| trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll |  104.21.28.26 | 403 Forbidden | 5.7 kB |
URL User Request GET HTTP/1.1trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll IP104.21.28.26:80
File typeHTML document, ASCII text, with very long lines (14154), with no line terminators Hashbdc1eeb76737c9f0341348f897da7179 e06795d3ad0f93e7219720539c4f37f2f74ab83a a17ba257635d2f48aa161997567d924079d6d2b07e5f481618ea276dc1f8354b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /123?utm_term=urag+gro-shub+elder+scroll HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 06:50:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: HJ+us6fjwYEQGmcEn2pWyOcjgxA8Td8vpe4bP8gx+DoYjgXjza+3vTz+QJuFQ34ZFwNFTW8njIb6Xs6EBstkO4bjLtKVz2SmoawipPS0SpM=$wxG9ZY2zODvaAUpSxBc6lg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBVXLhah7%2FpDnh3dT9JwAQAg4%2BcO0H%2FTDn7wsiRf8pkFvcfLHBoaxLWrKps5YNoxZ3Ec%2BJfaOCV3TXBqgpYmH39g6jrNRClMtPYnJf84FSe0omRH949PuxdsT4gI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817ff427f8a0b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8817ff427f8a0b3d |  172.67.170.51 | | 112 kB |
URL trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8817ff427f8a0b3d IP172.67.170.51:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (112104 bytes) Hash440d1e2a143fa82ff1b087288b145d86 478e7da6239907833ce948831ac32c3f0291c44f 6f9f902645c6a49673313b2130a38bc5031a86eeab441ab01ea9ae2dcbfd56a2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8817ff427f8a0b3d HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll&__cf_chl_rt_tk=Ajpp4Ma4Tx_4LEcaoJc3HPq.x7Y7.jfuMKG_pQdbFoA-1715323848-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 06:50:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wB8Db1Up8icXXVVQcrg29Pt2kkwmlQEAlJdzMzAv498juudhQRn80i%2FHxYf7nzwMa012gANg36Wowdc9O3gyrAsT6bccWsAX8kPCU%2FPKnxBzyZjQ57R%2B0duoivxD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817ff4449dbb51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.7 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
File typeHTML document, ASCII text, with very long lines (14056), with no line terminators Hash40d4b16d0617da07a9e29919c61c5267 4848659f1699bd051158a6f344c6221b0893a673 7244e98b33ca814430f4fce53ee2f94eaee6cbbc3f751ba10cd1f108761890d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll&__cf_chl_rt_tk=Ajpp4Ma4Tx_4LEcaoJc3HPq.x7Y7.jfuMKG_pQdbFoA-1715323848-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 06:50:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: pTtMbDNm/gSRVyIcOhdKsCZrmfhXjpy5P0VUYlWEmf6HxSrBZWA9dQZ0aGTBG8WYJkBic3VgU7emNEwddpNg3NgFEXT9bDk57HHdk0qTybg=$FXq2vwG2pdjQSw+AJ3vaQg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n9XrKfBMMEfYy9mTCN%2Fe3Jn9DEwrR%2BWc5Gn9F%2FmPsQa%2FaH1ruqHMugv7akxRF%2Foa5H%2FcAVuM3co4019dqBowrGmx0ubrxKf%2B%2FOZa2s9Kmj4Ruvrv0V0VsouH8Zcs"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817ff44ba7db51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.6 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
File typeHTML document, ASCII text, with very long lines (13971), with no line terminators Hash3fc832ff271ed1d35826d54ce317c5af 255e58d10c444783f505fd94f52f3f297a7f9f69 2a400c1c4534e50a594157ff258125ae0d5c4802af9aa1e91ffd3dd68fd65401
