| demonstationfukewko.shop/api | 104.21.33.174 | 200 OK | 5.9 kB |
URL User Request POST HTTP/1.1demonstationfukewko.shop/api IP104.21.33.174:80
File typeHTML document, ASCII text, with very long lines (14390), with no line terminators Hash11193ffdd07fc437f52d0bae22942312 7f36dfd11b7bde758f3ffba497809da392a7e6d7 14bfd4e8a0bc1993127ec153bc15b1185f0ddb6e213a4338c2e9f855023a9e4b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /api HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 19 Apr 2024 09:29:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 7yryf4cToieYjrMJshWEprs/6Cd6D50vpWI0ZzHCTM2qdnRvbhesBvwwbp/A5M9c1/IIJX5Prd/HTZr/C+zwNwii7aH3BoeUM4waDHOfmDlv8m0AEFxwqF8hdOV75IT6qRXhfRWtyJofnDMY1VBh4w==$cSuyeqAYQE9mBjiqsGQjpA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1W3Dv6ALCrQBRgDA6IqXtLuY87gjjbvUJz3bzSbEB5qTCnNKCLp3V%2BAM5JcTPJVYgoYIQY8I8cd8SNws%2FXOphLdvB1LehQOq1Ii%2FRu%2FmVp3Tf8mJjrvsGbciQhbPlBH2AKQyEGNU0Ob9saE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876bdf818f53b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=876bdf818f53b4f7 | 172.67.147.169 | | 112 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=876bdf818f53b4f7 IP172.67.147.169:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111780 bytes) Hash75d0c75d285e5658c59f9a4af2ea2799 36b0b0c8e81864d12a2484ff29c4f5ab9500d4b1 e4adf798116902a64802497dd883c9697cb3298725e9ba00db9d2acbb55ee1d8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=876bdf818f53b4f7 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api?__cf_chl_rt_tk=UX4n5sb3MxP4nTNrQIz81d78xIZy.38DwyVbJw9hZBo-1713518996-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:29:56 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LgP55H%2BB5z3gSoGCV3MczNZDRrKtTJ2J9jQ%2BpEiRvqWqGhDGWZYXm50r3NzBSlypYMBU2mdxoiB%2BUl1FawByhzJbGyj%2BZn0zs5IRkQ7epyiD9VHTOOpCu%2FTVMj3iBn28ncNgbkpPj5GN3O4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 876bdf82e9f0b523-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/api
File typeHTML document, ASCII text, with very long lines (14511), with no line terminators Hashcc3757ac3eb764ab8caf92427ecf6066 73e2652f2a0937d12864783f2c89d8a396b90ee0 f5d9ba3d8aa4b190dc0253bebdb5aaeb38512be0c0d1ea6d95dcaee7a561b7ea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api?__cf_chl_rt_tk=UX4n5sb3MxP4nTNrQIz81d78xIZy.38DwyVbJw9hZBo-1713518996-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 19 Apr 2024 09:29:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: h2OOIwsb03VNIQQr302CQXQbKqvLVNkCu+zI9PhNAKkgDVtDRVaEeUYv7henAKv1tGWHwSx4EQxEelaxZx4Cpaio/7igHVUevEKhFiTY2MI51dvOa6xUFZNx9iPfdEXYJwQTVl8Jpk4YVauVdhkL1g==$KMpeYyUjERgYt6918RS21g==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ehd9Key%2Fa8OE%2FaTizVZpqNABGN%2B0Vvt7DBEaJPzdPiIeQBpgGzcMifQ6Fdkuo7yswDT0reT66mQq9ti2pnJx5O0F%2BveVphqx7Sq1U7MBnvP4ZrhUuLMkBYVcNalV%2BnoK6BRPC%2BDtluohOVw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876bdf833a34b523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/api
