715316898616/iNW88sujdULNxYq
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 98 x 97, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
410690ae7653629b889abe1087d44cc2
d6c46b441f5c4fe79b6aae2ac20575c38aa3d4fa
67b98872ec2eb09fc90c66ccb57337a903de14a17a0190ab493cf8285a2f22b8

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/88175595bde556b5/1715316898616/iNW88sujdULNxYq HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ec0mb/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:00 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881755a2884a56b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax

172.67.199.215

421 B

URL User Request GET
donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdonclion.top
Fingerprint6A:DB:BB:36:1E:73:2D:C2:C5:1E:1A:EF:92:4B:9C:EE:8A:EF:BF:38
ValidityThu, 09 May 2024 12:26:34 GMT - Wed, 07 Aug 2024 12:26:33 GMT

File type
HTML document, ASCII text, with very long lines (805), with no line terminators
Size
421 B (421 bytes)
Hash
a412a44b531d03b2b158e4a230c2f69b
b6f5efcb07ebe0f23b6bb1305707e846e5db8c36
885b7c2ecb65a525e36f26734e497a88f82e3f9cc9dfc101bd6d5c0698a500e1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:01 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XqyfhhHuwo4ECCB1puOrmOgPMiWdikc4GrI2vKEXybAPVBjlWaCaKDmjciRgq9yV4DN7qA7kp%2FTKTlVL%2FwWphSueRdoHuDkGYOAu86QwpAlephG3HEg0DuG2gMP6A6M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881755a6ee2cb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

142.250.74.170

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31191 bytes)
Hash
cf2fbbf84281d9ecbffb4993203d543b
832a6a4e86daf38b1975d705c5de5d9e5f5844bc
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

HTTP Headers

GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:33:17 GMT
expires: Fri, 09 May 2025 01:33:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 98504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax

172.67.199.215

22 kB

URL User Request GET
donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdonclion.top
Fingerprint6A:DB:BB:36:1E:73:2D:C2:C5:1E:1A:EF:92:4B:9C:EE:8A:EF:BF:38
ValidityThu, 09 May 2024 12:26:34 GMT - Wed, 07 Aug 2024 12:26:33 GMT

File type
HTML document, ASCII text, with very long lines (1923), with no line terminators
Size
22 kB (21950 bytes)
Hash
88fc9fcaf942b3425aaf4c89e864e970
9ff7a57fd5a280323e879f6bf198c2ee754b1d75
08ad3cb233d6b386ea764c62d74c4a938dd5318ed3a698f52fc088b9908f2d82

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 04:54:57 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3%2FYxRCFi9MOahH%2BZNi7UXJfP5IfWAE%2FH%2BMHmcu0r2NBrQb1sCUHUjl57kGNWux4DYDadEI1JA%2BiMxYdJObwwmpNcyx1yw7g%2BycSehB9KmG7QZxFBUVBeMXTnRazaS0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88175590392bb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1340676995:1715314108:hQXXhZSlXGBi8falv5ubO7lekyo0IYis3XQ6_Dq1B98/881755a8ad2656b5/878f5f1165da776

104.17.3.184

86 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1340676995:1715314108:hQXXhZSlXGBi8falv5ubO7lekyo0IYis3XQ6_Dq1B98/881755a8ad2656b5/878f5f1165da776
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
86 kB (86121 bytes)
Hash
0d65f368c6e9ecf8053ea15b77d2a248
61388f4254a0a7bf895e5c1c7d52714c81a1c50e
c95876cb1a9431afe0e47d5973b3762d95ae6d74688b376e3a3513aaa86c57b2