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 06:50:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: hDaIJX7D05+rN48kga7UtPOfaFcfhaPLwlHmTOvL332++z5+9/GTph6tvQNn9NaYFoQUmDEK8GEGHi/6QR7fDqClzFZLWi9CJiOQFU24nh4=$9ojdfKX3ozPoBKsupj2t0w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTfp0sNYQuTcYzysr%2BLs%2BcAvtSfWOCik4%2FLb6kwMMBsSgbVx%2BmqP5LuBL0Q3Fr%2Ff6r8LS2p51J2ytt94KB3lYj%2FzithD9OZCgTclINF0MLcpipzXrlYfbEk%2F8abA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817ff45083fb511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1829481695:1715321538:9ksXDnHdrm_605dxF7caCYsRIQfUdam1-uDwwhqUmkw/8817ff427f8a0b3d/b95324ec97db0cf | 172.67.170.51 | | 12 kB |
URL trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1829481695:1715321538:9ksXDnHdrm_605dxF7caCYsRIQfUdam1-uDwwhqUmkw/8817ff427f8a0b3d/b95324ec97db0cf IP172.67.170.51:0
File typeASCII text, with very long lines (16300), with no line terminators Hash0b8fc67a0f3b316ba28db56ef2fc3396 8ecb16b63245ea10aa49cb50a34740b318de7ed6 a47d08715c343e787c51e99d34d671ee7c0930207699d1667e3623502d310a9a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1829481695:1715321538:9ksXDnHdrm_605dxF7caCYsRIQfUdam1-uDwwhqUmkw/8817ff427f8a0b3d/b95324ec97db0cf HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
Content-type: application/x-www-form-urlencoded
CF-Challenge: b95324ec97db0cf
Content-Length: 1745
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 06:50:48 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: lbWd+B1eqPhIcioW3kjQq1VkNE24iCE+SGNyy36JDwqfL2Z/SujgwCuzQXoQxz4X$c32nH8XenBm6Ul459HzrIQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8XUjIQJXmBAKcVaUWjkonJTqBrCjhe2PTnWj9jHaujr6HFVAgeydr7DHbP6MlgrpomUFDblDlVv6ciOEI8Yrj2AcBw8xOGyTJTcZzCHaDr7Q0%2FFFji0OKimEkNMS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817ff465e8d7130-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bb0ne/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 06:50:49 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8817ff484be7712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit | 104.17.3.184 | 200 OK | 15 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit IP104.17.3.184:443
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42616) Hash86183dd14ee10d1dee92b37b5069d716 9ec32d650ece484bbe624ca734a0a65e22d35dd6 ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4
GET /turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 06:50:48 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 8817ff454edc0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1569068988:1715321619:AfcVFVp1u3eFESZr4P1Z63XQi-JHr7XSsRAiAlbI6v8/8817ff47ab0d712b/17a76c3fcdc4cca | 104.17.3.184 | | 104 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1569068988:1715321619:AfcVFVp1u3eFESZr4P1Z63XQi-JHr7XSsRAiAlbI6v8/8817ff47ab0d712b/17a76c3fcdc4cca IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size104 kB (103870 bytes) Hashe527dbd06ecafe05d21076c16da8f480 6dde0fa4e6bba80b921661cb82a8ddd307470089 8cdb53713c688d5e7a7adf7759bc1415daa0ed735ca1d259eff0f69efec12355
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1569068988:1715321619:AfcVFVp1u3eFESZr4P1Z63XQi-JHr7XSsRAiAlbI6v8/8817ff47ab0d712b/17a76c3fcdc4cca HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bb0ne/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 17a76c3fcdc4cca
Content-Length: 3425
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 06:50:49 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: ahorrUgztxpYxC3t00IOpQo+g34RDepEucbjmFy8o39tki7xbMDqSJcQnaeJCCMj9zWU+rNXFxX9P5n34FAsjB1Bv+jj6urriLWYFRjIsfbvFOvOpzmaRocgp+OOD0YiJbRuJ4bAtxO3r9mGzs+gPQIlk0G0/uh8H3ZWMa+AlL3piPPIRf0K5dDXWa/OlPfr9zuoKTXIsBe6kBclnTMegOfzsu51fHcWqr/mhnNwgUn4Qnr1QVIRenFHjWgXxDc6j5UF8onUbS5wmxjudSWYknsIyIDTa+Gk8BRuhpDVD9Y7hQnhbEjn6fu10qTzBjtdZDeROkXzbMAuHzkeci7Yk24Dkoja66gxosXavlL8Yhfok0tNdV3gNEc/NgxepnGmC8Hg7k32JX/BnBJh5AePWj6zQT38qK8sB+UefhUrQ3M9Jj20/yKkOYaU2dqUdWsSsCZ/oVcZ7sUbGAifCdFBYQ==$Bn7EkXvXYrlLXACbTkFRgg==
