Report - arenalvolcanoshuttle.com/download/Install

Report Overview

Submitted URL
arenalvolcanoshuttle.com/download/Install_pass1234.zip
IP
172.67.171.122
ASN
#13335 CLOUDFLARENET
Submitted
2023-04-29 05:57:02
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
96

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
arenalvolcanoshuttle.com	unknown		2016-07-14	2023-04-28	9.2 kB	383 kB	104.21.29.116
challenges.cloudflare.com	unknown		2021-10-20	2023-04-28	4.6 kB	342 kB	104.18.6.185

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-04-29	medium	arenalvolcanoshuttle.com/download/Install_pass1234.zip
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54dc6191eb509
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54dc6191eb509
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54dc6191eb509/1682747808196/5e2p_NSHrJOr_Ag
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/beacon/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5/interactive
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54deace0ab51b
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
2023-04-29	medium	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54deace0ab51b/1682747813810/VIheQes0XMStH4S

mnemonic secure dns

Scan Date	Severity	Indicator
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com

Quad9 DNS

Scan Date	Severity	Indicator
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com
2023-04-29	medium	arenalvolcanoshuttle.com

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	unknown	7.7 kB	2023-04-29	2023-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash 6e1d439864c4ea69fcf757eb5eeeefbe ea6e6e62e0deadc3b21d920dda59f2496295daf2 8348fa926cb896705f9a8e1d2b0d2b34b968c64cabc7e9bfb86a874bd2c641cf Loading...

	unknown	59 kB	2023-04-29	2023-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash c8ea19dea739e65235a2058e98c74b4a 89f5b351c89041d371ff1c84bc2451c10ba7fa3f 80e3d1e5425a529140ff1574ac8f74128e51ad8484ee6899d8457e50b0933035 Loading...

	challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit	16 kB	2023-04-27	2023-05-10
Pretty URL challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 14:42:20 Last Seen2023-05-10 17:27:11 Times Seen1278 Hash a26b9f20dc634fffeabda90cec467fa1 bf3dd0fb148183a0250784dc298ba3e824d46394 5205e201bbd649a3a4af0ecb9b1e8a80f73aa8ea4aee1740302b1b8f7435b27f Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39	156 kB	2023-04-29	2023-04-29
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39 IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen2 Hash 5ca7a20ddd7567fc99aa2d75a1d0bad1 234a85de91d14c986b11aa71b85c7456d2134e9d bca5d803f868e536d8c1bbb924a2fbe85e208696e82bb46dd4f54e50ce4cbadf Loading...

	unknown	626 B	2023-04-19	2023-09-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 17:10:16 Last Seen2023-09-04 14:53:39 Times Seen4089 Hash 965d195078b6e2b66051d3ab5418dd70 e4589c5ee84bedf04d0ae10b25e4927ddfc7e6d0 99cf2ba13c494c699abf3062b1422e3e7b4fd1342e642d8a249afd52fa682b18 Loading...

	arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b	152 kB	2023-04-29	2023-04-29
Pretty URL arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b IP 104.21.29.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen2 Hash 121de88256853b29b74e49f08bd3895b 5522d628646ce5fa946d0af049c657010e3d7bb2 d09133242f65720a88a3fb7ded543d8478b79fd5ea423f4d10c9e55c1e86c3dd Loading...

	unknown	8 B	2023-04-10	2024-04-24
Pretty Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-04-10 23:38:56 Last Seen2024-04-24 21:08:09 Times Seen12426 Hash 69165ebff8690c39998558705627e927 b86888593992fa44c3d1fe1c665367cb214e5416 0de7a49f6d21fbef846aba4bd271502d7ec9489bfbb3fd96f5ff7cf19140875e Loading...