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1340676995:1715314108:hQXXhZSlXGBi8falv5ubO7lekyo0IYis3XQ6_Dq1B98/881755a8ad2656b5/878f5f1165da776 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rzr02/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 878f5f1165da776
Content-Length: 2805
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:01 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: IfKveU2hdp4tUSrkqRgfOqqr5FDrq/AFHct1JEi+mYQW5XmPDQ8qYi6eZZAWww8FwCwfgunJyc+RXNzv9P1GK/CZvfkb/d/ejY+fEo0lXqjl/C1LKTT3Bdya64om8Q8mVxp40l6nfpc3teZ/Rc061kW4+5CZPQ3JxYBz1Rt1o9ZwzDv6B9R/DlYAcF/FJx5k2UZEUqlBpgyP2A/5XlclvfwZAWDfBE0XtauEeIt+l2mGyCI7bSHeeNmtrZDd1hjsll7mN9wXmJbZ9Htl7dtnhVnwmGO6H09lijXUeSGM26eUEsYX7byGNYqribYnzE0bmFnUTUj3MoC7vjyUIRCSOtoE84nCp1OkRcwSrEwlLXCAu1sBXTW2OjSGkaAhxZFo5YsWfgyTS1nMVr8xdqAE0YJBfxuekyRNY9KRhehJi+p8B5h8oV7LPJkM/yhVsYtr$dD723UzaLCMutc3oEeaGeQ==
server: cloudflare
cf-ray: 881755aadf3a56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881755a8ad2656b5/1715316901589/f6d9a9a4c07a7e792443d08164eaa28e8623d32c5ad7d4e5db61656c0344595f/5TKJQunDy4kp6QW

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881755a8ad2656b5/1715316901589/f6d9a9a4c07a7e792443d08164eaa28e8623d32c5ad7d4e5db61656c0344595f/5TKJQunDy4kp6QW
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/881755a8ad2656b5/1715316901589/f6d9a9a4c07a7e792443d08164eaa28e8623d32c5ad7d4e5db61656c0344595f/5TKJQunDy4kp6QW HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rzr02/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 10 May 2024 04:55:02 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g9tmppMB6fnkkQ9CBZOqijoYj0yxa19Tl22FlbANEWV8AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIPbZqaTAen55JEPQgWTqoo6GI9MsWtfU5dthZWwDRFlfABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 881755b2adf956b5-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 10 May 2024 04:55:03 GMT
content-length: 0
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/1b3559406bc8/api.js
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755b92b2356b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/_duraguard_oxy/functions/validate.php

172.67.199.215

31 kB

URL
donclion.top/_duraguard_oxy/functions/validate.php
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
31 kB (31192 bytes)
Hash
cd7bc652307ad520366f441f280c3841
6793c65d772047d2f94cae30b74e5e99266731a4
76fac969d2b0e07d21bf7f1c395d0a855abbf6559edb1cc13415db1811ec6187

HTTP Headers

POST /_duraguard_oxy/functions/validate.php HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 560
Origin: https://donclion.top
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:03 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kX6yRWnBKMxHN7L2XiAztxnLCjxtBg8ussjlOU4%2FyMs6BvRuEJz1mD%2FaQfu9g%2FZEeE7caghIXFMlgkD%2F8Yh3V3%2FZwXx7SEXuKTbFs2%2BzVDv7b7yhAPPbX4HYZpDnbYQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881755b78c85b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1340676995:1715314108:hQXXhZSlXGBi8falv5ubO7lekyo0IYis3XQ6_Dq1B98/881755a8ad2656b5/878f5f1165da776

104.17.3.184

21 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1340676995:1715314108:hQXXhZSlXGBi8falv5ubO7lekyo0IYis3XQ6_Dq1B98/881755a8ad2656b5/878f5f1165da776
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3448), with no line terminators
Size
21 kB (21078 bytes)
Hash
f403d6473aadbb48dd3a034ae80e8069
3f65586cd10e2bfa6a3e6cbf23bcba8790288301
5f29b6d62783b8f73ba1ae0678e188cb4ac7753562a32926efe23e799f053e49

