| holicisticscrarws.shop/t1 | 172.67.183.72 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1holicisticscrarws.shop/t1 IP172.67.183.72:80
File typeHTML document, ASCII text, with very long lines (14111), with no line terminators Hashba073352cdd79eb1697e118664a5b08b 763c382c74c99222d487d5de516d5cae6cbf6e83 df0e3a4ef1a8d5ce1402425c174fe4fef31e14a2ade165951b7389d089aa0f58
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /t1 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:05:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: sc2ZSDZIRY1PP0uuIodb8SF+tPS0WSsIO9jD8L4PZb0ZSIPikIImbMsdiGBUkBVErtfzE96R8ykyzRsuJYgsH4agD1a/fDYoDnRtu1nNsBwZ8fmR4zXl+NJEJq4lesHKinKZTgghvDq1wjliSoDKuA==$UQPc6UaRiktS6F/ylXRm0A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztQpTqYBvON0KXmF64ilzRGxfEw3Q6jx2Ol0p%2BaFciT60HowHemgi3nJTWRzhqLvKXo%2FaLXk88%2F%2Fme8JMb5WnolmLnTkN5H1aOT8ppVi3Rnafz9s9sYWhn53kdnPGZOtKWGn4VvFlgZB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8818154f3e7956b5-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8818154f3e7956b5 | 172.67.183.72 | | 109 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8818154f3e7956b5 IP172.67.183.72:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size109 kB (108871 bytes) Hashe5ca883fd62aabf20f8c5370ae73bbef ef7a6ebd6c3d0bad0bf2bdd71546926629b556b9 dffcdbc660a47ec8f96bcead9d21f93e10ea0eda52e289a8be26c767f41c2c27
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8818154f3e7956b5 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1?__cf_chl_rt_tk=_63ZH345l9lEX2iupNkNCZY5zd2oyb5uG.6QNE30E10-1715324751-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:05:51 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WSw%2FbrJ9MWbPKIUVUOW6AqOdKtmhLH3Ma8Q7iRLSLhnkdB7uOep%2FLZzDcn%2FpA6uVbeVbRyaLSIQomyzV32%2FFvW6PuogqlcZhGHcClgoMd00Hz4%2BsOm7k6Lv2GqJ9gHkspzCohtQtYAcx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88181550d8c75690-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 172.67.183.72 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/t1
File typeHTML document, ASCII text, with very long lines (14151), with no line terminators Hash623395c8bfce679a14ed777878b93cb2 df44c048b9602ea36eb8fe7c32a1b64dc07253e1 c9b3d2c4c06634885afa0f7fbc16505539aa6a2eec5ed13ffb906ffde4b629ad
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:05:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: kDpDdYc0F6ltIP9TfBVtqqYe5jNogbcVQLZZ5DD0VHO0GoknuuJbUk4gWtxNZniMZOKiibHvjg6NRlS61EDqFKCVwlN3H0L5V1IPoj11FS44n8RQ/xdUi2VDIwILjWtnajPFKvBeqYkxsCoufjldPw==$UE2SEIqqL84D623AwBp97w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XH%2B4%2Ba%2B13q30%2FTqPdzzr3nxlpirwD4Gqj3i2Cknm6VgyU4bqf7rENPjTBWPynrCHNAxxOek9yRSYIQE8jPefY6Pv6oPKv2jveuy5qsuYsi9QDys1PaRcsfAYUWB3JcHeinn5akEcYOHL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88181551d80d5694-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/63601408:1715321461:VVbJA2hqQKsacZS91M3c3T4y04UbhFfEuFHChwzc35o/8818154f3e7956b5/106c7ab05ec03d3 | 172.67.183.72 | | 12 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/63601408:1715321461:VVbJA2hqQKsacZS91M3c3T4y04UbhFfEuFHChwzc35o/8818154f3e7956b5/106c7ab05ec03d3 IP172.67.183.72:0
File typeASCII text, with very long lines (16460), with no line terminators Hashee5279019ae407eb75b9e46ddc0e4054 7ca57276128b685f1fd32ee2a1731c3fcf8a0e6c fd0346b919e405d9e94655275859a7c45ed8208368bb7c992c11d6168f4924ff
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/63601408:1715321461:VVbJA2hqQKsacZS91M3c3T4y04UbhFfEuFHChwzc35o/8818154f3e7956b5/106c7ab05ec03d3 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1
Content-type: application/x-www-form-urlencoded
CF-Challenge: 106c7ab05ec03d3
Content-Length: 1850
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:05:51 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: b6Tx+wn65e1QQvWa+dgMDUrTPToFkqHB2KxWnSIgoPYJhGN/bIJsQ1bNgtPlVyCC$IRUzg9LTtW+pujOiImGmtg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BpkuPXZ0%2BvwqHaWdyrx%2BLon8V6RmRwB36C0M1%2F2hV9DVle6YRTnrXFzyHROctujwNzGxJQ%2B2ZIUf7faA2jydN9o0Lb2h9osE59XQgcvp7HoT0gosLBe5HHinxUmmlxUSCZGctF4z36Tq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88181552993956ae-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0m3fa/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:05:52 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 881815545a19569a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit | 104.17.2.184 | 200 OK | 21 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit IP104.17.2.184:443
Requested byhttp://holicisticscrarws.shop/t1 CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42616) Hash86183dd14ee10d1dee92b37b5069d716 9ec32d650ece484bbe624ca734a0a65e22d35dd6 ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4
GET /turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 07:05:51 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 88181551eaa65690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1688837094:1715321727:w8dLAqvynhfy2zWVnRhPqnXsOJi5omd8GnkogWc_c88/88181553d908569a/a48fbb4b0ef748f | 104.17.2.184 | | 92 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1688837094:1715321727:w8dLAqvynhfy2zWVnRhPqnXsOJi5omd8GnkogWc_c88/88181553d908569a/a48fbb4b0ef748f IP104.17.2.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash76fdd95bee5b911334d30d96ca1b4226 2dce413b137f2c7547a298efadc1ad6615b9afa7 3cf752fc4e4ccce07e94bd528436fdb8b13773e52c4bee47b24142e77fc93152
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1688837094:1715321727:w8dLAqvynhfy2zWVnRhPqnXsOJi5omd8GnkogWc_c88/88181553d908569a/a48fbb4b0ef748f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0m3fa/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: a48fbb4b0ef748f
Content-Length: 3544
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:05:52 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 22fgyEN5OrBJdCmbcmYda+58BmhSlcMkg72LDrN6Ck9ZAS5GTQ8bX5B96J+zexI3Ag/cW5uQYdj3JR3A3MgNBKfvGMuRBtUT8SKMu1WWaaKpnmRqjBkcpNzw2TeW+b21P7jVYDCiPP0PRKZKE+MsJ/KP/2zIDL3rAW92F9kBF1SPiFw7wB1CcEMqwwOG8H52gw8dM8FHQJP8XaEC9FEoVa1f9KKJjZ75c9DqKegTh30yXJp2r4JisHdsh2q6IoU94Dm+Niv6kHMV7d+1zTL2cXqXZsgCFb6Z2NOix9VFCyvJ7k9SJwpahUpE7fKsPzCqPxMpFuBTws3suloQv6BjbUp9ZiqyNobrp4FCWGYI3yxwjoa4161di3ZsUMOwo9ZSp24pAt+Nmbb3tmN6qIXllEs2RsZXmxW2jiZBqs5435KJ1Vc2bC5lRA6U8q7nJESc$MY5TAGioyOuHaVZSVTnl2g==
server: cloudflare
cf-ray: 881815562d11569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88181553d908569a/1715324752371/OpybxrCa1ggpUcE | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88181553d908569a/1715324752371/OpybxrCa1ggpUcE IP104.17.2.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 69 x 28, 8-bit/color RGB, non-interlaced Hash12c3c69752acca8e57ad40afe9995284 4a455f3a28234d424762ccbc42082ac75365ae53 fb4998d9fec91aecf09537ce12db40c1b1dfcc516ba96456d957db7448732256
GET /cdn-cgi/challenge-platform/h/g/i/88181553d908569a/1715324752371/OpybxrCa1ggpUcE HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/0m3fa/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:05:55 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8818156c8b69569a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/63601408:1715321461:VVbJA2hqQKsacZS91M3c3T4y04UbhFfEuFHChwzc35o/8818154f3e7956b5/106c7ab05ec03d3 | 172.67.183.72 | | 2.4 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/63601408:1715321461:VVbJA2hqQKsacZS91M3c3T4y04UbhFfEuFHChwzc35o/8818154f3e7956b5/106c7ab05ec03d3 IP172.67.183.72:0
File typeASCII text, with very long lines (3048), with no line terminators Hash6b864f395728ba19d89ac6022ed54894 9367c1aa1a862f78c96c958cc9c03591bdba664d 3429a1960b128abd0949472a34fe7d886e5ef0838c2159edb8746b80510240a2
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/63601408:1715321461:VVbJA2hqQKsacZS91M3c3T4y04UbhFfEuFHChwzc35o/8818154f3e7956b5/106c7ab05ec03d3 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1