	arenalvolcanoshuttle.com/download/Install_pass1234.zip	3.3 kB	2023-04-29	2023-04-29
Pretty URL arenalvolcanoshuttle.com/download/Install_pass1234.zip IP 104.21.29.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash d3a77d9c1e5de89b44dddfc67ab41e32 94c9245a5ee7c5c474d9df6a0232f02e1421776e 94546b79fc1ab9a1fb0b4010e6578c8b4d5a25ba08af0447c1c948de09178752 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	2.1 kB	2023-04-29	2023-04-29
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP 104.18.6.185 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash 46fc965e41a638b8a043651255241cb9 d187bba2214208d6fe2660223d24f8384d185f02 aac0964a2896add0391cea9c0e1c9a290869b3c249dc5c519c045097a5ca6168 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-04-25 03:36:03 Times Seen349489 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#2 Eval - c9646a6eaabbe7156114487cc9c7dada	516 B	2023-04-29	2023-04-29
Pretty Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash c9646a6eaabbe7156114487cc9c7dada d621d548d57a1d93ead82d6ee51e327410f30971 7cca3e6ae8edc2b125bf41f7bc7bc9f20cab91b99808823507a38a3f254d5617 Loading...

	#3 Eval - d9e885a078bbfbac723baef45f3b2c03	563 B	2023-04-29	2023-04-29
Pretty Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash d9e885a078bbfbac723baef45f3b2c03 7851d06b6394c16a4c3bdbad5ab3e274bafbf821 93f9e6a8ca4e0565cb7a9177f5dc276ba4350329d207821cf9647275c0b967e2 Loading...

	#4 Eval - 93e354e833ee7b4feead7057a3f33168	13 B	2023-03-13	2023-07-11
Pretty Observations First Seen2023-03-13 20:39:31 Last Seen2023-07-11 14:53:30 Times Seen14356 Hash 93e354e833ee7b4feead7057a3f33168 4025c763f11cdc2eef6318108989528620fef9e7 80b90237b40178e74c34d6652d95b3918d01b603ba83f9dce47ba6b19343c245 Loading...

	#5 Eval - a92c116f0f513c6198152b434693dc7c	2.3 kB	2023-04-29	2023-04-29
Pretty Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash a92c116f0f513c6198152b434693dc7c 5a1a2c0f721d858c5fc287d1e8956c12e9f61665 e989ec87a14b811fc5a70332bdddf800ea0e560478b5397ec9e1a6622c3549ac Loading...

	#6 Eval - 537d39f57c259c215e0cf22c9e8006e6	2.3 kB	2023-04-29	2023-04-29
Pretty Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash 537d39f57c259c215e0cf22c9e8006e6 8de48f27bb2f304ce7f393238aebdcd35db2a81f c37c95e4d32c7f8f88b8919539099508892fb28aa6a6280ede31d6e515863071 Loading...

	#7 Eval - 10b8fb62d08b6ce67c418d695ddcd653	1.0 kB	2023-04-29	2023-04-29
Pretty Observations First Seen2023-04-29 07:57:03 Last Seen2023-04-29 07:57:03 Times Seen1 Hash 10b8fb62d08b6ce67c418d695ddcd653 c77a593c27819a20e89c2674b47bcaa91686681b 55f1232c120abb53603f36db662823eee35a12ff2747f517dd79731f60cb02b7 Loading...

	#8 Eval - 50bda72e04f85f9b4338c0f939c34b9c	15 B	2023-03-13	2023-07-11
Pretty Observations First Seen2023-03-13 20:39:31 Last Seen2023-07-11 18:15:28 Times Seen14456 Hash 50bda72e04f85f9b4338c0f939c34b9c d53056a9d7a7424238f0faf0b93b098f28d4d3ca db8d20f2dfaf9df3877967927de5ecb9648fecda131ab44bf854f8d72baa2b23 Loading...

		Size	First Seen	Last Seen
	#1 Write - 467d82ac802ebf5b672ecdb8e02505e6	3.6 kB	2023-03-07	2023-07-11
Pretty Observations First Seen2023-03-07 01:02:24 Last Seen2023-07-11 15:29:01 Times Seen16478 Hash 467d82ac802ebf5b672ecdb8e02505e6 b3df725dd3285fd4618d65c08e83b8f08c8e4798 36d48aeb87174dbf8b0ea333d2042d9e198797bd33c3f849597981eacd619515 Loading...

