| | 188.114.97.1 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1IP188.114.97.1:80
File typeHTML document, ASCII text, with very long lines (14356), with no line terminators Hash2162795219958ca824b07a62f5129220 4e4badcc4153f9d89964e90dff4c6ee6b0019179 9bdc1a03b3497d20c400d8b906e27adfaf8ff62d98c135413d0a1e78934992be
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /y HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: pqzBexefCL3K6PWaYiTetg7TrCmPE27qBvr6ImGN7YPSTKErQFerg7l4/PWC6T/9bLcdLeHr2aVNEfgceyNkfnwVJdv1h3q0SdHgWRn2kT4LP16QPFKtBbhum/CTjCOS7yW1AEeSjMcRBfMuMnTLbA==$f38k0amZUUAxbJjVNLn0kA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q3KYUzK5DOZRY0X4PSnurWLuS29pKAavwZ4uSA0BhNjdXE0r8voAnJJRrNXfBVGFcRMaAu5MzQMA9YxQZZCNxm5gYyc7kVarldWklXzT%2FHs%2FcuJoPoMwnWjI9Mwc0R0IoWZVtFXJ%2BQY4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62819a3956c5-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62819a3956c5 | 188.114.97.1 | | 111 kB |
URL shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62819a3956c5 IP188.114.97.1:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size111 kB (111092 bytes) Hashdf17193439bb6e406c8f50dee1ba776b ec218e2733acdbdc381dc5ab2aded2b2cb275a00 0652a029085e3d5e9e8c13180852a3fa337d513503ff0576f1080d7aedd6336e
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62819a3956c5 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y?__cf_chl_rt_tk=LTZtDKoqB2a16nZCIv6hdolO2dq8hpWeS24g46grGuE-1714174479-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:39 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D9oUcTQaE4E7MPZQ%2BzmS2qpGelxSRFm6YDz7HeJ6CJ%2BzLqXJO1DaSdmk1kPWzWivO3BYiyabhXX0D93oYGV%2BSR4PwSsEF6srzCABxkrhb%2FuvWsE%2FOvB2oELqCy%2Bobc1MFUWP3EwSBYK0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62835e12b4fd-OSL
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 188.114.97.1 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP188.114.97.1:80
Requested byhttp://shortsvelventysjo.shop/y
File typeHTML document, ASCII text, with very long lines (14483), with no line terminators Hash7a5e863ef07793361548d008d0830fb4 79e9d29619a8134afe583c84de00ae8788e90604 78d150f60dc43f1fa93666b0bb793a8d2b875d33359db6f081d17121a96c4abf
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y?__cf_chl_rt_tk=LTZtDKoqB2a16nZCIv6hdolO2dq8hpWeS24g46grGuE-1714174479-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: NqEZyNAhrc3WQnITPVX1zA7QHtSQr46k9umLYaprKbxxrd7V6A7kDS2a86wlozYvvREZyLziQQlvNtJ1c2emQrUiwUwLYmmCgAx+/JCxXobJfhE45g+MCHJvJiBX9q29CLjuzOGm+iv5g85/Ss9DpA==$dDjJ+8JZhE5kWgRJSJdXbw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2BVOs2jhVMBQVG6MpjsyfikwhTrZwCEOZUWQUQewhUW7tE8qI5OR4v6ykMb9cKdPZ6Wd3SeWnMZgWMrWUnf7u96iuyRXIV0doQfV6UfRjp5voWTMeOp5oSNwuFk7fM8rS45XAB7tqH9n"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa6283ae60b4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 188.114.97.1 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP188.114.97.1:80
Requested byhttp://shortsvelventysjo.shop/y
File typeHTML document, ASCII text, with very long lines (14398), with no line terminators Hash58724bfd7e406016f97f7bdd3528ff68 b32f8947033e44b9e7214f9722bc829b75dc75cf 6eb552f49519512bd7afe41c90fc39d89cc0749948dfd90c2878fe73fcac2c35
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: LvovqqhyWCB8lgTVt5rpR94y0NkbKsOaL6pQlD3Wzn7wzkOvb5gOVqoUPUHhFnGpAepouTR1+GGEPm8KhIxjyIuEQwiHXolXbI928GraJ4xFqDmtxXlPuHNNAHgth88NiF/S4oTEYbgNzhiC/r1tXA==$bNT6HRUf2Ngt7RxKHjveOA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2BGBN7rGNh%2FvAES7GLFnM5WR%2FIqQpvE8uNTmy1AgEUngI6yG7CkQuiczZAyQph1kFYifNAPTsB7ZbcmBtyH6TAB9T0%2FwayXEXepG8B90NFS3bUYnchPQwrK%2BOy3%2FO6BvLFeBI3potD2H"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62849d87b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/516698028:1714170366:EDMYU3qMfAvmK8C9frUlfeOQ59_jK8xnEkLklis7mb8/87aa62819a3956c5/c27ef7ce56938bf | 188.114.97.1 | | 12 kB |