File typeHTML document, ASCII text, with very long lines (14425), with no line terminators Hash552f54be652a7e1a6216d757d4574ebc 4d11d94d5d0817b5141ebf5bf32a0916139b542f f8426d6c20302f78cf41780d646cffe674aad4d8cd533d936ed43172bdb6e5b4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 19 Apr 2024 09:29:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ET5JWa3xapDo8hodRKDlVkBGXf+ydr9KxcglzHDTS1mmD9lXNHdQV8ffd/j/hlJ4WGm0ZmAITTznW0ZVhRlVPX6ht9PPJKnvBbCqELd5Qcg6zrtcgeATLOksp7osTmRoQlA7a7RgmQRQm/NeveuCfg==$2OUqRdjPZG+fcpKBGpTn7A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L7keR9CxBUKrzxJhgC1JfOJNpHHCpmDUbVwcU1m7Q6ViqziSwEHrm7BOhLq6UII%2BgFlAnfypiyokDQXluiKOb6uyHhg1UWcLAvk19mR5bSkwt050IScAwM7nm%2FgYKlrD2gAkaiNAoVWesEo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876bdf83a968b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1631043535:1713515315:PCbw7jaiDcQHqxvrxP8nFh5q-7IC4dPHv2jmu0cCZ2M/876bdf818f53b4f7/5852a93464d8958 | 172.67.147.169 | | 12 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1631043535:1713515315:PCbw7jaiDcQHqxvrxP8nFh5q-7IC4dPHv2jmu0cCZ2M/876bdf818f53b4f7/5852a93464d8958 IP172.67.147.169:0
File typeASCII text, with very long lines (16076), with no line terminators Hash0261c41a0c7aa6df478e40aa28732652 33dde965c8e83b0c7418748a71aacdb807340978 7b4ca5fc48d95dacdf02a72a361c17e5a4ad3582715821d07b6727e3d7aa1583
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1631043535:1713515315:PCbw7jaiDcQHqxvrxP8nFh5q-7IC4dPHv2jmu0cCZ2M/876bdf818f53b4f7/5852a93464d8958 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 5852a93464d8958
Content-Length: 1861
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:29:57 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: ql33knbyXV/a3ZGsLGe2lBq1yI7odLUQMxRSCE2+7E+34p3FpaL1XhNo34NhLMxM$ltCsfHIwCF9aVLpCR8sp5Q==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2Fn80kU%2BnCj5CWCgFWwSALLwSrCYyAfhFgPTR%2FhbV0AB2OFT00b%2BsuVdxR6hTHfZVWBFjeemq9cgGwXZwu6s6F7GKpYpgYfAg3x%2FlYhh8wz2crtMWz5mjNlgjtry%2FYmFsh56BVUgQFC1Wx4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 876bdf84886b1bfe-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5y47j/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5y47j/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash06fc258d53a45efea6ca9dcc54487437 f68adaf4098490a4182b2d83d23ca8bfd7a7b343 43d99578661b3b28ebdf780cbcb828c4a426ce033729b9f92d0e37580d1b878f
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5y47j/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 09:29:57 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-resource-policy: cross-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
origin-agent-cluster: ?1
vary: accept-encoding
server: cloudflare
cf-ray: 876bdf856a8e56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=lmgW1&render=explicit | 104.17.2.184 | | 162 kB |
URL challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=lmgW1&render=explicit IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (42414) Size162 kB (161997 bytes) Hash374fec8b5e50cd6ab980f3fef21a5aa0 7f474607991a19b6f1b78cc32e0f75b501b60774 8af2da74872f03e058ab79a584176d2086afc01bbd42dd2ed14259179341be6a
GET /turnstile/v0/g/54ea73d52131/api.js?onload=lmgW1&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 09:29:57 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 876bdf83fba1b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/876bdf856a8e56ca/1713518997771/MEp3goA0-Ta32tM | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/876bdf856a8e56ca/1713518997771/MEp3goA0-Ta32tM IP104.17.2.184:0
File typePNG image data, 71 x 38, 8-bit/color RGB, non-interlaced Hash0cabe43c1c4e126e885ffaeeb2ad52ce 21ee82dac9d40243a6790272b599d4f7ff88edff b50cd6176f2cd1cd583016b1e8b71f7b9a8e510c4798a9835c687d384b722a16