HTTP Transactions (25)

URL IP Response Size

arenalvolcanoshuttle.com/download/Install_pass1234.zip

104.21.29.116

403 Forbidden

3.5 kB

URL User Request GET HTTP/1.1
arenalvolcanoshuttle.com/download/Install_pass1234.zip
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Size
3.5 kB (3452 bytes)
Hash
9439f4f304e7ebf572adca1090657f55
2bc2bc1f25e7a42e88204b8e979ec774b0500ec8
af6d7c4b299b93dddc804975c1f8eeacdbe6e55e444eac07871ba0eb365ac2e2

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /download/Install_pass1234.zip HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6f4FYM%2Ft2D%2FYcRYaZfIxD4nCGFcm5mir2ts9Qvwrj9ipHR0MF2glkpe28YCN%2B8bpSuPctFqJrxb3uXffdqLlAsYEJGp64yXBoV2wb44qg2OsW9fZUqd4XYx%2FH2vNE18opGQmSt0ShmKVzU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54dc6191eb509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css

104.21.29.116

200 OK

2.6 kB

URL GET HTTP/1.1
arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
ASCII text, with very long lines (6600), with no line terminators
Size
2.6 kB (2624 bytes)
Hash
9fa2f809c184b1f61b213cd4e503a226
5d7a209eb9da1e823ea6bdc9610005d7a224b35f
f47ef292aa20330e7c78dc476c33845afbc76cb0ba0901bc1f29492cfeb28437

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: W/"6447b972-19c8"
Server: cloudflare
CF-RAY: 7bf54dc6eadbb524-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:47 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip

arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54dc6191eb509

104.21.29.116

42 B

URL
arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54dc6191eb509
IP
104.21.29.116:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54dc6191eb509 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: "6447b972-2a"
Server: cloudflare
CF-RAY: 7bf54dc72b05b524-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:47 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54dc6191eb509

104.21.29.116

53 kB

URL
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54dc6191eb509
IP
104.21.29.116:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
53 kB (53270 bytes)
Hash
37f6cb6f944b4dc7e56c83779777d135
73b8bd8e99dd1b5466766d4aa6ca05d212e4087a
9c8ae74de3d9b92d827b66ad88d320746941fc7483d3a56bd6cec81b4e2afbc8

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54dc6191eb509 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip?__cf_chl_rt_tk=okguEra_SPf5I6ne8egaQGilpGIAyaC0Ic3pVnsPcD0-1682747807-0-gaNycGzNBfs
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXc1Lwbd%2FwOYOLcbe62RGQNYmvewArDGCiW8E94qKZkdke%2FgM3hg0g6UKxoy9q4aUs8cQG4pWw6Oo8EGEu0G4ZLFLUDnSgcxbsocrjal23IgSyjGxh%2F9sctmaWpAbHHcZLVIDmHJEHWT1Ws%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dc73b14b524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/favicon.ico

104.21.29.116

403 Forbidden

3.4 kB

URL GET HTTP/1.1
arenalvolcanoshuttle.com/favicon.ico
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1540)
Size
3.4 kB (3373 bytes)
Hash
da92cc19251b065579e1d5ec8b7e2e84
19e0737ac46500a340e062e57239db0fd3fd44d9
2f38229005937c942d14de8639973b2286ec545eabafcd05e80da5c946f9441f

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW8O7klPxCBVxgO7Ft%2Fo22fkTqsDayUWxI0giRf22JVKwZrFicRi7nk35Lak5iD9mV7HwIuFsy%2FZvuZ0bR9xaT0ApAN%2FEqTa1WoWrxrdrpZmzoDB0CeCJak%2FszWqdoyHosymrrWOWT%2Ft8ss%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54dc75b2ab524-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/favicon.ico