server: cloudflare
cf-ray: 8817ff4a1e43712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8817ff47ab0d712b/1715323849323/PrE-Hn-dD89VV1P | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8817ff47ab0d712b/1715323849323/PrE-Hn-dD89VV1P IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 95 x 66, 8-bit/color RGB, non-interlaced Hashd78c63506ef103f22666523a469910f1 0381b6c20d8bc3de1b61bab073afad1eb0e9a9f3 bcd37cc4535ee5c888fcaa5b445dd151d7c489524a8e627bc9b2df8905ee0be9
GET /cdn-cgi/challenge-platform/h/g/i/8817ff47ab0d712b/1715323849323/PrE-Hn-dD89VV1P HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bb0ne/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 06:50:55 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8817ff711e87712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1829481695:1715321538:9ksXDnHdrm_605dxF7caCYsRIQfUdam1-uDwwhqUmkw/8817ff427f8a0b3d/b95324ec97db0cf | 172.67.170.51 | | 2.4 kB |
URL trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1829481695:1715321538:9ksXDnHdrm_605dxF7caCYsRIQfUdam1-uDwwhqUmkw/8817ff427f8a0b3d/b95324ec97db0cf IP172.67.170.51:0
File typeASCII text, with very long lines (3048), with no line terminators Hash15dcc566a67f5cb777fb8e32f482502e f957ecf5d8d3e33afcbd2889364da8a9f234764d e78f6a037254815c3f62739426a931714c0e7d8accef677b6ae9173288622231
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1829481695:1715321538:9ksXDnHdrm_605dxF7caCYsRIQfUdam1-uDwwhqUmkw/8817ff427f8a0b3d/b95324ec97db0cf HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
Content-type: application/x-www-form-urlencoded
CF-Challenge: b95324ec97db0cf
Content-Length: 2416
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 06:50:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: DX/j26qqRf/xIYqj32QwSXqeCGMJurTSGxFBhExOreK/Y8B7Hcv+Z6X5f6vSXJ4wChKecKTcEN1mZpl+LuEE8lwxtWRdbmYMNpJxImS2lAU=$5K+h0ARLjGEuXlBAqRDhlg==
cf-chl-out-s: S3Wk7uSdPPFQZe4fojTKdg==$lZxg9oTQJC+gDNUg7dzC+A==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n7a8Hhy%2F55HNReCq%2F%2F18s8BW7N6VCTRcqy%2F9agslB1EGXnhUveGfytwyol%2Bf9Mf1fmtcfFNXAKWrmrd5cNQTfKTaCJrI%2B4B4FscI%2FujNRrl0GJDd1ZgXypghexeq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817ff889c117130-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1569068988:1715321619:AfcVFVp1u3eFESZr4P1Z63XQi-JHr7XSsRAiAlbI6v8/8817ff47ab0d712b/17a76c3fcdc4cca | 104.17.3.184 | | 22 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1569068988:1715321619:AfcVFVp1u3eFESZr4P1Z63XQi-JHr7XSsRAiAlbI6v8/8817ff47ab0d712b/17a76c3fcdc4cca IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22320), with no line terminators Hash14f0bc7f5a3ecf368717a4221c624ad9 368031c234daa9f49747be2b632b402674703d79 396614e34846c6b05013e35b426ee3e4cf8c87779aba96f45a620010f0e44966
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1569068988:1715321619:AfcVFVp1u3eFESZr4P1Z63XQi-JHr7XSsRAiAlbI6v8/8817ff47ab0d712b/17a76c3fcdc4cca HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bb0ne/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 17a76c3fcdc4cca
Content-Length: 28046
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 06:50:55 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: wcAkKdCitYnqhIgsfEQj+7EQN+ZjnK2IZ1b+91Zib2Smx4PUWee+LL8obAcp3p3M$64QzpPDZ8pjFop3afzhAbw==
server: cloudflare
cf-ray: 8817ff71ff87712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8817ff9589d07130 | 172.67.170.51 | 200 OK | 110 kB |