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1340676995:1715314108:hQXXhZSlXGBi8falv5ubO7lekyo0IYis3XQ6_Dq1B98/881755a8ad2656b5/878f5f1165da776 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rzr02/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 878f5f1165da776
Content-Length: 27952
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:03 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: arZaAIx2M4TBsA/2zikGuQ==$innVeVZsldRDF/QoWXO9qg==
cf-chl-out: FVlT1obxga3FnlX9gvbCSx0S3Cq3BKymGvCiVWVtWJTilztZf0an7LS9DVVqlCOq9f0PTl06utjwD9PjUi26i3N5Ds8TeP2lr/ZDDfy1aaqYlj3yhwxwcKOFYJ9plnmS$dfKFMP2KA5OfD8qILTKZHw==
server: cloudflare
cf-ray: 881755b7195056b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/212483619:1715314279:Q_qbjvKH2G4QmYMKVd_36y6ligNLxwxpe_4qIAspBzQ/881755b9cbd256b5/26e70e2df51c9df

104.17.3.184

88 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/212483619:1715314279:Q_qbjvKH2G4QmYMKVd_36y6ligNLxwxpe_4qIAspBzQ/881755b9cbd256b5/26e70e2df51c9df
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87789 bytes)
Hash
96b6adfcab3b89e256bf0a846affabf5
e6504bdd3c1dc3ffe898a8e418653ce38aedc7f6
af60115974a5e1d8c602b34305924fa62f1efb940fbd24bef62d19181c905049

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/212483619:1715314279:Q_qbjvKH2G4QmYMKVd_36y6ligNLxwxpe_4qIAspBzQ/881755b9cbd256b5/26e70e2df51c9df HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mfor2/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 26e70e2df51c9df
Content-Length: 2786
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:04 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: geTwSRBKvZwATuXuPDQ8CoCJ4EF5GlHn4DyKCbMkHs6iKurpuq2f7xdiE6Ec9Uzx8o/RCN7+8whc1Jew2r3GgzK7zlIVpve9qIJRpmko2ejIpr+Fx/ukoJYTPro4Hk/nMybkcGqGdvTBRev9pRxB7px8UaN15gs2lB+CMGLHvTDj2ilWk0gez6a6WJ1xYy53p8EYxZMi39iyfgaTPQIFYS28M1/2RfMtZv44htNdzCgX/OqSJ5MrFJf0kCiFpSLjd4ES78rfw3YmrMvQltul4zEGIAzlzMkNpIgCImDUT+P1LMnAX0LUYmOuof2Vo5nRGPt0y5J3m6NyOlpkkM2PCNxtpoFo9HhPhQXlCrW93JKzoVfau3827ADXHTTD5PoFnDvMlxZg5EyImkltmmWjhQglE+9gmiysf2kp8NAS1/pv0NusZJLY/By4iCxjb3du0pqhiaEM133SRRoN+ItubQWaHxecf47AhBtJWzG3D88=$N4oDkwjPDX0MXB8stNM04Q==
server: cloudflare
cf-ray: 881755bc1d3356b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881755b9cbd256b5/1715316904357/8a3019825df122bb5ed15f8697b1e8c0d72e16b85c2d461320d221d3e422e474/sNHZYGeKpl1Z_1L

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881755b9cbd256b5/1715316904357/8a3019825df122bb5ed15f8697b1e8c0d72e16b85c2d461320d221d3e422e474/sNHZYGeKpl1Z_1L
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/881755b9cbd256b5/1715316904357/8a3019825df122bb5ed15f8697b1e8c0d72e16b85c2d461320d221d3e422e474/sNHZYGeKpl1Z_1L HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/mfor2/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 10 May 2024 04:55:06 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gijAZgl3xIrte0V-Gl7HowNcuFrhcLUYTINIh0-Qi5HQAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIIowGYJd8SK7XtFfhpex6MDXLha4XC1GEyDSIdPkIuR0ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 881755c7ede656b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/favicon.ico