GET /cdn-cgi/challenge-platform/h/g/i/876bdf856a8e56ca/1713518997771/MEp3goA0-Ta32tM HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5y47j/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 09:29:59 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 876bdf918d5356ca-OSL
alt-svc: h3=":443"; ma=86400
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1631043535:1713515315:PCbw7jaiDcQHqxvrxP8nFh5q-7IC4dPHv2jmu0cCZ2M/876bdf818f53b4f7/5852a93464d8958 | 172.67.147.169 | | 1.8 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1631043535:1713515315:PCbw7jaiDcQHqxvrxP8nFh5q-7IC4dPHv2jmu0cCZ2M/876bdf818f53b4f7/5852a93464d8958 IP172.67.147.169:0
File typeASCII text, with very long lines (2332), with no line terminators Hash2f007480adf9ac0ed7b2237db22378ea 2832d98ca50fe74f424889b5c243201b4ea000c3 7bc84d3ac926e26cb76752816459b223890f45d42795fe5b59d0735640393341
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1631043535:1713515315:PCbw7jaiDcQHqxvrxP8nFh5q-7IC4dPHv2jmu0cCZ2M/876bdf818f53b4f7/5852a93464d8958 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 5852a93464d8958
Content-Length: 2554
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:30:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: VVsi+yEV5iPUnhX12KbuWHplUsDFTQk6z5yzbA2uEoxbQQiiiAJCmrR1S7nptTVnfC0MlNHq+/V4YUDF9LH2t0VpaAMmqysejjYIL0i51Dc=$uuDZ+hgR4lVs67mTzaEvgQ==
cf-chl-out: oYbU+ExVybKjjh6vS34gO4UQI2XSifgbwQu1xfGl/GqkB2n3+OGPf5wgcqK5W4VEff7vLK0S31s5vGI+7rMYnVkuqjTCz9ltqa6LBE5AuAg=$S3uxlTEYKaz7yFwpQqLFjQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2B9tuuyK7TbGq6Gh8KIXlmLt7L9XjvQ6fU%2BkxAors0n1K7%2BdZDtDUNBH6%2F3I74xR5jSKW2rWkqW7rHQv3YTcxHuXzSiK4Sts4SbL6wJZ8UEjp2mToc4bzAN3%2Boc8UwX1uA0xFsaZu%2BK0IwA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 876bdfbc8e7b1bfe-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/api | 172.67.147.169 | 200 OK | 5.9 kB |
URL User Request POST HTTP/1.1demonstationfukewko.shop/api IP172.67.147.169:80
File typeHTML document, ASCII text, with very long lines (14411), with no line terminators Hashf67e159fa41c4236e85ef52542379b3b c63780d4059fd07ae256d184272b6653d9af98ee 6c08eea2b756393a1627ce526c7e002fda0409a6bc3e174f7bae381ca6643ba5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /api HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 19 Apr 2024 09:30:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: DwePXVgXA9ikjHl/eW4qcQYhm6nL0DYdgUr4DFSJaxnDZEbfrVw+mMMKCGUSVooilPlXAj4497Xx+IySMpE/2mf+rcKcVy+e3gq/r9YiPAGiUaXTTAX8j4Q0nPGEPZNpidAqsRnzIE+QoGb3wmpIIw==$tNl6D3z02Wzaar8Zx7cvTw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8cEUGBRobaDmo8H18V3HmkSxc5AEFkElnbegJeZoIobltDhwVev56sx4x1NWQgu%2BBGZ3%2BCkrt00FLRU%2F6%2F1TRK3C4UCSUpDNfr2AlIles2i%2Fb7b1TWt3tHAtiWSy58MwdcKBIu4lEj76RI8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876bdfc95e3b1bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=876bdfc95e3b1bfe | 172.67.147.169 | | 112 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=876bdfc95e3b1bfe IP172.67.147.169:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111769 bytes) Hash3b1bb32da27bb29a84c8e254598af8e6 43a7a4f284110d0de0e0aa7f3c2e72a02abab1d3 cdf692937f418b5aaac0d4e7c737eebfe91ac30e4233c353ed266d220ce0d0be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=876bdfc95e3b1bfe HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api?__cf_chl_rt_tk=_295KK7aQZlchvk7mbz3gzRzFDv6qAp5382D3WiL5eg-1713519008-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:30:08 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gvh%2Bvng%2B4MfRl5f%2B43Kvp%2Fn6OHChyRjaAnMbF9%2FI0CTX3F9Bcttch0emMmyxnO4QT753EBXx%2Fki1Ya90C%2BatOD2p90s2TgN7GKW%2FbBTraPLPnhEiZEgtRDNM47E17B8bF8cKmuaXLAhgBFg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 876bdfc9a84a1c06-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 6.0 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/api
File typeHTML document, ASCII text, with very long lines (14532), with no line terminators Hash8ffc4c4e3b67b2ac0ce9718c3b53a24e 8d6abf54d4d2dce14fe8f0c44ff1357782c98aa0 c176465924fe08ed255836b6898009580862f0acb656e5ecc1fe46ae624a69f7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api?__cf_chl_rt_tk=_295KK7aQZlchvk7mbz3gzRzFDv6qAp5382D3WiL5eg-1713519008-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 19 Apr 2024 09:30:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: VsOFx7O5azfRzLYhVh/gVbeV7FkagpdMCfy8YQy7aSbe41a3hQ7rPY1zzUbqFD2mMV8gJL6w7cCJrE8GotNjBKkBD3pCeaIZACmycyhGq1eV2yVkzicAFaPUf8d3SOKf1into5rpNZlSSSJdIw/kgA==$ISese0ifohw0iGvvw7JdFg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RtZYejcQkwu%2FvBjawfQUlol7lrtRR0KdITj6JEWx8LzYmq%2FmT%2BUQ8IDpIvJq75drxn5nCeprn0C5sqm7E77bE6%2FFEa7Svl7JK7i4qDRvq7rpr%2FP7dYKBhZaVlJWr714E04%2FD4UYpKlo4Fnk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876bdfc9f88d1c06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/api
File typeHTML document, ASCII text, with very long lines (14447), with no line terminators Hash83f3153a65a57a634fdec51efe2f51fe 35795946b95827c3d63460fb42463e163971b39e 76df994ee3d5268d6f24ca68fe91862579b9e13c1c44cdf11dd251b8ef2f578a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 19 Apr 2024 09:30:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: NRRDND9tIau/wqMyIexDWjXosLpLTfrudzXmfS1Opq4njrQUbQNFQ1TC4HXKQ9AbihKPzVo+d06BCx903Jpd04nbEZkiiLxvnBBEDlEQEqmninVdT0D66iwVfFQspinCzZx3MgobNrQNWZcSS5iwzA==$JvCQhWNCSSaa7PRKwHf7uw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RGvlhIaesBA2nm%2BSERC%2FF3Q1nMpLmIK3Rfebq7Uz8dsksbz5Sg5ci7r4AOH%2FZk2WKMLyfSQEPaIpcM%2BN9GovJkpLLNQaLXOzppkfP9Ojz%2BafXTLe5%2F14Ym4Ia658U33JD0ROr%2B%2B9kibFVk8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876bdfca3beab4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/468843788:1713515214:UJw840tBFZYZhrHPTZ0dzLmPm2NYvurCWRNXlY28ebI/876bdfc95e3b1bfe/6d4fb7ce87e1605 | 172.67.147.169 | | 12 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/468843788:1713515214:UJw840tBFZYZhrHPTZ0dzLmPm2NYvurCWRNXlY28ebI/876bdfc95e3b1bfe/6d4fb7ce87e1605 IP172.67.147.169:0
File typeASCII text, with very long lines (16076), with no line terminators Hash117d411caafdbddb7c0431acbb119657 f30cff50345883d19de6f436e3e21d8afd16b5cd d3801d81ef6579b6f6084799ed7b18bad3c676f1d9a0b023deb91b744eadb6dd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/468843788:1713515214:UJw840tBFZYZhrHPTZ0dzLmPm2NYvurCWRNXlY28ebI/876bdfc95e3b1bfe/6d4fb7ce87e1605 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 6d4fb7ce87e1605
Content-Length: 1872
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:30:08 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: V4WIfAB1RgGhIzdFRpHcUxemr7sRA/UGtEcWGO6huuSNmbrChkZ071iuJlanhnq3$UTvfMyYO36HZDgT1UInWPg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBbI2AthDf7Bc5fc7eBKU61cWpiMPIlpTjGlYEvaKCGZPxIKRnVIrs67WG4vlgNsadEjdcJGo1V2nYQz%2F6FXp3jK4dmPabQt6KgU7VbNgEU11PqjVqGfuubXERxTWffm0%2B8yxSh2NDvd6uk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 876bdfcb0a371c0e-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/39838982:1713515444:NJC4yEeJziOxiA3aMbO9iu0QhE7pV9kp6T_Lyn46PZ8/876bdf856a8e56ca/00148aa482154f7 | 104.17.2.184 | | 982 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/39838982:1713515444:NJC4yEeJziOxiA3aMbO9iu0QhE7pV9kp6T_Lyn46PZ8/876bdf856a8e56ca/00148aa482154f7 IP104.17.2.184:0
File typeASCII text, with very long lines (960), with no line terminators Hash5b2da8131f2982a3d22bc56b6b378963 a7525b4d01a8831118a511a8bcce878eaa3e4075 6edb21eb5d5ebc508b5cd12d2d50aa19f83cfa452d2e67fd960e7bce72370f1a
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/39838982:1713515444:NJC4yEeJziOxiA3aMbO9iu0QhE7pV9kp6T_Lyn46PZ8/876bdf856a8e56ca/00148aa482154f7 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/5y47j/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 00148aa482154f7
Content-Length: 38660
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 09:30:06 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: hMQ0dQM+H21aUH0301IJmzbUGlPzlvZY+MnSYjx3I3drry3a/5E3KNiRVsLWUW4Bc/cQSCStFmS9N74DpPsecloHNfBbXU8wLj62BljQFo/5OmVQZxk09p5gcNmJW/ZfqMVzPJ05MyoSKg2z9C7AYg==$WByrh2V+0cUqxe/hpcR5ng==
cf-chl-out: Syg1WOs+cYCGlbBivnlfjP1cfR7wh6k5waGRD2u1pODkEwDXNkwChwOP+FJJXHzdBggm40oRmDNXavGuSttLh2HMbsTZfIZazw/5vrG8F7I=$Eu9YaK6K/cSqjxUF8sEGlQ==
vary: accept-encoding
server: cloudflare
cf-ray: 876bdfbc0e9856ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/876bdfcbcce056ca/1713519009022/qnMsHZUrds_0ESu | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/876bdfcbcce056ca/1713519009022/qnMsHZUrds_0ESu IP104.17.2.184:0
File typePNG image data, 74 x 81, 8-bit/color RGB, non-interlaced Hash987a8fd1931865bc14e644c336547de5 31e4027bf8abdce7253ed14d078aef80ea3a793f 875d77afe218dd28e1de84baa23339742e82c0952581724c5cac5f343d9bd8c1
GET /cdn-cgi/challenge-platform/h/g/i/876bdfcbcce056ca/1713519009022/qnMsHZUrds_0ESu HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/skkt8/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 09:30:10 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 876bdfd56d7956ca-OSL
alt-svc: h3=":443"; ma=86400
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/468843788:1713515214:UJw840tBFZYZhrHPTZ0dzLmPm2NYvurCWRNXlY28ebI/876bdfc95e3b1bfe/6d4fb7ce87e1605 | 172.67.147.169 | | 2.5 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/468843788:1713515214:UJw840tBFZYZhrHPTZ0dzLmPm2NYvurCWRNXlY28ebI/876bdfc95e3b1bfe/6d4fb7ce87e1605 IP172.67.147.169:0
File typeASCII text, with very long lines (3240), with no line terminators Hashc0e4c0cefa01f95e42f64ca5dd6f241f e506fb94779132152b454a1fe7d24289d2016285 66a81072012740f75e0d1d0e499daa223d81b76cd2ded0cfd143fc563f621e54
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/468843788:1713515214:UJw840tBFZYZhrHPTZ0dzLmPm2NYvurCWRNXlY28ebI/876bdfc95e3b1bfe/6d4fb7ce87e1605 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 6d4fb7ce87e1605
Content-Length: 3341
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:30:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: gxMzqneMtZbtdVRE04RThpgFKreVkHy2HpHyaHF0sgFHpW7GHb1PsQlk4EP0aNPpGn4VFnJGOhtYkkPkoPwaBgRqO2jSwQQXawToxv6y4to+MjN5OoXxGA9xVV2WaSll$AlV1kHDoY/tly9kKo8WlSg==
