| trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house |  104.21.28.26 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house IP104.21.28.26:80
File typeHTML document, ASCII text, with very long lines (14501), with no line terminators Hashd697304caa2ce395b0c2cde84f2fc0fa 21ea63360e3bd9c0b4ac856aabca86cdfd5967d5 2e27091247255bde72a6227df546285f93bd59d078b6d014219b7e67a346095f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /123?utm_term=kingdom+hearts+yellow+trinity+mystical+house HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 07:04:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 8g85gwxchW13YWJHYcFbv9E4PNleZK6uMiUgvXdSN1G+RTNyq2wRddxSAj3ejnGyP3XSbxOVEdlmSN8ckt3SvnOwbXZVbIHnZmfHt2/U1KU=$FEuVVzT2j2lESXrQxR72/A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2FneXeA2OXOvGOOyoBSp8d%2BlIXPwYv5oJt630rH9vFEshsiOl7P52TaR2vRRQe3Y%2BA2%2FA3WEyBTAfn52LvZNlRv0AzarpZk2I%2FKptGE%2Bn3n4AohZn%2Bn6CjkS6oQO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e6a2d4abaa0b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e6a2d4abaa0b65 |  172.67.170.51 | | 114 kB |
URL trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e6a2d4abaa0b65 IP172.67.170.51:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size114 kB (113807 bytes) Hashd9a6d2ebfc22c165d38afcc95388bd74 c389515fd46eaf98f0e40670e8b0022388910b32 c66ff27a249ca8c187adb389a867529af858d2605116309ae7c37a160a452856
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e6a2d4abaa0b65 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house&__cf_chl_rt_tk=_cG9kjTqgCgMuiCYHyMg.GjBF5nV2kPFyqTchjty9Vs-1714806259-0.0.1.1-1322
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 07:04:20 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2Flp%2BeJD3WM%2F%2FNJzSK2BPNQJRHC%2Fc8R0Nbaf26c%2FE%2BDKAtMTXX1QjTEHNcbwnQnwIhl0TrQwx0eFouFa0LOGxt2d2CWCCIaGMz7ockOKssInIjp%2Blm85auCppiPF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e6a2d678edb4f9-OSL
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.8 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
File typeHTML document, ASCII text, with very long lines (14303), with no line terminators Hashade45007ee120932871d45995685339a 785271d35eef8b92b3373618ecfdb2aed9487d30 dda93d8d7540c47cac52802502d0ac8bb639b8c5a0647f725c64123b90169b2d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house&__cf_chl_rt_tk=_cG9kjTqgCgMuiCYHyMg.GjBF5nV2kPFyqTchjty9Vs-1714806259-0.0.1.1-1322
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 07:04:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: J8G42w6MuS7Kl8LcSUZI4YVBuuImz7F6a0JSPa08QVOF9uVRNYSNc0NzUi97mq3GPLVxwviyNeQ6cfMTddpSJ9H74BDtGg6CKsc4o/YSu2E=$CLFxPeZxLQmEh5p1YFvORg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bJ3x2NOJpvxsG37IjlekzvZbPe%2F5F%2FOacQNPJV6vgOW5QAan4KZqDnxCw4eMaXPfVBAd6J91WNQ0y%2FNH9GZFs7ofDBHvEneemE7QOH2ByOoULRz7uE%2BnIyh4OC0B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e6a2d7296eb4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.7 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
File typeHTML document, ASCII text, with very long lines (14218), with no line terminators Hash9d17715e19fcda0c3ea44e9a8fab2ef0 9293a50987fd4dd4908e5ad0cc2d372c52a550d0 37d8cd39b58812b1a534d146a8cf2e56b7d5b1f7826216d32a7ab947d37871b2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 07:04:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: YC8aKpizAfDiI6Y0JYOc46MYOmKVKCacujKMj4ft104AdwcS0JLvxHb6HNrQZ5Lrp8MzktgP/3ok82ZuGgUElkRUaiyZls+Z3xJ9BtTOM34=$RqHs/VJC47cq4onfH1ku/w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ygl%2BErMYLaSNoi2pND8v4WFCOSRSxDn8nMHOKhboV469FwLs5LcMQcHpCje0jt%2B8s%2FBPfa1mf7q9aN2g9TrU7Fo0wAFhRA9KVT7W6KTgXrw9v5WXhbHGwjuFAIuf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e6a2d7dada0b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1395567874:1714804210:y50UOaC3znSialQ3Hq5FhdiIN3RRRmjH-igWtpmrTqI/87e6a2d4abaa0b65/cfa4917bbcf18e0 | 172.67.170.51 | | 12 kB |
URL trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1395567874:1714804210:y50UOaC3znSialQ3Hq5FhdiIN3RRRmjH-igWtpmrTqI/87e6a2d4abaa0b65/cfa4917bbcf18e0 IP172.67.170.51:0
File typeASCII text, with very long lines (16256), with no line terminators Hashace705e61f6845531192118d93f07bda 48058173eaa6c1de78ad39f20a6252abfbdce0f8 860cec974cd11020dbeb43ac32b597a3b6eed4115e6a5d4957668238ccb2632b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1395567874:1714804210:y50UOaC3znSialQ3Hq5FhdiIN3RRRmjH-igWtpmrTqI/87e6a2d4abaa0b65/cfa4917bbcf18e0 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
Content-type: application/x-www-form-urlencoded
CF-Challenge: cfa4917bbcf18e0
Content-Length: 1808
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 07:04:20 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: kdJKVrB6QTUv8TSDlD0beikRy7kDtmWenx7nUiweIdxG3PObnzSMWGKngEYaufLM$SuL1AiBdGlhyPECY2IpHVw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WSCtz7ipZSDA7K7VifZpY0ZSQqiRrsTMuVq7FXWmBK9oyVMepUaiwKyzJDTb798bMWeW7LMb3IwkVzeoYiHtQYDjtt%2FNdJhraBCufNneQtgJaNYjq792Q3VAKD7P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e6a2d8aeb5b4f1-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/iyz93/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:04:20 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87e6a2da4878b4f4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/568645552:1714804380:DXyLDO9UxkkRlJuEwRuryJU2RdCQidOPyZcNg4iyMhA/87e6a2d9bff2b4f4/b863c3e1b5a4296 | 104.17.3.184 | | 100 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/568645552:1714804380:DXyLDO9UxkkRlJuEwRuryJU2RdCQidOPyZcNg4iyMhA/87e6a2d9bff2b4f4/b863c3e1b5a4296 IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Hash6c67a91afdafae8c52adbd6279491527 b0ec11b9d8d5f6b801bba28fb6cd6a42909c7e1c 40ed6e1d492b044d4f2c9db42b1e88dd53abe2d51367ac26adb9856a6bda5506
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/568645552:1714804380:DXyLDO9UxkkRlJuEwRuryJU2RdCQidOPyZcNg4iyMhA/87e6a2d9bff2b4f4/b863c3e1b5a4296 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/iyz93/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: b863c3e1b5a4296
Content-Length: 3449
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:04:21 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: y6KojbyTbkQ1tR/wf30rNPwJMb5hMhSyfIrTdzYOVkxu3vNJ72rJXPiMWA4I1ign1LpRr8mH1wHatGvLGFkQvp4HRfAXUhYQYKf2Nf+k8yniM+170Wy6iY5n0EFhI1/ltUEl3296wv84ewGlGv9aocEFw8llXVYIOcBM+ARXghkPgOLBktoLeBvtR+11NjeN4j7ewl1qWcLPsSNjHq/d7BX1JCW1yAU0Dti1f0awQcbmIrPOdwddjVTyAGlTRfK1J9tiWQJahRZr0eNUfOiqo8XvzO9l6APa/tFQxYDZ5Uc5R+Y8XfHcxwpPxrIjAiawW0qfVCxSg+zMWofilp36Lg18f5HGTbpyr4dKX37zIeghy5+S6jLIEPMUkyxFg6e9ua+TnmIESZc9NDRrMl7RM8+hRVp9HGMUIhqfDO5QDmI=$grlyfWZjH1cq2ej+2nLl3w==
vary: accept-encoding
server: cloudflare
cf-ray: 87e6a2dc4b20b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1395567874:1714804210:y50UOaC3znSialQ3Hq5FhdiIN3RRRmjH-igWtpmrTqI/87e6a2d4abaa0b65/cfa4917bbcf18e0 | 172.67.170.51 | | 1.8 kB |
URL trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/1395567874:1714804210:y50UOaC3znSialQ3Hq5FhdiIN3RRRmjH-igWtpmrTqI/87e6a2d4abaa0b65/cfa4917bbcf18e0 IP172.67.170.51:0
File typeASCII text, with very long lines (2328), with no line terminators Hash478fd5daf27c276b3f250df0530f0629 8ec0f6396a86136c2c0ada20dd43f93e21965406 964138990faad09d30aeeef5075c9bcea9dd9ff833e6670656131583717312e3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1395567874:1714804210:y50UOaC3znSialQ3Hq5FhdiIN3RRRmjH-igWtpmrTqI/87e6a2d4abaa0b65/cfa4917bbcf18e0 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
Content-type: application/x-www-form-urlencoded
CF-Challenge: cfa4917bbcf18e0
Content-Length: 2468
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 07:04:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: cjpX48tdG3JzwzSohKkGAw==$2GYL9b/laQLjj3gd8Jcn4Q==
cf-chl-out: h47GSSoJKXvzTgcijMLXeK2KSDTLgljwY0z44VfM46fC6BAbar8h8rUJ4dmGeUuv5sSEOnhDYsdDukBByEKkkc0uBOSs0OPEksZZVzCXWbc=$dkV0ce51xsjMFknKWI53eA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=icWLSvrXelPWd6j0vPZmsn2xiMX8yUsAafJx0UmOMNRSg7L8rvDnr7dfkKgHGzcxCb9FxrOeMKwnYMFdFz4RA5zb7Rxvu7ClTyFiWC4rVZf4IEpCw7Y6BrDjiwNe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e6a3182c1fb4f1-OSL
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house | 172.67.170.51 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house IP172.67.170.51:80
File typeHTML document, ASCII text, with very long lines (14523), with no line terminators Hash92c346ecbc42980789dc74c4d89a8076 341b77af99ebad1a60dc8b27d27cb2bd824d31e7 cf2b37032f7db40a531e7efd76b0ddce4e1945f5b4bbe2ad57c257a5707fabb3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /123?utm_term=kingdom+hearts+yellow+trinity+mystical+house HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 07:04:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: tx4HKbCqOpWve287N38XyTPuIhIhpeImYdekjM1EfZOYbB+I8WQ5i9WZcY76+f8g71QTrib4xR3MqqZaOrg3L1IMDKrCyHx4hHjEN5ObK/o=$V3l3xrLfPgyec1Gy6TXfBA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tf1%2FRq6Om4qBdcaSrjox96l7%2FORZHc%2Fv8fQJYdUqTjSDk%2FpFF%2Fid5VX0fHLHWFBd2hvtGsL%2FRtoWyA5Ve6AMuVZ7k7XWXP4dXEAadFOhsGWIM4mgR7JypFg21Miu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e6a3252fc4b4f1-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e6a3252fc4b4f1 | 172.67.170.51 | 200 OK | 113 kB |
URL GET HTTP/1.1trafffe.ru/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e6a3252fc4b4f1 IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (113301 bytes) Hashe32201017570e9be7be3f73615477f3d 63c1269fd435c26928579603ed53dfbd413b7c71 3003dc8ccbf13c550d572ea7b9d226ed899fe8a57aed8f372aa0aa68874cce09
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87e6a3252fc4b4f1 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house&__cf_chl_rt_tk=Xs34riLyumV9nVUM0bw4aVglAzjZDXN1wyXLB6Jj7bc-1714806272-0.0.1.1-1322
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 07:04:32 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpIRWfeOY6ASvOWONALueF77daS60zpQekkw%2BNu%2Bk4ndFiedX%2Bc2m4emMwANveWs0R52TAax69gi62AEpipSKQXdJv2KQrbyoN1qGkZaNBwmysfgaz6s7twi5nzB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e6a32589ceb51e-OSL
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.8 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
File typeHTML document, ASCII text, with very long lines (14325), with no line terminators Hashfaca31acee27ef8962becd11cef16ac6 5d1d2ecee16229d616b8ffb0e9e81a5c0ac9492d d2c8733f0605ca2c84ac23d364693af8a6f4f68ad6dd87403a0559b6ba39feed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house&__cf_chl_rt_tk=Xs34riLyumV9nVUM0bw4aVglAzjZDXN1wyXLB6Jj7bc-1714806272-0.0.1.1-1322
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 07:04:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: dm5qKM2G723qyDWdCbQpIuvXF1UYXtyTsm6isXfzDaG5CpXE190f0LRNzY7w/zm+1PgXew2h2H+6blrljgAZ/W2h34atUSGR/rLF4jRJaGc=$mEkWFb+gLphHXNk5/P5y3Q==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XCxUkEh3tvMC0y%2BXB2TrSn7LIKKdUOBKiBvK%2FApjVxkRTbfC5%2BgzfZ7hV5INYNNKc9OGmA2YWM6kxQDdJx%2FklRZd5mluVXqtaf%2BI3q2IO5JEtRliJYPJTYeUY%2BFU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e6a325ea19b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/favicon.ico | 172.67.170.51 | 403 Forbidden | 5.7 kB |
IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
File typeHTML document, ASCII text, with very long lines (14239), with no line terminators Hash0fe5362cf4599e80a13bbfdd6e639781 71e2d55a9190cc4c92beab8c04127093d362cfe8 8e8396b66f8fd343bb68733f8d2bcc0465c8634986ff99f76ea7e5dac5bf2eee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 04 May 2024 07:04:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: gBSSCY2wbQkAPEqRcnzEzHzyD1qqbvL5rqqA1dpSp3Sh01O5ZrCHhCpbBda2cioQyvTaKsnyBqpp2Zw7euYVbpysCVFI0IiwvKMINZBph7g=$N7rpweax1NKyCSXFnexPQg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M0Lhu3cf2NeHz2YkJqjnEkYrtkXNUCxFXtb2568FX%2BszdMlQxNb%2BzAGPV6DFlEdPKuAjx2JqEvPy3UPb42HrCHAj2nykBhj512s6%2FrxAzPJDMGdwWigDHC4iNnOH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e6a3268bed5699-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/667046282:1714804235:ALuCVCBMF1QBdo-4IkcA2wyNQLkdV3Qy0hwyy-4XKYc/87e6a3252fc4b4f1/cb1c3c087f452e1 | 172.67.170.51 | 200 OK | 12 kB |
URL POST HTTP/1.1trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/667046282:1714804235:ALuCVCBMF1QBdo-4IkcA2wyNQLkdV3Qy0hwyy-4XKYc/87e6a3252fc4b4f1/cb1c3c087f452e1 IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
File typeASCII text, with very long lines (16256), with no line terminators Hashef990969b7ebe3633674b74ff0eac2bc ee71ca591d6fa7a8b97bfe5bc8cf4c80b0ce579d fc499eef1e834f375c3cd8e6f38208474f2bfee49860a250eef1daabe8c5cad2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/667046282:1714804235:ALuCVCBMF1QBdo-4IkcA2wyNQLkdV3Qy0hwyy-4XKYc/87e6a3252fc4b4f1/cb1c3c087f452e1 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
Content-type: application/x-www-form-urlencoded
CF-Challenge: cb1c3c087f452e1
Content-Length: 1811
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 07:04:33 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 1ZaMQYdfbJfofOk5rZQAb62aEJWy/Jep6Uxq/nCVFdF+UmUR2IG/4G1QrD65uwEw$fiUFV6bkMmzyoRijtwKqug==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=45WLZ4PAy9CwRf%2BaT5ZwA4vPlBxKtytGCZ7QQ3O0awJU7xJmfz9rehkPgoOQjpZra7SRUoczHSLaFzIWS7EMyDZq%2BRuwWHrb%2FawENmkl4inud0FZ3K0q964zJ%2BH3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e6a3271a2f56c6-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/n66bx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/n66bx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash04de827967ccca752917a9f1622e67e2 c6b38ed6ebf67a19bf93e47af76401abdf621518 f8452294fa158b0d62d6589eb761302615df6ee225151419b56837555601ca03