Content-type: application/x-www-form-urlencoded
CF-Challenge: 106c7ab05ec03d3
Content-Length: 2516
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:06:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: 4U9f631jcVoHQdrz52Oquw==$LfnNJC9RY9Wx/keLfQnCrg==
cf-chl-out: fNsSHdJvJ8ap8893Dg+BS07Ycy4S1k2PGfnslwWrVW46rpYdcR/PX7URDot492hf3seDjodgnq5/5Rysmu69MZQfV+r3hMlwJu6eXBHbcWg=$//nDJl7zrlumX0LpijF/Wg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0kgdDRbZES2YpoyieGlAP6%2B3cHOFEbt0EJL9rB8tTawlhuc8%2FEDr9wj0Jm5TmGabO9gBNSPUvc9s8Yjjtxvk8QtVyvKm6k2foBzdE4oeM%2BDmYW8c2Zwde%2F8Ooc8ruiBPou7hlNeYCj8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881815961ada56ae-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/t1 | 172.67.183.72 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1holicisticscrarws.shop/t1 IP172.67.183.72:80
File typeHTML document, ASCII text, with very long lines (14154), with no line terminators Hash659ea20e2ad32703920d874d76da93cb 8a44bc9fbd11a24732af08d2a9478bac70059c64 bb17038b392146a95b5653eb9cdbe2e7a7c804969d3d18ae805714b81d5a4014
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /t1 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:06:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: WdXBYm1MuBwjOunrJfhnnCDFPllKF7Mx65k101ld0ja7zVk6NLgvF7DUiwpzQFIKQBFHx4GbKnLfiXdMcJAE20c7IiPL38sBYlRATWZGoFoTtF/e3Am7TA5Wh+jb/dzzU6UtM9+uod0wQ7Qp29Pa9g==$xNkrVZDbVrjAb3XHEhaL0w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TxykUd8yBdnwjXRQj5b%2BN7xJ47ToahyKvIb48IGlqT3j4nVrVWPeIyw1dYOMUw68Y9U%2B%2BEHlNjNZnxBjGKZq7Q8Tm37C704Oga3f%2FzgKxYdu6aBgJaodEtyLsKlvKmPanGnQoAA05kwI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881815a30dd956ae-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881815a30dd956ae | 172.67.183.72 | 200 OK | 112 kB |
URL GET HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881815a30dd956ae IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/t1
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111946 bytes) Hash93ed491f579af721c67a9d95d3e23f87 95872fcd1347b92e0dcde2ca47ef7e9b41f1b75e a0bc242e4cb0aa65a32fc22b83dbadf81638bab05d733ce913da3108e85150e5
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881815a30dd956ae HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1?__cf_chl_rt_tk=.zzNfPi258PT9S6VsflIVdQSjLI8SlXqQyYPGCvyeXw-1715324764-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:06:04 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KpVLH1MVD9H%2F0E0kG1OC%2BVDdTzxLGOW0z%2BCyGdnvENpi8fi7wM7Q7nmsZeEKsxk70Ge1Qnqt1uaBv025r6u8G%2FnkCpyLLcn2liYUFDXzolOI1yVINQlyjZlSH2PLj%2BFILXRDzl3lfL%2FT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881815a3a9cf712f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 172.67.183.72 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/t1
File typeHTML document, ASCII text, with very long lines (14194), with no line terminators Hasha462613438322eea151e8d172db3e4c0 49620aa7ccd87e67959630b3eaefbd613816f073 606931f308a5aa8130db205568953cfd2bdacbea92d6ee58eb9c346cd04c9575
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:06:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 15+qihEIhOJOUgjfs8lbNoPID4wyGg9RpvvUoJW988NIRRkzDmVm6YJLZU8RV2x9YrKKPkV8uJUygVOk7XdmzL8VRsdSkaHiqdf3gaXxNq9bmCB8ecMlBjH1WTp9oEP3zoJG4OLDlPQ4aCuoF4X6NQ==$uRRhdMyv27V6AYMleo4nHA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=klIn3Th5qWcA%2Fh5XcFjWG11aEWgmYRGrKpxbgperLULnJKXptJralb2Lwhy7eYdzJZqOBKdV4Y0PpiWRwoyVY8x30L1NohpyZQlE%2BRX5X8IPjAq7i5zJNH2MChh8SoJBgaS%2F1VdzvO0X"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881815a48e54b52d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/881815a30dd956ae/d542fad4dda3eb2 | 172.67.183.72 | 200 OK | 12 kB |
URL POST HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/881815a30dd956ae/d542fad4dda3eb2 IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/t1
File typeASCII text, with very long lines (16428), with no line terminators Hashd65fcef13fd29de025f93617a4d06dd2 9a9ef697a355b957e4ae3db5e251f86f62cb96c4 f87d41c90b1d8bd31cbc0a17f950887230b95d2beb4abbf0aefc09399d2e2bec
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/881815a30dd956ae/d542fad4dda3eb2 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1
Content-type: application/x-www-form-urlencoded
CF-Challenge: d542fad4dda3eb2
Content-Length: 1855
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:06:05 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: fF5M+DjxFHEZsMlsdWXX7LJAWM3I+D37YtcrWN6PjlncylXq3MJ5V2OTeVuUaWxO$jXoe6vRZiQSsXV5JpMS7iA==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gd8KbOM%2BNcAM5%2BpuEZWd%2FCoOC4cYQyjhLBe6OGF3GA7vxjW6QFgnkzVqeu2J3TwgOnTes9NYaa9aoT6jPQYJKngYeLvD7nGhPYsJ6ipguxTIflLqJbFcKe3TTzRHCcHrjjYSmwqgahXm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881815a52e9cb4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:06:05 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 881815a73f82569a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/380220379:1715321540:qbae8JGXxRnwQwO9d6aVOakOK2MYHOMHIKxWO_Bg_j0/881815a69e77569a/af505ac1e95d092 | 104.17.2.184 | | 86 kB |
URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/380220379:1715321540:qbae8JGXxRnwQwO9d6aVOakOK2MYHOMHIKxWO_Bg_j0/881815a69e77569a/af505ac1e95d092 IP104.17.2.184:0
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash4cfa56ce3c2e80e6659395b640171797 7b4a8c14bab89ac14e026f8165b32d5b3385479f 20af90f6157fe770c978ecb27621d19d5365a9be32fc7e565dd802e6564b3cd7
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/380220379:1715321540:qbae8JGXxRnwQwO9d6aVOakOK2MYHOMHIKxWO_Bg_j0/881815a69e77569a/af505ac1e95d092 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: af505ac1e95d092
Content-Length: 3556
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:06:05 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: WItQp86Y3Ff+wEHBLensN35wluOjC3ATpP3VoLkppEyg+o7W+jcIKaSaojqB899nMrc5ZqRizUQXQ2+tCqasl/k+LfdztuvguvYLZP8Zc5H2Mn98g0AassL+87Pc2FWgyYmHnAFvNf0XpA1FIs7d0Bg/GZV1dicpYFjWQFI35Fjk760maljeO24XSkG63NFiLvw+i1QCS3aszCKwUfEFmT+e+wjBIrWONzB0azsVWLOD4pXb23ZE/CAHQcCfi5qCJjIOAORdinSZO96CrzYR3O1JCIoEgcgBrRXfc6aQiGJb0Z+Mis/pWXRIXBjzwlvDzIc5dQvr4pv51BAfBTIEHYMX4N4O1GQjIZqQ0p9f++sNMaawhaZVw1WReB7xJVhhr5oACGmYnr/U1CsRhXsazEpQNddOKTFyXHErToe8Lj5rfhebQpAlspObgnrJOKuO$0eIl1qUwvoipsgC4QQlTKg==
server: cloudflare
cf-ray: 881815a8eb43569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/881815a30dd956ae/d542fad4dda3eb2 | 172.67.183.72 | 200 OK | 3.0 kB |
URL POST HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/881815a30dd956ae/d542fad4dda3eb2 IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/t1
File typeASCII text, with very long lines (3980), with no line terminators Hash015c0bf8cde4b1766b67741a3ba2e902 28aa999bcd40d11a84dee01bc992321c21fc1a54 e0e736717a2671ae226054964d04bd2b10d54c447577d9bf165e20854d9860c1
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/881815a30dd956ae/d542fad4dda3eb2 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/t1
Content-type: application/x-www-form-urlencoded
CF-Challenge: d542fad4dda3eb2
Content-Length: 3332
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:06:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: vZTw4OpZGWVtTJQMpxzzb0N+PgNfJ7MP+CLc23Qvq5ufCxUK5OHqd1ojBxenSGF3asSWAiuHdIjk/B3Aft0NYTAG4mGZGyhmthceBtuHiZplPxP0LAUQb223ZIaAYbJH$ezQTiZhYSdVAtgxPm0Ib4A==
cf-chl-out-s: Hkk236ON15TIs2ZTPfOFKg==$ikC607LIL98P3hzYETkzFA==
set-cookie: cf_chl_rc_i=;Expires=Thu, 09 May 2024 07:06:14 GMT;SameSite=Strict
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uf%2FdScMb8iJgB5WTVcQ7FFboei7zIIKIPP%2BjiQDumY3ga4UNNVHHdsMhyqL8w9NitjV%2FfxBK6BS5oWBISx3aN%2B28NXH7zrEBczAtdM7JmX2sqKkRg0DtTowECHnZ3of6LVNVaecFYYV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881815dd1e86b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/380220379:1715321540:qbae8JGXxRnwQwO9d6aVOakOK2MYHOMHIKxWO_Bg_j0/881815a69e77569a/af505ac1e95d092 | 104.17.2.184 | | 2.8 kB |
URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/380220379:1715321540:qbae8JGXxRnwQwO9d6aVOakOK2MYHOMHIKxWO_Bg_j0/881815a69e77569a/af505ac1e95d092 IP104.17.2.184:0
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (3600), with no line terminators Hash1e63451f75717f98c5bbc57553edd174 c8a243cba6c0c898d127f912054d9031d57fd954 726eb65bd799cd0443bdabd7a1b651778314a13446c171d7a50c7dd0a9f6e983
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/380220379:1715321540:qbae8JGXxRnwQwO9d6aVOakOK2MYHOMHIKxWO_Bg_j0/881815a69e77569a/af505ac1e95d092 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: af505ac1e95d092
Content-Length: 37383
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:06:13 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: nALjE66spCUB8Nwb38CVew==$/VjT2fmjsnCH2ubn6aVCtQ==
cf-chl-out: 9w8fmEX0RrGkgVl0MYJzKe3JMx9C/pZHxEWK85pOjKBbXVdbpcj0z3qP6ikxByt+fN9puGDigjJfJhboHsqOWJEWQcxaP4xqWtj6p9kcFeo06CKjtFfPsJFgQdT2eZrb$x/NyznP6R0JmRfX++lL40g==
server: cloudflare
cf-ray: 881815dc78af569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/favicon.ico | 172.67.183.72 | 403 Forbidden | 125 B |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/t1
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/t1
Cookie: cf_clearance=CtyllTEZc.pDVsQfWG8SqbrCPybjwpT2Q1lJjm9tbMA-1715324764-1.0.1.1-t.4FtXtuW.NPo32.Bxk.lung4i8B1KU0wz1nD8W9GRvvurHSc2OSRb6r8dpYoVuB..cDQPqk.gH18iQor9zYkw
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 07:06:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JA9zdeBz8dkgpND42%2Fp%2FZwbP2EnT8%2BidYJnYl9uNPLAfzCVpoPnyNZPm9PnpoWlkuH8Ai8ZxbFaJzqe0KXyOAZWk%2BrWyNt1muvNm7wlHt9xJELo2ZLAfEIZSfBul1152RBt6ZT%2BjBEFH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881815df3a28b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | 200 OK | 79 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:443
Requested byhttp://holicisticscrarws.shop/t1 CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (42150) Hash9c3513907d9717266a0c8f5db9a599ad fa76416301ed6711477d184484156f65725b1972 113e2988551b820ec8b56200386ce144439a659f9d453d06d183211ad7f3b310
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 07:06:05 GMT
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
server: cloudflare
cf-ray: 881815a69e77569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881815a69e77569a/1715324765619/1daWwzbob3vNzSH | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881815a69e77569a/1715324765619/1daWwzbob3vNzSH IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 22 x 53, 8-bit/color RGB, non-interlaced Hash03d52e0e5bb0d257fe055b460890dd9a 61417775785c51a6254199cc0850b7e0cc9757c3 066a6aa41c28c6755918d274f0af8fa9f73166aaab22742f516d62bbb2f15f30
GET /cdn-cgi/challenge-platform/h/g/i/881815a69e77569a/1715324765619/1daWwzbob3vNzSH HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 07:06:08 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881815bdceb2569a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881815a69e77569a | 104.17.2.184 | 200 OK | 441 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881815a69e77569a IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size441 kB (440681 bytes) Hash0fe22d838a1cda49727146826874a717 4d2f7487db1479e3e0a9cb0f59c06b5e2649e2b2 c232dd001d00e04d9faafad28d8bf30a20f82b8198fcc169aac4a6cb6c168f34
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881815a69e77569a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5aqml/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 07:06:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 881815a73f85569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|