172.67.199.215

4.6 kB

URL
donclion.top/favicon.ico
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
4.6 kB (4622 bytes)
Hash
067f9234d63c75eff3fb973e5dbdc85a
7a2007d62d760aae7085b0fe50e6e21dbd84acac
bc3649a6a5a489b8b2d63204e091312c407c0642a10d81e5a58515ab88b752d1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Fri, 10 May 2024 04:55:03 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: HIT
age: 5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qn5o8VBvTefGXO6J6DM6DL88eu57XOOL47nT87RUpwVeIPo%2FUiJwf0lDI7AlZHD%2BP%2By%2Bk4RNUGQr%2FSPfYwql9ED6%2F0kssptCgBm6TxS8oxHmO5lc5jgdDRfjj1Wjsrw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755b99e48b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 10 May 2024 04:55:06 GMT
content-length: 0
location: /turnstile/v0/g/1b3559406bc8/api.js
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755cbf86f56b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax

172.67.199.215

32 kB

URL User Request GET
donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdonclion.top
Fingerprint6A:DB:BB:36:1E:73:2D:C2:C5:1E:1A:EF:92:4B:9C:EE:8A:EF:BF:38
ValidityThu, 09 May 2024 12:26:34 GMT - Wed, 07 Aug 2024 12:26:33 GMT

File type
HTML document, ASCII text, with very long lines (805), with no line terminators
Size
32 kB (31612 bytes)
Hash
a412a44b531d03b2b158e4a230c2f69b
b6f5efcb07ebe0f23b6bb1305707e846e5db8c36
885b7c2ecb65a525e36f26734e497a88f82e3f9cc9dfc101bd6d5c0698a500e1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:06 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEvTCZ%2BHbdJ%2FYlNgEHCcGTx3jHqA6lfiqynTRvb8zJLMmZxTJ%2BTWBgffyQFBeFfG%2FmS3eQ4aXouDFfEjHflU%2FrQ%2F775LlBx87i9JakP3IGDmwPSIRfGw6OzNrva1lpA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881755cb0c5db4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cco7p/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:07 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 881755cd697256b5-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js

104.17.3.184

220 kB

URL
challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42616)
Size
220 kB (220390 bytes)
Hash
86183dd14ee10d1dee92b37b5069d716
9ec32d650ece484bbe624ca734a0a65e22d35dd6
ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4

HTTP Headers

GET /turnstile/v0/g/1b3559406bc8/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://donclion.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:03 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755b94b3656b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881755cca8e156b5/1715316907421/-V8vZbz79OwPpc4

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881755cca8e156b5/1715316907421/-V8vZbz79OwPpc4
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 42 x 89, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
5f5da92a72a3b8c71ba0ea16bbf9a42f
769a88402f3d32e5196a9f9ccd8fd03a42dfe5a5
60e10adbe21ca635acb02829cfb913a3a92350b30481e197580791952cdf6807

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/881755cca8e156b5/1715316907421/-V8vZbz79OwPpc4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cco7p/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:08 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881755d6286856b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax

172.67.199.215

421 B

URL User Request GET
donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdonclion.top
Fingerprint6A:DB:BB:36:1E:73:2D:C2:C5:1E:1A:EF:92:4B:9C:EE:8A:EF:BF:38
ValidityThu, 09 May 2024 12:26:34 GMT - Wed, 07 Aug 2024 12:26:33 GMT

File type
HTML document, ASCII text, with very long lines (805), with no line terminators
Size
421 B (421 bytes)
Hash
a412a44b531d03b2b158e4a230c2f69b
b6f5efcb07ebe0f23b6bb1305707e846e5db8c36
885b7c2ecb65a525e36f26734e497a88f82e3f9cc9dfc101bd6d5c0698a500e1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:09 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2FM5%2Beb94WL2CuNbvc5sPLpSOyKpu30OZ5YokEJBRr4xymmJtzf8rxQjQvoVZyQpNLD4vu44iGY96lLjaRfP%2FQP6ZT%2BsTe0nTXKlMd6a2PD%2B2Vn68ZdEzESYmGELqzo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881755deab1db4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