104.21.29.116

403 Forbidden

3.4 kB

URL GET HTTP/1.1
arenalvolcanoshuttle.com/favicon.ico
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Size
3.4 kB (3412 bytes)
Hash
b2c499d09c921f8c2b41f24646dc508d
0bd28f232a4a339263ed0f085c07846d278cc0df
ec318eaf219feebd95624d05c14f5bbe6389c065b58b796a524ef4034fb1b6c8

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kjksGRgoUO09lCIHkBkR2gcLPKgkiLFYT%2BovdPtlkYuq0Dqd0byownkKOMhI96zQ5v2FttOVkmX%2FylYYcihYHDZlybUAbI60DQvvPMjO2xxaJzgZWVnTMdSWnIaxI0LrXBwgOVxDesuJmM8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54dc7a975b529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5

104.21.29.116

123 kB

URL
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
IP
104.21.29.116:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
123 kB (123290 bytes)
Hash
51dee8a3a52a2c391d0734d0c75597c5
e6b05a159b7515f8ab6281fdfee2ba0e87f4a883
07e9f895ab7baf9d76f7304d0d2c641b03d1c8327614d680730383ecf4f98d52

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: d2d9a45dc10d4d5
Content-Length: 1798
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:48 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: HqkqTULF33AQ7FWkgQjAmdf6Vdwe2VxxAnUQKSELDul5LCn8SnDkTGU+2DxybJI+llRd+S9+yM5kOKjBlYIyK5mQDjxBUmRxt93dtZj2ew5BlwOlSfoNBPlRNXLTeSdmzLDG/eAFKTen6bDoaEVj365CXvWHDszrZ/0SkdlBCKxRP1KufwLheT8QQTdKDglFWvOyxE2qsjh+rNycNS7ji5vz74KSB/W3eHxsK0arIctLjYjipHjJ4oQDEQ8YUMEEOoqKPUERDhCHo5Y9eahBDjbceYeecbLNblIp6JpRnyAEgw+LDAr99OoyHT/i/sYOBzugDyL64HzqoQQC+NBqAjN2aWXRFx7FlLOgNDsYdEmisP5E4xLRF9ve0h+vJuONWoEhMmfpDcrWOIR3qf92+8AWXiRCX0ueBzgP/mCdzYxBWOJNwD7XXo3qWzm+u76e$6YhJBascz6vhGQnYkPUO7w==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVPJecIuDdtetFg9uPGWkgAoKT2iTA%2FhGXlAD8r2yEZb1%2BmGKOHjwz3rur9sVF4vo1%2Fk6LajyQZNs%2BAmSuWe2g7z9rlbWfDzr6l731Orsa3X7dzoiA6mlhdgewRdRalUNEyWmf1crFAC%2FsA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dc92e14b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54dc6191eb509/1682747808196/5e2p_NSHrJOr_Ag

104.21.29.116

61 B

URL
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54dc6191eb509/1682747808196/5e2p_NSHrJOr_Ag
IP
104.21.29.116:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 20 x 99, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
c40cd5a7ef76e781f849445ce875deed
7254efc749638125a0d0a9504f94133e7cf8a467
20d7e7510261a58b61833828b6e75dd4b17a54d4f58ad5c63def9667d8a4e130

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/img/7bf54dc6191eb509/1682747808196/5e2p_NSHrJOr_Ag HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:48 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5M9MzoGX6rSKNHbeH4l4PmRbUsUzWSm0JxwQaZwgwzLwZzDmwm4aTGM2fhrWdl1CyMoP%2FvVFgaBzH6x7NfMsVs9A7i8a8BKvwaHPWAYp1EW12pfvT6WBSoH3BbGDtxYs%2B0f90ClsdOXf7hU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dca3ebeb51b-OSL
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/beacon/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5/interactive

104.21.29.116

0 B

URL
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/beacon/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5/interactive
IP
104.21.29.116:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/beacon/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5/interactive HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
Content-Length: 425
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbloWBdsHEwrlQEblqUSxtZQrgmFOITqxG%2BUoHyk1CLL2YWg7YNPasUC8y%2BvlgRmKgrULLaL2qWdJK1gRRa9zoaWj6%2FFgAaGy8IyFnRNKN2SvsZ%2BAA0YhJex7hQRUH0xPQcIixHGlgGRqNo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dd818b9b51b-OSL
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5

104.21.29.116

5.6 kB

URL
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5
IP
104.21.29.116:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7404), with no line terminators
Size
5.6 kB (5616 bytes)
Hash
2f7888bdc9885f38318bb73fc36abc75
a16caad608dd014f177775b38717fcb734f49198
cafa17cdc68a60fdd3da6c0ad45890dd2a55da8546c79e0ad2d68f3077e3dd9e

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/519496488:1682744737:iV5T2BAm6A1CSXzTLN1b5Ww8OUdK9aKwQK-Kn-HBUr4/7bf54dc6191eb509/d2d9a45dc10d4d5 HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: d2d9a45dc10d4d5
Content-Length: 16393
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:50 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: I8TfTQ5Ek8ch1ilS4zhrRtSaJvAZjJnwGdc7HyjrmEtVbHa/RukkJmW+ZY+Ru+92$ZjQQfl0+7Cv8IewkNr1daA==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARQXpqSdtMzkPH6BEFX0LeskbqRH3JHZeu71pNX30KJcrO%2F82jzNRtw6imF9VJJa2JbNze4Kqx%2FSn6XlVv%2BmndoJy8y%2BGdXe5Sm0DO2lxjCdzQEo5AGNcMZtIf5tYJIuyk4VKGPDflPdZvA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dd9d9feb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit

104.18.6.185

200 OK

8.8 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (15685)
Size
8.8 kB (8848 bytes)
Hash
00d734241dd3f652f89117afed7b184b
c3454e534a92cf15e387c90548ad9467215cd5d5
8597aa710fb41b7729989e9568a30c2cd1d7c86ef3f6fdae754a8dd8bb4e37ec

HTTP Headers

GET /turnstile/v0/g/b5e45436/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Apr 2023 05:56:48 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7bf54dc818ec0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css

104.21.29.116

200 OK

2.6 kB

URL GET HTTP/1.1
arenalvolcanoshuttle.com/cdn-cgi/styles/challenges.css
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
ASCII text, with very long lines (6600), with no line terminators
Size
2.6 kB (2624 bytes)
Hash
9fa2f809c184b1f61b213cd4e503a226
5d7a209eb9da1e823ea6bdc9610005d7a224b35f
f47ef292aa20330e7c78dc476c33845afbc76cb0ba0901bc1f29492cfeb28437

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: W/"6447b972-19c8"
Server: cloudflare
CF-RAY: 7bf54deafaeeb4f9-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:53 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip

arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54deace0ab51b

104.21.29.116

200 OK

42 B

URL GET HTTP/1.1
arenalvolcanoshuttle.com/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54deace0ab51b
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7bf54deace0ab51b HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Tue, 25 Apr 2023 11:28:50 GMT
ETag: "6447b972-2a"
Server: cloudflare
CF-RAY: 7bf54deb2afbb4f9-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Sat, 29 Apr 2023 07:56:53 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b

104.21.29.116

200 OK

54 kB

URL GET HTTP/1.1
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
ASCII text, with very long lines (65536), with no line terminators
Size
54 kB (54245 bytes)
Hash
1a7fbbdebce9b9f6295575f91065eb47
4c095d3e6cbbfd74657e4a86ef45ec3ce7b070b3
1acbfba07f69ebfd103efcdf73da9a4d3532da34e1fe3545442532d6b89c320c

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7bf54deace0ab51b HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip?__cf_chl_rt_tk=z2FwKNbrwYhL3fczdi6C.3r.rqufJuqgZKp9TrG90Lw-1682747813-0-gaNycGzNBjs
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t9ShlGU7oNzo4%2F8UAM9efqOZVv7ubWK9AQl9de%2BrkYtuUE5NcCpMlPC%2BWuivreKdvPLb6Lb1P6%2Faxm%2FGn9SBO0iv%2Bp5a397gR49AtbfTRKzcWn6P0VPApxqQF8riwAf6v0aRnnIo4oNMjB8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54deb2b01b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/favicon.ico

104.21.29.116

403 Forbidden

3.4 kB

URL GET HTTP/1.1
arenalvolcanoshuttle.com/favicon.ico
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Size
3.4 kB (3408 bytes)
Hash
a0c3d0a52997030e3c3ba635256ade23
319784c9107bfd0f376d9e9d7b60e215e63ce9d7
777c4a55a5eea1c0de2c99d7af17182313789937f3458011dfd25c4ed4bf0ef6

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=d2d9a45dc10d4d5; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wVZIi2r4HdKzxLvSUceFvdQIhtty1gNdEGRGnsxSPPeXJ9g7%2B7MXpomHPb0bf%2BzowDraBa8dX6nxX05kL0%2FVIevNo8QtAXXjkw%2F6ACLPL8fR8aJHgU7tMWMFP1LhIGFOOSIiAYBmdAu9Zro%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54deb4b17b4f9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/favicon.ico

104.21.29.116

403 Forbidden

3.4 kB

URL GET HTTP/1.1
arenalvolcanoshuttle.com/favicon.ico
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1583)
Size
3.4 kB (3400 bytes)
Hash
1cd592a090809407503c86fbef74ceb6
56403d03d7c302ad93d371744b54010f472d51a5
185284d2e18424596b8411f63302ff35ed3cd2b4aaeef2288fb8f9c87aed9299

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
cf-chl-bypass: 1
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ms2etdvyBnxklMQT3ogHS7SKgYAjARg6ZM31HLbQD40syT6yFWduQTTvjJVbyf9CmFZChnxurAcr%2BT%2Fu8hn8AB1rX7VsMkpSQafJApFk54dfySe38GnzFqlTI0c8Sro1voiRMRZsP1zSKwk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bf54deb7b4ab505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e

104.21.29.116

200 OK

104 kB

URL POST HTTP/1.1
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (103640 bytes)
Hash
438ad97fb47008bdaa9a978623480c5e
886fe1faccf8b79cf9464eed66de0f149be0d89c
47be6f69909bae8694add7b49905cb5c04d648f55a0dafc564a35b93bd7ef548

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: c1ab8cbfbc0fc5e
Content-Length: 1803
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:53 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: D115Y36oR5K8to1gY1s8dqfNOah54XD6Y/e6HrSAFQf/7hyzdKDMzxqwJTuNFsJ7QBWEtjwUb7LzrkpytYKarwt7nQBl75mq42t8rNAURt1YVFkHhNuA4ymvw0nPiluhc4uBiMWkmSYZWUWtrBBS3qlrx3fYfnJ366vrgmiG/N21hSvimbSE9TNgMesPQE9peEMpD2YIZKtwbRDGzeyzz1HcUJ30BN6IvHWL9uZKRTtuaIZB+HO67EUhBye8m10SAWAHqnUqW9+dJZ9dlR9DYkqvCMk0CANLpqkgdswdO7vJqDRvJRX4GFNnG0DIRV8MOyEpeCP5RjRQL1Iit/m1C2sqo/3nvr5JMuwu20Cubzvacq+e0Hl0jBWK7AVYXSG+XJVAgl7nOPoyzQbWSjQQWX75yKU/lc3z1PXqAbnSCnNEhIjDQmzW9IiPNl/wdTDb$rXFb5YkwLKWwLvd3IXvu3A==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=efRnzGYha0S23dzCglz4R270rozr%2Fgk9r57fqScW23cXOHQKOAOZQlLEpcUT%2B%2BcwcldDAgplLIGcCqWCNF2HVpoKAoZ6iLBrPWwvn0rr8EThm6qLRxMWXhrR5yhzTRL6cLR59902dDf6ph0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54dec3fea0b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54dda2da00b39

104.18.6.185

63 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54dda2da00b39
IP
104.18.6.185:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
63 kB (62804 bytes)
Hash
c48d6a76ed34f68140111929bd70a070
2b9e15c584bfa0f9ef036d5398d300c5802d456f
ef5630b210d8b3f127877c1ce5e0f7de988b889c8c27cf5d6a197d76097dd7fa

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54dda2da00b39 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/vvvrc/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:51 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7bf54ddade250b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e

104.21.29.116

200 OK

5.6 kB

URL POST HTTP/1.1
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
ASCII text, with very long lines (7376), with no line terminators
Size
5.6 kB (5587 bytes)
Hash
0c9973d60ce74297d80da4a39f697beb
6d186991bcf24cd00ca0e1589db661a1d1c67fc7
5532f46197adc3d6d07ef2d30acaad02c5f0832eb8835486a047366e4c731672

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/729856472:1682744834:I5AgKgJsRdKGjzdqVU547TaZwl5V1Z78TxcVnXNc8hM/7bf54deace0ab51b/c1ab8cbfbc0fc5e HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Content-type: application/x-www-form-urlencoded
CF-Challenge: c1ab8cbfbc0fc5e
Content-Length: 16577
Origin: http://arenalvolcanoshuttle.com
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:55 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf_chl_gen: HYfT2R3aEi8Kn3vYki/QLvYjOE72MAXD4bt9+FUc6/9MEhKK5s79PJGsnfr0yeUc$MNVwgKtHgVHbUCB9KN3D7A==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9Tv3NU6NdzsLB7n7LxJtw3c8hIF%2B0ovEZcgLSKrx%2FdWBDE5NTsch3rowOYKAt%2FuWKvT7dFBZkxKJ9TIt0T%2FeRKBDWxzEfwXx3iWbL2AhS8tTOffbi%2BW1hoAcX1Oc8BlC9cF7MfLqjO4buM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54df4bc330b55-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

104.18.6.185

200 OK

23 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9343)
Size
23 kB (22617 bytes)
Hash
72e070754feb49f32752a5db2a4c4112
1d586e0fb1d998fb788d70c730e9456b6e982ed0
e96539b3697849ede13f2dd6ba2e6f85e481337dc2caff5513b98e94628152fb

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7bf54df50e7d0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54deace0ab51b/1682747813810/VIheQes0XMStH4S

104.21.29.116

200 OK

61 B

URL GET HTTP/1.1
arenalvolcanoshuttle.com/cdn-cgi/challenge-platform/h/g/img/7bf54deace0ab51b/1682747813810/VIheQes0XMStH4S
IP
104.21.29.116:80
ASN
#13335 CLOUDFLARENET

Requested by
http://arenalvolcanoshuttle.com/download/Install_pass1234.zip

File type
PNG image data, 54 x 49, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
7cec3eb3dc9027c4e373c93da43f1647
8d1f8acee63c78779e40d85e9c3996e68709c839
42c977a062d164ec5849cf6c4689c683319727898d59c13762921e111a4c435a

Detections

Analyzer	Verdict	Alert
fortinet	Malware
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/img/7bf54deace0ab51b/1682747813810/VIheQes0XMStH4S HTTP/1.1
Host: arenalvolcanoshuttle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://arenalvolcanoshuttle.com/download/Install_pass1234.zip
Connection: keep-alive
Cookie: cf_chl_2=c1ab8cbfbc0fc5e; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:56:54 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfY4wzLAvRHYXMJuaWY4hvFmH7ThubeXRWzOWXjhuucArxmvqto8mcHpEQmLQk%2B8Kx8rMjB%2FrqaMjNnJIu0faN2DM78BYhhQenvljqbMsE9W3bRB%2BT9DTOlfcFwSxKh2BdNpyl%2B6KFgdECI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bf54df2eb3a0b55-OSL
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7bf54df50e7d0b39/1682747815499/y6s68twMgZSFebi

104.18.6.185

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7bf54df50e7d0b39/1682747815499/y6s68twMgZSFebi
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
PNG image data, 62 x 89, 8-bit/color RGB, non-interlaced\012- data
Size
61 B (61 bytes)
Hash
24d75db850ab1d1c2741dcebba3134c2
cd6b33c50a17ad3efa437139c769440cc2aff48b
518d48aa3bdd8987b219fb68debc8e9316b2ad1c56f14281975aadc3cb559bd1

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/img/7bf54df50e7d0b39/1682747815499/y6s68twMgZSFebi HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: image/png
server: cloudflare
cf-ray: 7bf54df7bfe50b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef

104.18.6.185

200 OK

78 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (78412 bytes)
Hash
ef4f781b7cc84959d6dee5807ff96608
4d24a5ebdb01ca66d7f7e03ed18e4086b0c4ed3e
d615263343675045d41c26a964563ef83934d24354aee51a0075cc4c6478ad08

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 35a2acdcef26cef
Content-Length: 2588
Origin: https://challenges.cloudflare.com
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: text/plain; charset=UTF-8
cf_chl_gen: YGQm5tynZKEsLkqKrktaIqlJe6vzuTfrVaDOVJ9AvVdmaTTwtRziCrn8jZN3f/vOO8RK2af0WAEmzp+zo+FCmJ5gmZ6cNsa4hZPgCmPDZscLj30xggDGTLAOaUh87hgNer/lbReYKDOcvPf0SXqNtLZq6pe7LdsksALa7oh/wPCsp1q8iXGQbe4FtDa/WPUc8uzEAAWFV5ioU64SyWO9fmKttTTFnRE41gKEFFzWVuCEAv9cqn5BqZUjiTYM/QNlno7/WfUbrViaYg15mpl7MIfZyO5Zw/4JDOwAgxBv0zipip7L6etmncyAOyMPtNmBSV7RQIOhVrlf4oOYEiPU47RABAQNLA+q087YYQMOl+fOh7z7MthSVhWkzS7Q0PQj4TjhffGDcr8gMjUOrvQSszgyn5NhMAapdnk1VyWSw1M=$U26T7Rk+2G4IESFUdzcecQ==
server: cloudflare
cf-ray: 7bf54df6cf5e0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39

104.18.6.185

200 OK

156 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
156 kB (156373 bytes)
Hash
5ca7a20ddd7567fc99aa2d75a1d0bad1
234a85de91d14c986b11aa71b85c7456d2134e9d
bca5d803f868e536d8c1bbb924a2fbe85e208696e82bb46dd4f54e50ce4cbadf

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7bf54df50e7d0b39 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7bf54df5bed00b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef

104.18.6.185

200 OK

10 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef
IP
104.18.6.185:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT

File type
ASCII text, with very long lines (10280), with no line terminators
Size
10 kB (10280 bytes)
Hash
8a821eb23174b0fccbc5e31e081c685d
3579752b4a454114ba9fec42da20b6979d75f284
113e385aaf62501b3146a0505fc7fc500abd82213883c9b5410ed28217edf719

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/742287114:1682744883:Ee3vQ0hPOeb8iXLkAa7huAe-KYWanuW9JDR56PGsj9c/7bf54df50e7d0b39/35a2acdcef26cef HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/972hu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 35a2acdcef26cef
Content-Length: 17155
Origin: https://challenges.cloudflare.com
Alt-Used: challenges.cloudflare.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Apr 2023 05:56:57 GMT
content-type: text/plain; charset=UTF-8
cf_chl_gen: 4TJ1Jk7SVgdDB0NVM3jc0O0A9zsE4IUawrOD0CgXSz9ZkvYvJmxmwD/PFvBZ7s3N$Z/MIrKluA/mivderMw1YWw==
server: cloudflare
cf-ray: 7bf54e02df2a0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations