arenalvolcanoshuttle.com/download/Install_pass1234.zip
104.21.29.116403 Forbidden 3.5 kB URL User Request GET HTTP/1.1 arenalvolcanoshuttle.com/download/Install_pass1234.zip
IP 104.21.29.116:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Hash 9439f4f304e7ebf572adca1090657f55
2bc2bc1f25e7a42e88204b8e979ec774b0500ec8
af6d7c4b299b93dddc804975c1f8eeacdbe6e55e444eac07871ba0eb365ac2e2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /download/Install_pass1234.zip HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6f4FYM%2Ft2D%2FYcRYaZfIxD4nCGFcm5mir2ts9Qvwrj9ipHR0MF2glkpe28YCN%2B8bpSuPctFqJrxb3uXffdqLlAsYEJGp64yXBoV2wb44qg2OsW9fZUqd4XYx%2FH2vNE18opGQmSt0ShmKVzU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54dc6191eb509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css
104.21.29.116200 OK 2.6 kB URL GET HTTP/1.1 arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type ASCII text, with very long lines (6600), with no line terminators
Hash 9fa2f809c184b1f61b213cd4e503a226
5d7a209eb9da1e823ea6bdc9610005d7a224b35f
f47ef292aa20330e7c78dc476c33845afbc76cb0ba0901bc1f29492cfeb28437
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: W/"6447b972-19c8"
Server: cloudflare
CF-RAY: 7bf54dc6eadbb524-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:47 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54dc6191eb509
104.21.29.116 42 B URL arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54dc6191eb509
IP 104.21.29.116:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54dc6191eb509 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: "6447b972-2a"
Server: cloudflare
CF-RAY: 7bf54dc72b05b524-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:47 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54dc6191eb509
104.21.29.116 53 kB URL arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54dc6191eb509
IP 104.21.29.116:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 37f6cb6f944b4dc7e56c83779777d135
73b8bd8e99dd1b5466766d4aa6ca05d212e4087a
9c8ae74de3d9b92d827b66ad88d320746941fc7483d3a56bd6cec81b4e2afbc8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54dc6191eb509 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip?__cf_chl_rt_tk=okguEra_SPf5I6ne8egaQGilpGIAyaC0Ic3pVnsPcD0-1682747807-0-gaNycGzNBfs
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXc1Lwbd%2FwOYOLcbe62RGQNYmvewArDGCiW8E94qKZkdke%2FgM3hg0g6UKxoy9q4aUs8cQG4pWw6Oo8EGEu0G4ZLFLUDnSgcxbsocrjal23IgSyjGxh%2F9sctmaWpAbHHcZLVIDmHJEHWT1Ws%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dc73b14b524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/favicon.ico
104.21.29.116403 Forbidden 3.4 kB URL GET HTTP/1.1 arenalvolcanoshuttle.com/favicon.ico
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1540)
Hash da92cc19251b065579e1d5ec8b7e2e84
19e0737ac46500a340e062e57239db0fd3fd44d9
2f38229005937c942d14de8639973b2286ec545eabafcd05e80da5c946f9441f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW8O7klPxCBVxgO7Ft%2Fo22fkTqsDayUWxI0giRf22JVKwZrFicRi7nk35Lak5iD9mV7HwIuFsy%2FZvuZ0bR9xaT0ApAN%2FEqTa1WoWrxrdrpZmzoDB0CeCJak%2FszWqdoyHosymrrWOWT%2Ft8ss%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54dc75b2ab524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/favicon.ico
104.21.29.116403 Forbidden 3.4 kB URL GET HTTP/1.1 arenalvolcanoshuttle.com/favicon.ico
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Hash b2c499d09c921f8c2b41f24646dc508d
0bd28f232a4a339263ed0f085c07846d278cc0df
ec318eaf219feebd95624d05c14f5bbe6389c065b58b796a524ef4034fb1b6c8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kjksGRgoUO09lCIHkBkR2gcLPKgkiLFYT%2BovdPtlkYuq0Dqd0byownkKOMhI96zQ5v2FttOVkmX%2FylYYcihYHDZlybUAbI60DQvvPMjO2xxaJzgZWVnTMdSWnIaxI0LrXBwgOVxDesuJmM8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54dc7a975b529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
104.21.29.116 123 kB URL arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
IP 104.21.29.116:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 123 kB (123290 bytes)
Hash 51dee8a3a52a2c391d0734d0c75597c5
e6b05a159b7515f8ab6281fdfee2ba0e87f4a883
07e9f895ab7baf9d76f7304d0d2c641b03d1c8327614d680730383ecf4f98d52
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: d2d9a45dc10d4d5
Content-Length: 1798
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:48 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: HqkqTULF33AQ7FWkgQjAmdf6Vdwe2VxxAnUQKSELDul5LCn8SnDkTGU+2DxybJI+llRd+S9+yM5kOKjBlYIyK5mQDjxBUmRxt93dtZj2ew5BlwOlSfoNBPlRNXLTeSdmzLDG/eAFKTen6bDoaEVj365CXvWHDszrZ/0SkdlBCKxRP1KufwLheT8QQTdKDglFWvOyxE2qsjh+rNycNS7ji5vz74KSB/W3eHxsK0arIctLjYjipHjJ4oQDEQ8YUMEEOoqKPUERDhCHo5Y9eahBDjbceYeecbLNblIp6JpRnyAEgw+LDAr99OoyHT/i/sYOBzugDyL64HzqoQQC+NBqAjN2aWXRFx7FlLOgNDsYdEmisP5E4xLRF9ve0h+vJuONWoEhMmfpDcrWOIR3qf92+8AWXiRCX0ueBzgP/mCdzYxBWOJNwD7XXo3qWzm+u76e$6YhJBascz6vhGQnYkPUO7w==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVPJecIuDdtetFg9uPGWkgAoKT2iTA%2FhGXlAD8r2yEZb1%2BmGKOHjwz3rur9sVF4vo1%2Fk6LajyQZNs%2BAmSuWe2g7z9rlbWfDzr6l731Orsa3X7dzoiA6mlhdgewRdRalUNEyWmf1crFAC%2FsA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dc92e14b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54dc6191eb509/1682747808196/5e2p_NSHrJOr_Ag
104.21.29.116 61 B URL arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54dc6191eb509/1682747808196/5e2p_NSHrJOr_Ag
IP 104.21.29.116:0
File type PNG image data, 20 x 99, 8-bit/color RGB, non-interlaced\012- data
Hash c40cd5a7ef76e781f849445ce875deed
7254efc749638125a0d0a9504f94133e7cf8a467
20d7e7510261a58b61833828b6e75dd4b17a54d4f58ad5c63def9667d8a4e130
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/challenge-platform/h/g/img/7bf54dc6191eb509/1682747808196/5e2p_NSHrJOr_Ag HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:48 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5M9MzoGX6rSKNHbeH4l4PmRbUsUzWSm0JxwQaZwgwzLwZzDmwm4aTGM2fhrWdl1CyMoP%2FvVFgaBzH6x7NfMsVs9A7i8a8BKvwaHPWAYp1EW12pfvT6WBSoH3BbGDtxYs%2B0f90ClsdOXf7hU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dca3ebeb51b-OSL
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/beacon/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5/interactive
104.21.29.116 0 B URL arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/beacon/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5/interactive
IP 104.21.29.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /cdn-cgi/challenge-platform/h/g/beacon/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5/interactive HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
Content-Length: 425
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbloWBdsHEwrlQEblqUSxtZQrgmFOITqxG%2BUoHyk1CLL2YWg7YNPasUC8y%2BvlgRmKgrULLaL2qWdJK1gRRa9zoaWj6%2FFgAaGy8IyFnRNKN2SvsZ%2BAA0YhJex7hQRUH0xPQcIixHGlgGRqNo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dd818b9b51b-OSL
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
104.21.29.116 5.6 kB URL arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
IP 104.21.29.116:0
File type ASCII text, with very long lines (7404), with no line terminators
Hash 2f7888bdc9885f38318bb73fc36abc75
a16caad608dd014f177775b38717fcb734f49198
cafa17cdc68a60fdd3da6c0ad45890dd2a55da8546c79e0ad2d68f3077e3dd9e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: d2d9a45dc10d4d5
Content-Length: 16393
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:50 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: I8TfTQ5Ek8ch1ilS4zhrRtSaJvAZjJnwGdc7HyjrmEtVbHa/RukkJmW+ZY+Ru+92$ZjQQfl0+7Cv8IewkNr1daA==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARQXpqSdtMzkPH6BEFX0LeskbqRH3JHZeu71pNX30KJcrO%2F82jzNRtw6imF9VJJa2JbNze4Kqx%2FSn6XlVv%2BmndoJy8y%2BGdXe5Sm0DO2lxjCdzQEo5AGNcMZtIf5tYJIuyk4VKGPDflPdZvA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dd9d9feb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185200 OK 8.8 kB URL GET HTTP/3 challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:443
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (15685)
Hash 00d734241dd3f652f89117afed7b184b
c3454e534a92cf15e387c90548ad9467215cd5d5
8597aa710fb41b7729989e9568a30c2cd1d7c86ef3f6fdae754a8dd8bb4e37ec
GET /turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 29 Apr 2023 05:56:48 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7bf54dc818ec0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css
104.21.29.116200 OK 2.6 kB URL GET HTTP/1.1 arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type ASCII text, with very long lines (6600), with no line terminators
Hash 9fa2f809c184b1f61b213cd4e503a226
5d7a209eb9da1e823ea6bdc9610005d7a224b35f
f47ef292aa20330e7c78dc476c33845afbc76cb0ba0901bc1f29492cfeb28437
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: W/"6447b972-19c8"
Server: cloudflare
CF-RAY: 7bf54deafaeeb4f9-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:53 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip
arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54deace0ab51b
104.21.29.116200 OK 42 B URL GET HTTP/1.1 arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54deace0ab51b
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54deace0ab51b HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: "6447b972-2a"
Server: cloudflare
CF-RAY: 7bf54deb2afbb4f9-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:53 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b
104.21.29.116200 OK 54 kB URL GET HTTP/1.1 arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1a7fbbdebce9b9f6295575f91065eb47
4c095d3e6cbbfd74657e4a86ef45ec3ce7b070b3
1acbfba07f69ebfd103efcdf73da9a4d3532da34e1fe3545442532d6b89c320c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip?__cf_chl_rt_tk=z2FwKNbrwYhL3fczdi6C.3r.rqufJuqgZKp9TrG90Lw-1682747813-0-gaNycGzNBjs
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t9ShlGU7oNzo4%2F8UAM9efqOZVv7ubWK9AQl9de%2BrkYtuUE5NcCpMlPC%2BWuivreKdvPLb6Lb1P6%2Faxm%2FGn9SBO0iv%2Bp5a397gR49AtbfTRKzcWn6P0VPApxqQF8riwAf6v0aRnnIo4oNMjB8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54deb2b01b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/favicon.ico
104.21.29.116403 Forbidden 3.4 kB URL GET HTTP/1.1 arenalvolcanoshuttle.com/favicon.ico
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Hash a0c3d0a52997030e3c3ba635256ade23
319784c9107bfd0f376d9e9d7b60e215e63ce9d7
777c4a55a5eea1c0de2c99d7af17182313789937f3458011dfd25c4ed4bf0ef6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVZIi2r4HdKzxLvSUceFvdQIhtty1gNdEGRGnsxSPPeXJ9g7%2B7MXpomHPb0bf%2BzowDraBa8dX6nxX05kL0%2FVIevNo8QtAXXjkw%2F6ACLPL8fR8aJHgU7tMWMFP1LhIGFOOSIiAYBmdAu9Zro%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54deb4b17b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/favicon.ico
104.21.29.116403 Forbidden 3.4 kB URL GET HTTP/1.1 arenalvolcanoshuttle.com/favicon.ico
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Hash 1cd592a090809407503c86fbef74ceb6
56403d03d7c302ad93d371744b54010f472d51a5
185284d2e18424596b8411f63302ff35ed3cd2b4aaeef2288fb8f9c87aed9299
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ms2etdvyBnxklMQT3ogHS7SKgYAjARg6ZM31HLbQD40syT6yFWduQTTvjJVbyf9CmFZChnxurAcr%2BT%2Fu8hn8AB1rX7VsMkpSQafJApFk54dfySe38GnzFqlTI0c8Sro1voiRMRZsP1zSKwk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54deb7b4ab505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
104.21.29.116200 OK 104 kB URL POST HTTP/1.1 arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type ASCII text, with very long lines (65536), with no line terminators
Size 104 kB (103640 bytes)
Hash 438ad97fb47008bdaa9a978623480c5e
886fe1faccf8b79cf9464eed66de0f149be0d89c
47be6f69909bae8694add7b49905cb5c04d648f55a0dafc564a35b93bd7ef548
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: c1ab8cbfbc0fc5e
Content-Length: 1803
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: D115Y36oR5K8to1gY1s8dqfNOah54XD6Y/e6HrSAFQf/7hyzdKDMzxqwJTuNFsJ7QBWEtjwUb7LzrkpytYKarwt7nQBl75mq42t8rNAURt1YVFkHhNuA4ymvw0nPiluhc4uBiMWkmSYZWUWtrBBS3qlrx3fYfnJ366vrgmiG/N21hSvimbSE9TNgMesPQE9peEMpD2YIZKtwbRDGzeyzz1HcUJ30BN6IvHWL9uZKRTtuaIZB+HO67EUhBye8m10SAWAHqnUqW9+dJZ9dlR9DYkqvCMk0CANLpqkgdswdO7vJqDRvJRX4GFNnG0DIRV8MOyEpeCP5RjRQL1Iit/m1C2sqo/3nvr5JMuwu20Cubzvacq+e0Hl0jBWK7AVYXSG+XJVAgl7nOPoyzQbWSjQQWX75yKU/lc3z1PXqAbnSCnNEhIjDQmzW9IiPNl/wdTDb$rXFb5YkwLKWwLvd3IXvu3A==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=efRnzGYha0S23dzCglz4R270rozr%2Fgk9r57fqScW23cXOHQKOAOZQlLEpcUT%2B%2BcwcldDAgplLIGcCqWCNF2HVpoKAoZ6iLBrPWwvn0rr8EThm6qLRxMWXhrR5yhzTRL6cLR59902dDf6ph0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dec3fea0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54dda2da00b39
104.18.6.185 63 kB URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54dda2da00b39
IP 104.18.6.185:0
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash c48d6a76ed34f68140111929bd70a070
2b9e15c584bfa0f9ef036d5398d300c5802d456f
ef5630b210d8b3f127877c1ce5e0f7de988b889c8c27cf5d6a197d76097dd7fa
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54dda2da00b39 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vvvrc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:51 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7bf54ddade250b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
104.21.29.116200 OK 5.6 kB URL POST HTTP/1.1 arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type ASCII text, with very long lines (7376), with no line terminators
Hash 0c9973d60ce74297d80da4a39f697beb
6d186991bcf24cd00ca0e1589db661a1d1c67fc7
5532f46197adc3d6d07ef2d30acaad02c5f0832eb8835486a047366e4c731672
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: c1ab8cbfbc0fc5e
Content-Length: 16577
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:55 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: HYfT2R3aEi8Kn3vYki/QLvYjOE72MAXD4bt9+FUc6/9MEhKK5s79PJGsnfr0yeUc$MNVwgKtHgVHbUCB9KN3D7A==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9Tv3NU6NdzsLB7n7LxJtw3c8hIF%2B0ovEZcgLSKrx%2FdWBDE5NTsch3rowOYKAt%2FuWKvT7dFBZkxKJ9TIt0T%2FeRKBDWxzEfwXx3iWbL2AhS8tTOffbi%2BW1hoAcX1Oc8BlC9cF7MfLqjO4buM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54df4bc330b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
104.18.6.185200 OK 23 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
IP 104.18.6.185:443
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9343)
Hash 72e070754feb49f32752a5db2a4c4112
1d586e0fb1d998fb788d70c730e9456b6e982ed0
e96539b3697849ede13f2dd6ba2e6f85e481337dc2caff5513b98e94628152fb
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7bf54df50e7d0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54deace0ab51b/1682747813810/VIheQes0XMStH4S
104.21.29.116200 OK 61 B URL GET HTTP/1.1 arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54deace0ab51b/1682747813810/VIheQes0XMStH4S
IP 104.21.29.116:80
Requested by http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
File type PNG image data, 54 x 49, 8-bit/color RGB, non-interlaced\012- data
Hash 7cec3eb3dc9027c4e373c93da43f1647
8d1f8acee63c78779e40d85e9c3996e68709c839
42c977a062d164ec5849cf6c4689c683319727898d59c13762921e111a4c435a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/challenge-platform/h/g/img/7bf54deace0ab51b/1682747813810/VIheQes0XMStH4S HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:54 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfY4wzLAvRHYXMJuaWY4hvFmH7ThubeXRWzOWXjhuucArxmvqto8mcHpEQmLQk%2B8Kx8rMjB%2FrqaMjNnJIu0faN2DM78BYhhQenvljqbMsE9W3bRB%2BT9DTOlfcFwSxKh2BdNpyl%2B6KFgdECI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54df2eb3a0b55-OSL
alt-svc: h2=":443"; ma=60
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7bf54df50e7d0b39/1682747815499/y6s68twMgZSFebi
104.18.6.185200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7bf54df50e7d0b39/1682747815499/y6s68twMgZSFebi
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type PNG image data, 62 x 89, 8-bit/color RGB, non-interlaced\012- data
Hash 24d75db850ab1d1c2741dcebba3134c2
cd6b33c50a17ad3efa437139c769440cc2aff48b
518d48aa3bdd8987b219fb68debc8e9316b2ad1c56f14281975aadc3cb559bd1
GET /cdn-cgi/challenge-platform/h/g/img/7bf54df50e7d0b39/1682747815499/y6s68twMgZSFebi HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: image/png
server: cloudflare
cf-ray: 7bf54df7bfe50b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef
104.18.6.185200 OK 78 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash ef4f781b7cc84959d6dee5807ff96608
4d24a5ebdb01ca66d7f7e03ed18e4086b0c4ed3e
d615263343675045d41c26a964563ef83934d24354aee51a0075cc4c6478ad08
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 35a2acdcef26cef
Content-Length: 2588
Origin: https://challenges.cloudflare.com
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: text/plain; charset=UTF-8
cf_chl_gen: YGQm5tynZKEsLkqKrktaIqlJe6vzuTfrVaDOVJ9AvVdmaTTwtRziCrn8jZN3f/vOO8RK2af0WAEmzp+zo+FCmJ5gmZ6cNsa4hZPgCmPDZscLj30xggDGTLAOaUh87hgNer/lbReYKDOcvPf0SXqNtLZq6pe7LdsksALa7oh/wPCsp1q8iXGQbe4FtDa/WPUc8uzEAAWFV5ioU64SyWO9fmKttTTFnRE41gKEFFzWVuCEAv9cqn5BqZUjiTYM/QNlno7/WfUbrViaYg15mpl7MIfZyO5Zw/4JDOwAgxBv0zipip7L6etmncyAOyMPtNmBSV7RQIOhVrlf4oOYEiPU47RABAQNLA+q087YYQMOl+fOh7z7MthSVhWkzS7Q0PQj4TjhffGDcr8gMjUOrvQSszgyn5NhMAapdnk1VyWSw1M=$U26T7Rk+2G4IESFUdzcecQ==
server: cloudflare
cf-ray: 7bf54df6cf5e0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39
104.18.6.185200 OK 156 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 156 kB (156373 bytes)
Hash 5ca7a20ddd7567fc99aa2d75a1d0bad1
234a85de91d14c986b11aa71b85c7456d2134e9d
bca5d803f868e536d8c1bbb924a2fbe85e208696e82bb46dd4f54e50ce4cbadf
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7bf54df5bed00b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef
104.18.6.185200 OK 10 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (10280), with no line terminators
Hash 8a821eb23174b0fccbc5e31e081c685d
3579752b4a454114ba9fec42da20b6979d75f284
113e385aaf62501b3146a0505fc7fc500abd82213883c9b5410ed28217edf719
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 35a2acdcef26cef
Content-Length: 17155
Origin: https://challenges.cloudflare.com
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:57 GMT
content-type: text/plain; charset=UTF-8
cf_chl_gen: 4TJ1Jk7SVgdDB0NVM3jc0O0A9zsE4IUawrOD0CgXSz9ZkvYvJmxmwD/PFvBZ7s3N$Z/MIrKluA/mivderMw1YWw==
server: cloudflare
cf-ray: 7bf54e02df2a0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400