URL GET HTTP/1.1trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8817ff9589d07130 IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size110 kB (110305 bytes) Hashc97024f587f15140455f3d2dbd4a008a b38ad04186d9d36ac9bba373b6d9e165c6ee516a 704e13c1322931c525b8f403836cda6e21f0adb5b6843b9a1327c7d0ce9ce67d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8817ff9589d07130 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll&__cf_chl_rt_tk=4ZDSexdJjOZLMjY_UwaE5sqbsjVjVWmEZXuAFt5Ph_s-1715323861-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 06:51:01 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CyvbTr7df4H%2BymdnZSTrrUbhffzjVwi9fpZbb%2BAnSANrFAAu7UCYpAibZf6lEVkn4RKvRWmhO0KQ6s67fQ8Vbuc%2Br%2FhsgGtXkhkDfK2iv0KauHtWxWB0x49xO7xx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817ff95fa8356b9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.7 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
File typeHTML document, ASCII text, with very long lines (14076), with no line terminators Hashac23d1691e1a9e9cd1ace1e6110a6144 1ac710b6f9f3b0f7295103f3c81134aed9d54402 57fec9a6d5553b4635d17dc2489da6820e8ca467a86bf7bdeeaf398e2f4e9759
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll&__cf_chl_rt_tk=4ZDSexdJjOZLMjY_UwaE5sqbsjVjVWmEZXuAFt5Ph_s-1715323861-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 06:51:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 6LGFRPhSENhFjjgMuU+jAsGIrZMS6K70nkD3gaPvHN5cPagACKZ3awyB8OYxmG2PwH5n9YFYayPe/4+lkhhvsaNN3zIH5KhT31V9LZs+eXU=$r1FUl4bqJluqwrKgsuKrGg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qBU7yXZi%2BXpHLVNx8fB6a1Ry7Tmcuma3Qb%2FrxERgolW%2BwYYUzIeJDG84TE%2FdYd3vhxnpqhZXZarys5jDZJa54XHnx1Tb1%2BM6NgRAz%2F%2B67Nmv0NDTyfC6IAj%2Bj0zG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817ff966b1d56b9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.7 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
File typeHTML document, ASCII text, with very long lines (13992), with no line terminators Hasha1358413aae24b337feee2456998e61f d8c066e8fbf9db85d1169bb93c7e523acd01cb66 2b48876e593e8b6f21a1a3c9dfcdec8c0ce9b30f2929cf28f15dcd1ebe9cd5b9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 06:51:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 4Er6xx2476h2XVfbB0wICbgJYGwHdF4qC6rFh2JDQSMo/njic4UU1b922smp659ratNqs45mJRZgh8i4p3l4okqGL71d9nanXTZwyIwT9sU=$K5OHfrx7JPLbhC4JSu7W9w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHQtlK6mbqDzY%2Brj0JWcl9KovIBrfjqyolDSYuB3cD0zZ1acUnmXRKx1Cg6HJTMken41YDCEycd3Ov1jOXJbQWaJ86IBYdMzzXYOuO%2Bxy38tAly7gNUBjyXbAXbn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8817ff96df100b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/811371303:1715321583:ad6bPBmOokBkcODLBrllnXmQlGXNzHcnkJf679Hdsqo/8817ff9589d07130/362d9e30f173707 | 172.67.170.51 | 200 OK | 12 kB |
URL POST HTTP/1.1trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/811371303:1715321583:ad6bPBmOokBkcODLBrllnXmQlGXNzHcnkJf679Hdsqo/8817ff9589d07130/362d9e30f173707 IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
File typeASCII text, with very long lines (16300), with no line terminators Hasha6943553bc00658bdb049b39c232edfa daf82bbce6ac94bff1e83051f1d8c92d5ef69bc6 02ff5b64a520eb785dc179c8bd878902a5cd1d2f8f68a6e0181ec1b6b3972df3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/811371303:1715321583:ad6bPBmOokBkcODLBrllnXmQlGXNzHcnkJf679Hdsqo/8817ff9589d07130/362d9e30f173707 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll
Content-type: application/x-www-form-urlencoded
CF-Challenge: 362d9e30f173707
Content-Length: 1738
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 06:51:01 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: iRozRsk8sPZK4vtFZ9W7LzzlIG6plkyqiChvhPazd/5J0fMhmRaMfp4FoE0ogVNj$JyMlP6KdTmNFE/U3ts5plQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mi8z%2B8HzWxvuN2S1domm2y48jyElLUqURZYi6UiljTpYl9eo%2FI3Tmr8rwcIqttCAI%2BpiXneBlWQttv1cfSS73j8kX4eHBwkQLM6oy1x814hl88Z0V9FfgZ0PzAj9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8817ff97bf3256aa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 18 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://trafffe.ru/123?utm_term=urag+gro-shub+elder+scroll CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (42150) Hashcc44bfe1f36ce874f85959cf3ace2f94 9b5425db692dd968fc960768e17ce954c4963e16 10777c9a40c62b4c51095366d71cfa28203e66a8ef33b1281fb3786e098b0703
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 06:51:01 GMT
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8817ff98ed44712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8817ff98ed44712b/1715323862344/4h_TmxP1djUIefJ | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8817ff98ed44712b/1715323862344/4h_TmxP1djUIefJ IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 89 x 64, 8-bit/color RGB, non-interlaced Hash646bd02036ba2e80335193cc17320d0a 7f7d65a27494d5d0130ecf61497eb69d99eadd81 9177001fe488d7f90d655a4f37056ef886efd5e4c5d2c65ea0046145d2ac007f
GET /cdn-cgi/challenge-platform/h/g/i/8817ff98ed44712b/1715323862344/4h_TmxP1djUIefJ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 06:51:06 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8817ffb38817712b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1848467371:1715321417:pLrXcWYBi3RAyRjT4fob6NFOWqv1hRL5TkGG86p9Vo4/8817ff98ed44712b/39436a97d61db3d | 104.17.3.184 | 200 OK | 3.1 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1848467371:1715321417:pLrXcWYBi3RAyRjT4fob6NFOWqv1hRL5TkGG86p9Vo4/8817ff98ed44712b/39436a97d61db3d IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (960), with no line terminators Hash247922a9a159a3f2e8ac64e1321b4c8d dc0fcba7a4d071308c4f8941c01ef352504eca6b fb4219fd269886e6f8ba53266af552abcd99e3ad48617c39bfc004d6fadeacc4
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1848467371:1715321417:pLrXcWYBi3RAyRjT4fob6NFOWqv1hRL5TkGG86p9Vo4/8817ff98ed44712b/39436a97d61db3d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 39436a97d61db3d
Content-Length: 41063
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 06:51:11 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: +ZekqpW/2q1zo8+a85Et3N9s0NjbiF7yrzPW4wfK+kLhDGCbj/hx2lENTtAHfHNxtBoLpB+OZORFyasp5uaAh5VB+cjEPkU5spw63JepHpU=$8H+uw+s3DCjvXZiGa7DPag==
cf-chl-out-s: shmgDP+zpGN+ut0lzgS8+g==$8lYNATzWMMEzrHcAgrXQbw==
server: cloudflare
cf-ray: 8817ffd18e40712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817ff98ed44712b | 104.17.3.184 | 200 OK | 439 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817ff98ed44712b IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size439 kB (438815 bytes) Hashafaef898cf145d8ebbc37829df2246a5 1ad9adb72fe9621d00a1485d958b30dfe65ba001 e677896f6a3ee7f7139bcd5034d8dbdbfe44fadaf3d84b3587a306c1d636810d
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8817ff98ed44712b HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qrtjc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 06:51:02 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8817ff997e0d712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|