cf-chl-out-s: eOhiRZyq9O2oPX7CZBU5eUBT+twr0Jro8roXUrHLK214y94jI1sZnBvTJ3Ox++tTtPkI8jBYPChtwFuv6DrrxnQgiss54WbWxrbrB0tJ/PRGmk0jzRgOCJFV510zo34g8PtK84jmyFeNuXFrHcNHGPcMEFDFGIq2wGQ7GlAfPcXfmRa9BF6bg7W4fO1h2r0uoE3dm/jPGhOGXt8vaFW/U/rDDwoGPcw+iWa0sroX6ECMp5yT3sGTDk6Dw1SYUs/EPyK7td8yBoUXSk3LGjhHU+g3jqnsS+wcI4uSLTTQDWt+T0JwcEPrJG6CM5NVJbtDyjQr3VSrvGX1dAWE5NT21hsZ9KyQceNZT5CyOEW6hO7WZLYK+/4ZyPievAvVuO+bVD+wP6ibOd4O1VXkndvHsJZU7fZzMVS8nXmP2Mkyqe1ljdGqp58RYjmFaRgToKYjXKweN65H5z33fIqIfiHrmQ==$oZ4OS+4Cj6/7QAC8EELSKA==
set-cookie: cf_chl_rc_i=;Expires=Thu, 18 Apr 2024 09:30:16 GMT;SameSite=Strict
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BwcxRp0Q932yEpgSLLRURvBOFPLmUcL68curuA35GmuiIiC98POq9pHsY51b7f6LIgf1BOgEOb%2BUoyb7onB8ABGQxzeClp3C6oBYATw85eOLjbk4eJPuuhFIyeaTN0Oh1G%2FA2FEyJY6B%2BRA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 876bdffc0aa51c0e-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/api | 172.67.147.169 | 200 OK | 36 B |
URL User Request POST HTTP/1.1demonstationfukewko.shop/api IP172.67.147.169:80
File typeASCII text, with no line terminators Hashf7f65f8e1e7aac5fea69b0a756f7a0a6 0fd6949c452076605ecdf4c4a04112c72e044b45 c4f5d9c48b173615278f74c308c7b569085d7a8e658d8eb4310286b8d32a6153
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /api HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/api?__cf_chl_tk=_295KK7aQZlchvk7mbz3gzRzFDv6qAp5382D3WiL5eg-1713519008-0.0.1.1-1301
Content-Type: application/x-www-form-urlencoded
Content-Length: 2501
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 09:30:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=AH1R5aVW03c_1nm402YI_KU_5gP3K7F.dPAM_aBVNPc-1713519008-1.0.1.1-c38ggdDBOk_mjAj5fxmSLGOQd7e32QuulKTfb6CPw1osyHv8z8eJnPFi6WMYtVfBWxe8Ay5AzxTIdAMYlnwjQg; path=/; expires=Sat, 19-Apr-25 09:30:16 GMT; domain=.demonstationfukewko.shop; HttpOnly; SameSite=None
PHPSESSID=51clnugrmg8t21lg587vaigou5; expires=Tue, 13-Aug-2024 03:16:55 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ceG%2F6tSIRQVPT3SX72OcbzcZ4V3B0AbSAndhc%2BNNUsSH9CxN0fth03%2F%2Bo3%2FQYqBM%2BXZ%2F40lj%2FFe7Fgb7BBuQVqafK7e8VYE37M1nGW%2B1lLL1Ysfj3aQ0V4HS2BrRLCEQ%2Fo0JfKUaTtUn2k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 876bdffcdb471c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/api
File typeHTML document, ASCII text, with very long lines (14468), with no line terminators Hashad724c5526e34b5335f7da7e34d3c783 ae30ee912bc13490306ec4580be71cc2a8c0f2bc a25b1f87014c2445050c1ab6750de75160bb2d12e563bda1d6689fc1b1c890cf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://demonstationfukewko.shop/api
Cookie: PHPSESSID=51clnugrmg8t21lg587vaigou5
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 19 Apr 2024 09:30:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: OLv49kqgrI8C8TonVPMeX1lfXkIL5hGnUNBAJssWWaEp+sblFzOaHUuI1WGcSQbt8FJzLj8rBxXxc11NytaV2fdPiQaFI0kUk8MVDJIoAls8kDWY1aqLf7TegGdOz2KGZsclm4BRs214p4kaqAqwjA==$9DpwWu4Rpjjzz7THjMuf0A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HKseUtTEKKHqqVb6Sg5Gt9obUHjjQ5rhEQJqPoTJiyxq45mExEuc2246zVgqd6a3T3cKLELG2DOnI8EEuCwrWyyDqAAUqMH6fqVDmIWC5QeifUC3RrrH%2BPeIA0kO7TPxfFAJxyNrMtY3eTk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 876bdffdfcc31c0e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|