URL shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/516698028:1714170366:EDMYU3qMfAvmK8C9frUlfeOQ59_jK8xnEkLklis7mb8/87aa62819a3956c5/c27ef7ce56938bf IP188.114.97.1:0
File typeASCII text, with very long lines (15980), with no line terminators Hash451c4d66314ad7945b62f22b3541fc58 c798ced997fa978210811b9a68e7d4f2f9d940a2 def27031eb1035b2f0fb19b9869043f89892cdfdc322d99df64b421edf66e440
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/516698028:1714170366:EDMYU3qMfAvmK8C9frUlfeOQ59_jK8xnEkLklis7mb8/87aa62819a3956c5/c27ef7ce56938bf HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y
Content-type: application/x-www-form-urlencoded
CF-Challenge: c27ef7ce56938bf
Content-Length: 1859
Origin: http://shortsvelventysjo.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:40 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: kZHi6UtIGuvGxXshfQdo/0HDqxTCmUY12hOBtdGqblGDxJA7zMVQm57e8/9E83PI$P+9sER+7ZwD+lZZQ2LUdLQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A5A%2B9390Na8y6CclXGDIzPLA6VpNk2GDDiDY9PFkRhPy%2Bn0Vvk3qRfrd%2FIggiK7ajOa9YJwlrKKQCCkLra68ONfrt89pQ%2BYh3qWUBNZIH9KYyv6h5bVwPf6GhtQWJn2zA1tQ4Lx38G4i"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62850a160b59-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6k09g/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6k09g/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hashfe2dd1a4536d92dc132473680174b9ef 8fca2ec22f352198768f4db641fc269d9ea1a531 2787a312368fee8c8930964a4c248ee40fae8aae3ca554d405c1e9397bd26c30
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6k09g/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:40 GMT
content-type: text/html; charset=UTF-8
referrer-policy: same-origin
cross-origin-embedder-policy: require-corp
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
document-policy: js-profiling
vary: accept-encoding
server: cloudflare
cf-ray: 87aa628638460afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa628638460afe/1714174480790/AEQQQYlkD2wW7CX | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa628638460afe/1714174480790/AEQQQYlkD2wW7CX IP104.17.3.184:0
File typePNG image data, 100 x 83, 8-bit/color RGB, non-interlaced Hash0b346623768e853abacd46b39e6d7f59 0810637d19b47c1a0fd5d467d74b76a28856e723 08341f269ef18e297a2b0b6834a3b66fd099cef3808c5a47f75e180337ee2d89
GET /cdn-cgi/challenge-platform/h/b/i/87aa628638460afe/1714174480790/AEQQQYlkD2wW7CX HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6k09g/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:41 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87aa628bda2c0afe-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa628638460afe | 104.17.3.184 | | 174 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa628638460afe IP104.17.3.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size174 kB (173696 bytes) Hashe145f140339d158b8902c25b3f536242 71a98fc6ef385e08c15093e724cf9df32aa640dd 91f04ba591154f33c90509bf56475061e60825880040da97087d1bd0a1587619
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa628638460afe HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6k09g/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87aa6286d8780afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/189310232:1714170632:EH0-H7_VQrG_UsIPXnsHqn_ZNjD3e7t1scViX518mS0/87aa628638460afe/b27e3260b803264 | 104.17.3.184 | | 23 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/189310232:1714170632:EH0-H7_VQrG_UsIPXnsHqn_ZNjD3e7t1scViX518mS0/87aa628638460afe/b27e3260b803264 IP104.17.3.184:0
File typeASCII text, with very long lines (22556), with no line terminators Hash0985b8f2ed5b500380a81502d873cc5d bf50abfd628793954e89874349fc9fccac0502a8 fbc5a1d64d8010602736ba5227608302a7013dbd8376068b1ad3c13b1f89b81d
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/189310232:1714170632:EH0-H7_VQrG_UsIPXnsHqn_ZNjD3e7t1scViX518mS0/87aa628638460afe/b27e3260b803264 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6k09g/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: b27e3260b803264
Content-Length: 25304
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:42 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: kdnbnpa2f+qY8rpg1+o/LkX5JlOtx3CbxoGEiCD9QuXwx5jikvxdVnv4KourRknH$a1CjW66y26OQq0mvvQELqQ==
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62933d0a0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 188.114.97.1 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1IP188.114.97.1:80
File typeHTML document, ASCII text, with very long lines (14377), with no line terminators Hashda774ecd5fc69a7ab07ecdf25a33b414 2a49191df191e261081e2b9f3706248bda6b64a6 93e745dc711a4dc5e3090d52c2de124cc3fb9e92296e89b88cdb4ffb6569ab17
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /y HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: eu4XFoYJ1D7QlgXeQRHiq8STU9DPuoN2jCFV7bNFMun6YhfCyORi2n5mn4YNkCLyzamNKTun+WDt2/6GTW3ZS6uPqRVTT3I7rIbNSbltvW16ddhAejgp0tIMxkO5N/IbTqrrInegvjNGJ+rqZLifBg==$j+6bNe91mv2kZxrwzPEa1Q==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ST833%2Bt%2F9eVAgm5ETDbDWIItEExFFLFs1Jwe3U1i9YXvPUexvKt%2FH9%2FW%2B1sbDvKqJdz7WAc2aCOL08%2BMRWQ9%2FQVOaahqKR2sDxtrMxIgRDisEoA9eu1rNneUKIj5wBmqyepTY2myvINZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62c67fe50b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/189310232:1714170632:EH0-H7_VQrG_UsIPXnsHqn_ZNjD3e7t1scViX518mS0/87aa628638460afe/b27e3260b803264 | 104.17.3.184 | | 117 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/189310232:1714170632:EH0-H7_VQrG_UsIPXnsHqn_ZNjD3e7t1scViX518mS0/87aa628638460afe/b27e3260b803264 IP104.17.3.184:0
File typeASCII text, with very long lines (968), with no line terminators Size117 kB (117319 bytes) Hashfab27ac5e40242dceac1afeff14873f7 b65bdb10acd838dac4517c0d97259fb8ca7e0a3a 6e1efa1ec211661e0f82df8405e6b4338c8d29fa17c5ff178f52f8b1c63ff90f
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/189310232:1714170632:EH0-H7_VQrG_UsIPXnsHqn_ZNjD3e7t1scViX518mS0/87aa628638460afe/b27e3260b803264 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6k09g/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: b27e3260b803264
Content-Length: 38492
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:48 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: oYSaW73hcP+QN0Xd/xic7+V1KayKlPpFq0MHv54B0CHTK3cCcCB5W6HLp9E3yJHakm819sLyIyMdYwzJZ3T64obr/szCfGtlEycYapaUyyI=$1mUbkhn4Niy6o7B4m0ztow==
cf-chl-out-s: xFuL85oZe/lzcathXgC9u7k/SVBMhsclQ2Da2n1D7iHB2n/JUxahOCEmt+QLewWFWAUTCZQN65F/OZi+OTpZ5NJv9lC4BANbW89hy+khosokUzzRU1F1lfPsVBhaeNYNtK+73WuMaOwMomxn3R++9A==$Ei2Mo55xK8jnvE5iC/c6oA==
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62b8fb760afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| shortsvelventysjo.shop/favicon.ico | 188.114.97.1 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP188.114.97.1:80
Requested byhttp://shortsvelventysjo.shop/y
File typeHTML document, ASCII text, with very long lines (14505), with no line terminators Hash4c6f7c0141fa38c9befcf5621a0caa79 b7242370f89c4b370a1dc56e66b0e619d73dbec2 0c0a2d9516242d8144f076cb2da4bf67a9269fd550a7fc7a96cc54a9e9fd4358
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y?__cf_chl_rt_tk=yljpOZpok5HvbGyEegpn8x2c1WZGp2nD0nL9fBKaJGg-1714174490-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Z3E+vg7EBeiwghzjI77mkTZebBSy6aj5sJX/GwHOkJyya3f8v7n4NMZBy5oeVlsKLM0pPFPyID+mJQrnJjeplZhhmU+mXlSdFaTms1JHo1lHi+x/A5+yrHb1ST7eFRhgkaAtPy59zyeac+pg1UbA6w==$diBXYEdLXbJYoQVEFhi0dA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GLV8oaNsnAB6wr9hfWfWopAxlu%2BEpFLbynv8S96wK7shSzyn13zYSFaLfVbblNZd1Bef%2FCw2s%2FZakrXdmoCocY7oUHnjWR8TdRohQV2H0Y67YBjaJ24ksBSI1D8NlQDMH3dEXc98PRMD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62c72ad05697-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 188.114.97.1 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP188.114.97.1:80
Requested byhttp://shortsvelventysjo.shop/y
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hash812ea4aba338d585f985798774ed8a65 27060cff17784e3b6cb6057db8fe3da7590910be 3e43aee9a8cec0b82b1e893c00e52a2bfadf049885afe71cf1d5a336400f364e
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: yU89tUqXONuNyATBKyyNsRwuZv+jq/xoSsP+0wn5wtNnNGS+L+QO5qH8tggkFk6/SxVAzZN0LR/pMEeafY6Z2wC6TkqM3SjQxKqPS0ZGc0NOa40SUAJWau/sQda7b7zbUOsGSTTzcoCiRibzuoIPcA==$fWXq+blr8TJSrdud5GRc9A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xkJeYvA6ULxM0WxjtPTbB9wcH%2Bkvo7XBJYmJvGJBZ7TICqnvV%2BmRpvRJZMhbNjpXVrrR3SfKDRW7Z30SipQWjZADdE91WXHafvC4GIhfhXJBBCkP4fQIBwacNP6%2FiXPDndF4dJuI17HY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62c77e6c5684-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/743214311:1714170383:XUTuMnRqo1YH_wMnf5QJqpWxdOj9veQQxiZhQPfYsEw/87aa62c67fe50b59/b0c75cc3795d289 | 188.114.97.1 | 200 OK | 12 kB |
URL POST HTTP/1.1shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/743214311:1714170383:XUTuMnRqo1YH_wMnf5QJqpWxdOj9veQQxiZhQPfYsEw/87aa62c67fe50b59/b0c75cc3795d289 IP188.114.97.1:80
Requested byhttp://shortsvelventysjo.shop/y
File typeASCII text, with very long lines (15948), with no line terminators Hash83aebb32baf19d7bbb00c2cfe60eda25 add99269d457f20e5aefcfbfe71a3bd2261a4bb9 53aff7140ddb9d584ab56d1fbdbc4c0ddbb0cdb6820ad92955a50bba40a5c1a7
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/743214311:1714170383:XUTuMnRqo1YH_wMnf5QJqpWxdOj9veQQxiZhQPfYsEw/87aa62c67fe50b59/b0c75cc3795d289 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y
Content-type: application/x-www-form-urlencoded
CF-Challenge: b0c75cc3795d289
Content-Length: 1866
Origin: http://shortsvelventysjo.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:50 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: hqOdz7V8aPsXVc6bX4tzpQFXm19VA1EI+AlwfwGeQmaJIBOcdTG7//IMIYVcy/44$ouHjowug5bsHhyEVQ2EeDw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Schp%2FKjLQ2vs0MYDrvJdSTYDjcE1D4MQomNnxKWqpVuWwRhxffds1BNk7B6JnA96hhMru4Bm8XnEFq3tmFptg0oZq8bh7BWcYgj9Buxes5h%2FUEdbfYAjl%2FYGwhg41rQZgtvfI%2FEcFch5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62c85f03569c-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0k89x/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0k89x/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://shortsvelventysjo.shop/y CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hashb959cf5b4bc312ce0dfb671b257d2695 eebf6f5d59dc65675f6ec0c7e5fb0a747b587dd6 77b8d4fc1b7a68b29b15841f725bfa69856b59013eebe155abafdbde30fed3f5
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0k89x/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:51 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
origin-agent-cluster: ?1
cross-origin-resource-policy: cross-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
document-policy: js-profiling
cross-origin-embedder-policy: require-corp
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62c948ba0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa62c948ba0afe | 104.17.3.184 | | 175 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa62c948ba0afe IP104.17.3.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size175 kB (175391 bytes) Hashfad1e98495c1cb6419111a336b6b7bec d12f82975f587efe1be07d5d67b531261817c165 1bd33b7da23dd76fa7ad90acb84ac14287177f0647ebb4b6c452c93221cfbc19
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa62c948ba0afe HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0k89x/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:51 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62c9e8ee0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa62c948ba0afe/1714174491526/n9K7kE5ascU0np5 | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa62c948ba0afe/1714174491526/n9K7kE5ascU0np5 IP104.17.3.184:0
File typePNG image data, 81 x 88, 8-bit/color RGB, non-interlaced Hash019b4fb36e455d2500f4e36923a62bc5 e5bf6114328c0d1d78963b072db55debbffc483d c639f09a72b2c5638a13dbf0ea144781460db5db72862b8b92607ad2103ca182
GET /cdn-cgi/challenge-platform/h/b/i/87aa62c948ba0afe/1714174491526/n9K7kE5ascU0np5 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/0k89x/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:53 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87aa62d60ce90afe-OSL
alt-svc: h3=":443"; ma=86400
|
|
| | 188.114.96.1 | 403 Forbidden | 3.4 kB |
URL User Request GET HTTP/1.1IP188.114.96.1:80
File typeHTML document, ASCII text, with very long lines (394) Hash21d4e458ec7587b1bcceffa4afc33a29 aa8844df5c80027c2edfb85855879b002ef4d607 9bcf15fe9b5c7d99c25724da5c4d86188a595767973ceb9b851f31931ed635f2
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /y HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Fri, 26 Apr 2024 23:34:39 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Fri, 26 Apr 2024 23:34:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ibW%2B4g38ZubBhJEfbBOHr8f8ZrUYLL2ZNgNWHye7wHNLB%2BApm82pMfvI4Mvhum9GzCP4uOxk3FEa8mroFxigEfWHiG%2FWgTpvB%2F8TNLB%2BtLZbOMiagURlKp04Zbq73BT1s9Wx0ghkMwpP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa6280e8140b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62c67fe50b59 | 188.114.97.1 | 200 OK | 403 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62c67fe50b59 IP188.114.97.1:80
Requested byhttp://shortsvelventysjo.shop/y
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size403 kB (403182 bytes) Hash7b8a6710c3bf753ad16d871b99c0bda3 bba631cfe43f689e258258f479b8846f3e45008d fd06fe621a6b756ef45edc5c834a7262362f09ed1eba622b1e1ee61a65304df4
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62c67fe50b59 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/y?__cf_chl_rt_tk=yljpOZpok5HvbGyEegpn8x2c1WZGp2nD0nL9fBKaJGg-1714174490-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:50 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U00KHvEffsBPjPZJhw%2FGKOlDotBNvcMSqbpwgMXhr7ZiDItNGmRxdVjRZXggQspbf3jtn1%2FULQXsGAuzfC8llyuzmdnGCnYnOmsMbF5woectDy4A59%2FyHt1yjmsSyCz345Y5pketYwIA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62c6daa25697-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit | 104.17.3.184 | 200 OK | 42 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit IP104.17.3.184:443
Requested byhttp://shortsvelventysjo.shop/y CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shortsvelventysjo.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:50 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa62c788040afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|