142.250.74.170

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31191 bytes)
Hash
cf2fbbf84281d9ecbffb4993203d543b
832a6a4e86daf38b1975d705c5de5d9e5f5844bc
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

HTTP Headers

GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:33:17 GMT
expires: Fri, 09 May 2025 01:33:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 98513
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cco7p/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal

104.17.3.184

141 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cco7p/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42150)
Size
141 kB (140737 bytes)
Hash
fe8d620647379e1b101d259a1999d355
b379e9176cf2f4391bbb612e1724c1a3e9922a2c
715964b776cab903d3e3e641375956f92c78447e97867c9537d77552ff0d0963

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cco7p/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:06 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
server: cloudflare
cf-ray: 881755cca8e156b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881755e058a956b5/1715316910515/FSaeLB_YNql9Sjc

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881755e058a956b5/1715316910515/FSaeLB_YNql9Sjc
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 51 x 18, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
a9c221ad06255fe6b3471816f23ce1d4
0dd5d5999a32a9d0991bb93cece3269b1b1f17f3
15e6bf01b4a46bbf96bfdc531dc2a961df7cc4c23f86b7d77b96f475161b9abd

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/881755e058a956b5/1715316910515/FSaeLB_YNql9Sjc HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/t93rh/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:11 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881755e60d5f56b5-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js

104.17.3.184

14 kB

URL
challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42616)
Size
14 kB (14533 bytes)
Hash
86183dd14ee10d1dee92b37b5069d716
9ec32d650ece484bbe624ca734a0a65e22d35dd6
ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4

HTTP Headers

GET /turnstile/v0/g/1b3559406bc8/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://donclion.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:06 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755cc288a56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881755e058a956b5

104.17.3.184

130 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881755e058a956b5
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
130 kB (130002 bytes)
Hash
122ad2d1455ff102b0111dec28392741
479de730e5b689eb9a3d11ccd888af027e7a61d1
073d39fe1baccdbaf7c90a209773456e98ba298038feee296d2d1310992766ae

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881755e058a956b5 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/t93rh/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:10 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 881755e0f90e56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/api.js

104.17.3.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 10 May 2024 04:55:13 GMT
content-length: 0
location: /turnstile/v0/g/1b3559406bc8/api.js
cache-control: max-age=300, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755f30fcf56b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/_duraguard_oxy/functions/validate.php

172.67.199.215

31 kB

URL
donclion.top/_duraguard_oxy/functions/validate.php
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
31 kB (31192 bytes)
Hash
cd7bc652307ad520366f441f280c3841
6793c65d772047d2f94cae30b74e5e99266731a4
76fac969d2b0e07d21bf7f1c395d0a855abbf6559edb1cc13415db1811ec6187

HTTP Headers

POST /_duraguard_oxy/functions/validate.php HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 560
Origin: https://donclion.top
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:12 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtIUuAWfB0a1x6oe0h96KA%2BWzQ4OL1D8W3NkO7yEOe4uwWtoR%2B%2BETy7NudmWdzcASaPeSI2CcUu3%2FdhNpksJ2%2F82Q2bWI4yJ%2BGQEqiM1BVSoi9Mbg0PQXa1p%2BO%2FcmDw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881755f15974b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/t93rh/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal

104.17.3.184

37 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/t93rh/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42150)
Size
37 kB (37086 bytes)
Hash
b299e7fe27ed778fd4aac1c812b9d9e0
8d0d4c9ab5346c2f8f735dd8d23238e50e6adce6
571d570b0acdba819983318460e936e35df453d6ed3fe8f2366748c83ea504ec

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/t93rh/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:10 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
origin-agent-cluster: ?1
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
server: cloudflare
cf-ray: 881755e058a956b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881755f3b88e56b5/1715316913622/6070bbf8979bf7891006df59639b0962f33b1db9e09ac697781ac6a0121e7987/bUmPLRdY1K9-zDv

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/881755f3b88e56b5/1715316913622/6070bbf8979bf7891006df59639b0962f33b1db9e09ac697781ac6a0121e7987/bUmPLRdY1K9-zDv
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/881755f3b88e56b5/1715316913622/6070bbf8979bf7891006df59639b0962f33b1db9e09ac697781ac6a0121e7987/bUmPLRdY1K9-zDv HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ezdcw/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 10 May 2024 04:55:14 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gYHC7-Jeb94kQBt9ZY5sJYvM7HbngmsaXeBrGoBIeeYcAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIGBwu_iXm_eJEAbfWWObCWLzOx254JrGl3gaxqASHnmHABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 881755fbbf1c56b5-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881755f3b88e56b5/1715316913628/OR4Sn0Ga2cr0Ajt

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881755f3b88e56b5/1715316913628/OR4Sn0Ga2cr0Ajt
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 42 x 25, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
3bf33b7a73fc48fca3f9e2a86beef0b0
ceb7ae55935fb8d00c7fe18ba1326f5843c2d7a2
cc90d1832dedbe23a015b117934168ca2165242da4ea4437a7c36b0335887908

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/881755f3b88e56b5/1715316913628/OR4Sn0Ga2cr0Ajt HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ezdcw/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:16 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 88175605eed156b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/favicon.ico

172.67.199.215

121 kB

URL
donclion.top/favicon.ico
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
121 kB (121177 bytes)
Hash
067f9234d63c75eff3fb973e5dbdc85a
7a2007d62d760aae7085b0fe50e6e21dbd84acac
bc3649a6a5a489b8b2d63204e091312c407c0642a10d81e5a58515ab88b752d1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Fri, 10 May 2024 04:55:01 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: HIT
age: 3
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Brob10zWr52YjBV4kUWeEByeiFG%2BGVfBAfdnype%2BpfT5tFVeGZ8u3ARywT0qqJhfOPHeo2KYkJTJKPdpQHKItjkRNkrHReBBx1uztwWII4yOVvUY9iYndWEn2xkbEJE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755a87f3db4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js

104.17.3.184

168 kB

URL
challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (42616)
Size
168 kB (168446 bytes)
Hash
86183dd14ee10d1dee92b37b5069d716
9ec32d650ece484bbe624ca734a0a65e22d35dd6
ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4

HTTP Headers

GET /turnstile/v0/g/1b3559406bc8/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://donclion.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:13 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 881755f31fe956b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax

172.67.199.215

19 kB

URL User Request GET
donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdonclion.top
Fingerprint6A:DB:BB:36:1E:73:2D:C2:C5:1E:1A:EF:92:4B:9C:EE:8A:EF:BF:38
ValidityThu, 09 May 2024 12:26:34 GMT - Wed, 07 Aug 2024 12:26:33 GMT

File type
HTML document, ASCII text, with very long lines (805), with no line terminators
Size
19 kB (18881 bytes)
Hash
a412a44b531d03b2b158e4a230c2f69b
b6f5efcb07ebe0f23b6bb1305707e846e5db8c36
885b7c2ecb65a525e36f26734e497a88f82e3f9cc9dfc101bd6d5c0698a500e1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:03 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eC3yFYoG3nDRX%2BpwcHOaIVPPtjuUhFYUeYgzBr3ZMZ2t7VYsV8R8mbaGQ0kLZmHZhggipm5gMLBrb3OxC7WMYseHHKM4ZMLlYEQ58%2BUfXeJQv4HsoSAGtv4NYAHdM80%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881755b84d1bb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817560a5a9356b5