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/n66bx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:04:33 GMT
content-type: text/html; charset=UTF-8
document-policy: js-profiling
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-embedder-policy: require-corp
origin-agent-cluster: ?1
referrer-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
vary: accept-encoding
server: cloudflare
cf-ray: 87e6a3282a1bb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87e6a3282a1bb4f4/1714806273763/_lYi4f6hsx7rcRI | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87e6a3282a1bb4f4/1714806273763/_lYi4f6hsx7rcRI IP104.17.3.184:0
File typePNG image data, 61 x 16, 8-bit/color RGB, non-interlaced Hash4e751ca2ad5de2514c9fe392586cdb44 9a505bddbffc7aebd338d0ca3730a57f9e643410 ff23f363d853adb373a753d1935238ebd6c0120d5e776b2be417a2b9c3f35479
GET /cdn-cgi/challenge-platform/h/g/i/87e6a3282a1bb4f4/1714806273763/_lYi4f6hsx7rcRI HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/n66bx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 07:04:35 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87e6a336cf6eb4f4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/667046282:1714804235:ALuCVCBMF1QBdo-4IkcA2wyNQLkdV3Qy0hwyy-4XKYc/87e6a3252fc4b4f1/cb1c3c087f452e1 | 172.67.170.51 | 200 OK | 1.8 kB |
URL POST HTTP/1.1trafffe.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/667046282:1714804235:ALuCVCBMF1QBdo-4IkcA2wyNQLkdV3Qy0hwyy-4XKYc/87e6a3252fc4b4f1/cb1c3c087f452e1 IP172.67.170.51:80
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
File typeASCII text, with very long lines (2328), with no line terminators Hash79669b5d764c5cc7302903f12665e726 f66cb60fb6272d8a42009522fb37f03c0d955a4f c8c09c644f29deef51174052f59de5eab38e91e5d552a9defccbf4284f428a52
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/667046282:1714804235:ALuCVCBMF1QBdo-4IkcA2wyNQLkdV3Qy0hwyy-4XKYc/87e6a3252fc4b4f1/cb1c3c087f452e1 HTTP/1.1
Host: trafffe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house
Content-type: application/x-www-form-urlencoded
CF-Challenge: cb1c3c087f452e1
Content-Length: 2466
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 May 2024 07:04:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: 3XOr22v62iUXqfH/gomnQQ==$zU9rXjYqehMWRjl7GxBRfw==
cf-chl-out: VraF8JQiBWIHVcmBBpLI+Sb8U59iyEEW+O0cZb+bvIJeVGhjMGjkL21pWxppk9dibK+4H8cfZNsvukkl39mJCWvSUojbEtu26H0QSgCodx0=$ycGHefJMOYUEuEQZBU72VA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDPRj4ntJmnKw517yGkrIbczbTQlvBQdqw%2BUujrju6mwMX%2B3CpMbtHPB2RygD1Qa8fKGN1q76MTMHVT7UY1V7b9JkP8gKHK%2BS0mxD33DphwAbRg0PtCYqyYsbSKl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e6a35b087c56c6-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit | 104.17.3.184 | 200 OK | 43 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit IP104.17.3.184:443
Requested byhttp://trafffe.ru/123?utm_term=kingdom+hearts+yellow+trinity+mystical+house CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42565) Hash65b0a652c40c95d12c4ddb3b4567c1ea c654efa19d01d6553ed4e0f500d350011e023ad1 c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7
GET /turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://trafffe.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 07:04:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e6a32688a2b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|