104.17.3.184

122 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817560a5a9356b5
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
122 kB (122435 bytes)
Hash
9d52cfea332f65e29d2ab9111c297c00
64aa40053230e676c931d2b4e46fe5c874eedf3b
fec4156985a9087e4a2f78ed55eb236f871010a0044b41f3d479a88186dfd6bf

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817560a5a9356b5 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/4428i/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:16 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8817560aeb2656b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8817560a5a9356b5/1715316917252/80b8c09b6b36376d3d1de1487b908f44b515582ab89c8cb1b33a2b55d23742bb/Ft3wpbUa2GvXvdc

104.17.3.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8817560a5a9356b5/1715316917252/80b8c09b6b36376d3d1de1487b908f44b515582ab89c8cb1b33a2b55d23742bb/Ft3wpbUa2GvXvdc
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/8817560a5a9356b5/1715316917252/80b8c09b6b36376d3d1de1487b908f44b515582ab89c8cb1b33a2b55d23742bb/Ft3wpbUa2GvXvdc HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/4428i/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 10 May 2024 04:55:19 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20ggLjAm2s2N209HeFIe5CPRLUVWCq4nIyxszorVdI3QrsAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwJNLx-F--HQ4G6w81Lqhm55Wqle9iE4E64E37YL7QkK_ylJ-Dsmf1v3knq_MpBi8JncpUaWMssdL2Aha6xVtTuit-n3zEDZCW0VR_73N-Mc6DxdptQ_jsmIxis7apwux2f5L0gN0Z4K9C36tRcIL-chm-gijHvxrbhcCYusNwrgAlFaiqNWBqxKTiuPduHX4CNzNb7BAiNPz7ppY7Xn1WjmxSB-BaqSVLCYtDy-Mw41UBzE3QEcVUcRH9er-MksFvohzvhlnTTonFaMyAUYx3d_uCdDannmVQhRsm-aJs_P_GGe1TX3e9g5Sy-NmhGrro0kncbPlfTwFxa8SwJ5-8QIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIIC4wJtrNjdtPR3hSHuQj0S1FVgquJyMsbM6K1XSN0K7ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi_Bv1vvWWnyuOfVJgRV-AQLxEJECUUmMRrMnYz-gJA-oMd79ajvP3atoTZqB_EsZIq7SMmpbCRFhPolqzIrtXh7AF1Q-ZWY2RoRVRgKr7d6iJMZ49iZUmbz837eqBZJrEMuXftZmY35str5sb0GjzklF8z_hcQJC9vancYXncsYoiMDaROW0tLwSQA9BGfbmA6GlbVj4XH8DH19cKifxmO6RlIPPKlL1KmZbrRakkpuqvJO2-x1Zc2S5GCpponuvQTqJQH8Ud9loZLI75e-Xa9KAUNtBTM0t9WSEsv8cSJLV1BPBVTy1lOnwghofw4fqmlYv6CXClzAUqWouSTJ7uwIDAQAB", max-age=20
server: cloudflare
cf-ray: 88175618ee0056b5-OSL
alt-svc: h3=":443"; ma=86400

donclion.top/_duraguard_oxy/functions/validate.php

172.67.199.215

1 B

URL
donclion.top/_duraguard_oxy/functions/validate.php
IP
172.67.199.215:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

HTTP Headers

POST /_duraguard_oxy/functions/validate.php HTTP/1.1
Host: donclion.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 560
Origin: https://donclion.top
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/_duraguard_oxy/zure/b3b32a2d422265cd25c3323ed0157f81/_we_transfer2/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&pcnt=null&pmax=pmax
Cookie: cf_clearance=5eT5wyjOFwlqtfQ8ia69lHwSFmUePqyV_4AW21gwrdk-1715316898-1.0.1.1-onAxtJirs0NenW8yYs8SKMI9pNyfmowdVX3DM91YIRyC.MildRr5SBwqOrUT6KLkr83Kb.Y9M4UGmmtCILt2LQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:19 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rauJn7Grw6QXYN0gUGo5N61bteNdwXavgTlt7%2FnsV%2BI%2BVLvP6JmZC53k88lbg1jgFsIkD%2FuChxt%2FyMvP25WDMFJ8uDT0atqCdprh1T%2FK1e%2F5fDS3g2BCNxrV7dSRMaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8817561b598ab4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

142.250.74.170

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31191 bytes)
Hash
cf2fbbf84281d9ecbffb4993203d543b
832a6a4e86daf38b1975d705c5de5d9e5f5844bc
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

HTTP Headers

GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 01:33:17 GMT
expires: Fri, 09 May 2025 01:33:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 98522
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q1x10/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal

104.17.3.184

18 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q1x10/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42150)
Size
18 kB (18476 bytes)
Hash
0d91a5b05aec2bf482a4c2cdbde21e77
53e7a1f133f74cccf33b9ebcb6e1773d1196fe99
de5657ea6d2577d68af12edecbc7fc23b5d3fe53d21af688fe062cae6e61cfe3

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q1x10/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://donclion.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:20 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
server: cloudflare
cf-ray: 8817561e09af56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8817561e09af56b5/1715316920399/i3hYm3QXYwfP_AQ

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8817561e09af56b5/1715316920399/i3hYm3QXYwfP_AQ
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 10 x 49, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
ca1012d9c08896a8a21d6770f9e87839
c8b23ea51895ed0d634c88928dd5fa984928cd3f
916121b6c7540db599c3f40eb27da81e49ea1116eada18d331608bd979b0e3f2

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/8817561e09af56b5/1715316920399/i3hYm3QXYwfP_AQ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q1x10/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:21 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881756243e9456b5-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/947338034:1715314070:11AgCp9Wiaw6bBLudBo0Usq7P1a1ybK7RoJOBE50t_g/8817560a5a9356b5/4284df31eb68828

104.17.3.184

200 OK

115 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/947338034:1715314070:11AgCp9Wiaw6bBLudBo0Usq7P1a1ybK7RoJOBE50t_g/8817560a5a9356b5/4284df31eb68828
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/4428i/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
115 kB (114600 bytes)
Hash
079eb46c312d3e8e5dde831f140af986
639959cbe1199bbe7463241e92827cb3e7930123
08f72391fa3e922d733090da36d94263a30216dcf65e7c4d5d397e0d4c5405cd

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/947338034:1715314070:11AgCp9Wiaw6bBLudBo0Usq7P1a1ybK7RoJOBE50t_g/8817560a5a9356b5/4284df31eb68828 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/4428i/0x4AAAAAAADzWzgyzZH-kqvo/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 4284df31eb68828
Content-Length: 2803
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 04:55:17 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: HMKZ1sPog7150sPqPu5BPmFPAZh27uFoXXcH/VqnAkNy0N8vRPwl3fHJUjpxYLLRuuCtrTgmP1pUabTkbQX+ayqaCH79gvQpyeICGxb95D4oTH1Fh4sNZaNnYZ7HHv3PWeP8mbKNk0f/vcw8iNpRzRLjSSZP9aWn4+ukRmfHBeyJCykEIRe212bFggsrbe3QBBJPhwbUUXjU9etJA/j4V+Z2GC/YQC9UL3dTRrnimsnRjLUKOd5j0T+UhwYzxbj9MxvKRZNTNHmnOAZBWEZthG1G9E2diROj3+kd78IuIytoiVdmsFn6vilQiGngc9zSVOPrUDV+QMQ53Ux6Q20KDb8oInHen7uR9SLHNtU+YVctsAc+zPCE64txnVzyiKanHhYrfh+UUHtvJLbJ096a5BnMdA05wD85KK7j654aCFR57crG4IPp9LFaR0xkze1N$r6axYr5kvYLfV3SvdTVnDw==
server: cloudflare
cf-ray: 8817560cacb656b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations