| holicisticscrarws.shop/api2 | 172.67.183.72 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1holicisticscrarws.shop/api2 IP172.67.183.72:80
File typeHTML document, ASCII text, with very long lines (14165), with no line terminators Hashe261c09ce3f0e26fba7c58d1b291194d 6a8381c0e9f68e67f7ac29b546debba2cd3959b2 4654c1aa08fcaa30bf8103b2983c193c2b4f48d3fb8d66d73e2909906b940a78
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /api2 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:12:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: IsuHI/QDEOW0zIAB9mBYkdo54/QA9rmouy64jeHK/Kaik0VUPZW/aTl7EKf1U+guGTfj8F72sMEWgxbxWFVCZGfNIHbMq1wthurBYsQiFzyvt3QXIyKwAPkuOmmdbV9JRpEzvRarcyVy/4+zHj8TAA==$c7gApo4GzgHe1c/ZXv5ydg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvA4mHILb4XRpZBNU%2F2w3D7PjT623S6QEnU3%2BWxtO4vS9JUm%2B13AmtPpqeDFLM0CZ2T510uZ6AH8FXp6GQ8L%2F%2BkYAnBQm2YSb3Mm9SpY92jGain2YuVDgOUpHjjhwlJeLwSFcVGom9SR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88181f90bc9756b7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=88181f90bc9756b7 | 104.21.40.92 | | 110 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=88181f90bc9756b7 IP104.21.40.92:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size110 kB (109931 bytes) Hash0008f5c1a29b21182a2ddc1801c1646d 260b3e1084362c3ef833959d19843cae1b0a1bd8 efec1b303e338b270e49af2318c45a9c98fd89044a0a6f0ed73243cac1ef41dd
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=88181f90bc9756b7 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2?__cf_chl_rt_tk=RJ35omeAr72ts6AWvvcOW2ojt9ZO4sar4PAfxdP7BgQ-1715325171-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:12:51 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqyKZB%2F3sN7Sbb6N332jabNUs7Q7epLeIe12m4IP8cKUutwNOHAGVuPrZ5gbW2MU87zPSs6GRc0Tdc%2FumdItCbusEDfa93mHrp3W40V88HcUCw3Zji3w3lCbzwBtDUPOwl%2B%2FtGx%2FscLn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88181f92ddf3b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 104.21.40.92 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeHTML document, ASCII text, with very long lines (14258), with no line terminators Hash8a092e78e652b44c0f18b156f6fb0e20 03f31df1acea91bd132f42b8408a2feda833cde2 11cfe7c7ddf5d770455dee59da39f80eb1b382c19a84a82da492d46becc2df56
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2?__cf_chl_rt_tk=RJ35omeAr72ts6AWvvcOW2ojt9ZO4sar4PAfxdP7BgQ-1715325171-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:12:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: bV9wLPBeWD2PCTvY/E5EOBdQ9yEh9RrYv85LV0cCcdaQrTIvpqC1eLSr2rWGTNTvk5bjJtjdzqtU0GgobOZj51KsfXWJSxpLQiQykxlfbwvXmuqtAU6Y6Er/1jMP1jyhK7fn+CtKs0A8Unjj5Fy14A==$HsV6DTNoRN1RQjIhvA5I1Q==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IoOH%2By14mONAH6n4awZygWZy2Z6HQv%2Fbz37YGjgDmulKJcvPGlm5xxSKpi4g%2BKSWp69fAhRD%2BHpW52IdVKPAQXJ3eHtwP0TKa6iokJikLM%2BVZdqNwToMH6MzbzYyC%2BdJPm4U5079l4Rc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88181f931e6ab509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 104.21.40.92 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeHTML document, ASCII text, with very long lines (14172), with no line terminators Hash1d738075a3852987a51abfc0acb81573 acfa29dbd3f66ca6495cbafc889163f7262a5149 6c961b1c109c5d0fd878f2984e2e36f6bb6ef7e718e1ec841929b232cc7c6212
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:12:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: YIBMYEdg1Dy+1ZVzIP6Xirr24kx3AMChEaxSfjFmFUDWaiqEX73GRoxCDqAxx2qLDqpna7ZFsg6we+1yu+hXvHYEHKydY0eSddO3yUlYKpYPqYiaLnjnUzsRlzfrdIeKKnvGPUAmK5NW9gN2gMRRjg==$i5IoGzr3a9TFpv7Nm9tViA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EU5B0XNXInPO6q5qlsG85CbKLR5huxy%2FT9QpS22D6HoyvdEIDKtI7N0a9LxqryuusOsMAjx%2F7zIeO30c1N9H0FEBh6xDPwmrlQ4RLhrnYG4pMvjWHFy4YPbo8stMPsXopL9jM5M7UtIm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88181f93abe6b50b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/457388802:1715321504:tJt6evIvfemP1UbgjO5hZMkma8FtFbZG7FNm-0atOkI/88181f90bc9756b7/bc0ca5141a023ca | 104.21.40.92 | | 12 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/457388802:1715321504:tJt6evIvfemP1UbgjO5hZMkma8FtFbZG7FNm-0atOkI/88181f90bc9756b7/bc0ca5141a023ca IP104.21.40.92:0
File typeASCII text, with very long lines (16424), with no line terminators Hash9606055f2b0e01de12eeb4d6e4177c5d 57aa11f11cebc62b9c2763f285a78016fe7cdb57 cd3d6720048795ce4c9d0126161053846e83a7626be3d913a18e1c4d6dde5cf8
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/457388802:1715321504:tJt6evIvfemP1UbgjO5hZMkma8FtFbZG7FNm-0atOkI/88181f90bc9756b7/bc0ca5141a023ca HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2
Content-type: application/x-www-form-urlencoded
CF-Challenge: bc0ca5141a023ca
Content-Length: 1849
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:12:52 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: pZzA5X+dIlNdS93/fVuu+kiAqiWEWClUeWbEOST/cjwX2ZF60mUuq/vwDkBoHSQS$1i4lqNY+xSdWL17/lHJslQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6To8t3GsM28yyRuQ7zbrUt45Ha6hajoKEOgf0qI9O4VQrGjiF%2FEcFostigCJhoJWvZ6pLk4IK0enpedWu4BA5iF%2FGFMMVP4%2F1Ua3BvdubBIH6aoVTnneGSXg%2Bbh%2BhYakgZAzyJCoMwkp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88181f94bd29b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gk4kz/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:12:52 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 88181f96ccd0b51d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1217203336:1715321742:kF9yGRHvYHyc9-EOUQvCyzIEGa0uvSAMYJceEpT-8pw/88181f95fb78b51d/2f1c8b78ad3136c | 104.17.3.184 | | 91 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1217203336:1715321742:kF9yGRHvYHyc9-EOUQvCyzIEGa0uvSAMYJceEpT-8pw/88181f95fb78b51d/2f1c8b78ad3136c IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashe944dc5d37c762b2af44ee6542df4138 aeadccd872f5f92e471ea2069686b984b7406ba6 ff050041a2d5ea203cd4a74936c4ecec39016b240d3c7765bcc3826928e24e19
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1217203336:1715321742:kF9yGRHvYHyc9-EOUQvCyzIEGa0uvSAMYJceEpT-8pw/88181f95fb78b51d/2f1c8b78ad3136c HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gk4kz/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 2f1c8b78ad3136c
Content-Length: 3544
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:12:52 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 3rol7Bvo0hyRxeOdFv3P3nSs3du6Mpf3V/5u22WpGbNYID0x3m+H/+OuFh5jvk00L28LNZEQ9pChTAzu0W4kNsXd7aVwujNej95esMMbd2wuZZPpAUGPvpuE+8Uht2buX3lxP3H46+pRl0kJwiXqe5HFd68g8V/9EjCYHtHyrA/XqpvP4vWe5a6BwaGnWt/snwLOVLwI3cst2G/1moyBEZkYMZrxBIegr0021IW2FSeF/WB8Dkjld86KxJKWQQ6PvL+Nsq+D0lwQ59h/L/+Wcg4X8//K8Y3CAr21x17i9zF+nWO/Ge0q0CEzneUAUGYXDWshBay3rg8CZCVEwjl4hqHcNYTZcynkUfwyBVyA7ncZJacc5YwH8OgMxPNmShZMFQMeFAf/FU2qehlQ7GQH6eJWZcChIUtrSPNQtYVcrH8hw+6kKtABxckPdtcen6D5$UxUUXSDVj5wnGbWVfi7Stw==
server: cloudflare
cf-ray: 88181f989ff8b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88181f95fb78b51d/1715325172601/rSrlKtWyZZoA-tp | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88181f95fb78b51d/1715325172601/rSrlKtWyZZoA-tp IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 73 x 4, 8-bit/color RGB, non-interlaced Hash94cbf508b3053c543923965333010482 ffb6411bfe77897bcd963cc1fc7e3d8ad496d298 e1f32b7effb90f58619ea3f43a9152e52236513a016ee87c5c253fd51db9bd02
GET /cdn-cgi/challenge-platform/h/g/i/88181f95fb78b51d/1715325172601/rSrlKtWyZZoA-tp HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gk4kz/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:12:56 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 88181fb13aa7b51d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/457388802:1715321504:tJt6evIvfemP1UbgjO5hZMkma8FtFbZG7FNm-0atOkI/88181f90bc9756b7/bc0ca5141a023ca | 104.21.40.92 | | 2.4 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/457388802:1715321504:tJt6evIvfemP1UbgjO5hZMkma8FtFbZG7FNm-0atOkI/88181f90bc9756b7/bc0ca5141a023ca IP104.21.40.92:0
File typeASCII text, with very long lines (3048), with no line terminators Hash450010e3c821f70af42c4bdcf77b7ab8 57669af65b6cd0340d3e7518b0c91605a2395ff2 24cc702adc5778be7d2690b539bcd9f79e2b179dc4b6fb4a650b96df4715c5e2
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/457388802:1715321504:tJt6evIvfemP1UbgjO5hZMkma8FtFbZG7FNm-0atOkI/88181f90bc9756b7/bc0ca5141a023ca HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2
Content-type: application/x-www-form-urlencoded
CF-Challenge: bc0ca5141a023ca
Content-Length: 2526
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:13:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: CeIkE1v1SznFQwV5OD/1blFt+Af5raIWMU6NdMNb65eOf7cxUGzfIgpQ8k1a8XZN9sSMR2XAVU6R5SQ+4OBTMdwE1WgeNfmaJiLUQywS/NU=$NzYwvXDjo/a2jy/wUCWqtA==
cf-chl-out-s: Qcwvtc0OS01gEh+4tqflNQ==$g1sYouKeWeANWJWxKb2Oxw==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XgePZwM6%2Fc%2BEMMAxXvF0D%2ByG9lnIEhp%2B88fV%2BXSEq4mZLBTOb%2Bq6q%2BXrCyCsYvvv9uYl63eLIRBpiPLxjxwno6daHy6WBcVHu6wTo%2Fr5O2kg3JM7SVpd5z4SaOCsqpQ4E9e61a0KYkeP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88181fdaa890b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/api2 | 104.21.40.92 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1holicisticscrarws.shop/api2 IP104.21.40.92:80
File typeHTML document, ASCII text, with very long lines (14186), with no line terminators Hashab2a2510adfa61b1cff96bad45039461 7b7431332f158d3ccb8d41b61e2110bb90d23539 db2aec5acf601a96fed120091f081248e9d1131f488b379198886c9c7a6f5798
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /api2 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:13:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 4w6qcFIhKBWJsPWToSgBHH5tGzsFtveElaHzpSOsCgKGE0bFKZGS1AUJ7hVqwlVwGGipnhKNMOZMQDl+5NBpPtxUQVFRbunOh+l/I+jf9LM+doJDCWFIOtuXIc4yXV6DCtJjkhf9VsuCGMpndn4cdw==$2N2VzveLLZ2m2LCvuKZUDQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bs%2BM8pyZ0rNvb1XgBG2108lo0JcWjdotdq7N1%2BVExzvkuMp8OiuUGD6%2F0AIVnZqlWLuznQzWIh3VWE2e0vtZW8lspgAKtTf8BdAfwmtHzgobxobnw5NES%2BRK1DJqGNmsngoY9rtUSkDv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88181fe78dc6b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=88181fe78dc6b51e | 104.21.40.92 | 200 OK | 112 kB |
URL GET HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=88181fe78dc6b51e IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111946 bytes) Hash93ed491f579af721c67a9d95d3e23f87 95872fcd1347b92e0dcde2ca47ef7e9b41f1b75e a0bc242e4cb0aa65a32fc22b83dbadf81638bab05d733ce913da3108e85150e5
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=88181fe78dc6b51e HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2?__cf_chl_rt_tk=m7TPml_yS4UGn49shVnk_ZmJM_sCJzPVC7642g5yNAE-1715325185-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:13:05 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7wF4sB48zG5gkyQS0BGyRsuN1Ov2BWpMInxHpr4VZi%2B8ix%2Fg06QUgw15DooZmN9TMgglQsKRp0XbQQ0a0hSdCAPBSDZjI3RoxsDNoLhqIchdqFmZOpRKmY%2F5aCmo6U9ZH%2FB79JUcuoLn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88181fe7db300b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 104.21.40.92 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeHTML document, ASCII text, with very long lines (14279), with no line terminators Hash9c1d6c84f4062ab4dc041fc0cc6d0b53 bbbf2e3f668a9aad5bcf48ddc6d22340d74f0746 6de6711273e16bb38ec580b39a728d8cadf85c61de34919636d56488c3b3d26f
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2?__cf_chl_rt_tk=m7TPml_yS4UGn49shVnk_ZmJM_sCJzPVC7642g5yNAE-1715325185-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:13:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: kAixR7nYXXEi4IUFVqRp1lUNEPVQsxI0F2355DSiYNlYGHVVn3nmHQXGUQvlE8eERvLyjCBYWabia1VyH39wsaD8HBnAyyPyEdzDCjUTObHZmEK87bWjp7IeZw3TUz0HzRCjDl+wwEEtAzvW/kVaZw==$fqI19DckJnOmZEzSGT81hw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ow7SyAZD3EaFNQX%2BjVIzcjYcOyph4GuTRdW6KFTzdbFtwG4Ik%2BeODJ6cZq7hp9hiYuGhQwYUvM229siz8srFOyf2bos1tAzS6PZHSHHuQgy5p1XFMkJEXGw7nE90FagY6pYSV9s%2Fdkj%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88181fe83b9f0b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 104.21.40.92 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeHTML document, ASCII text, with very long lines (14194), with no line terminators Hash1b163271684624eba34e93ea49eeb1ca d047161329a8097d9d227986075ff621b04d0fce d5a80a6d31fbfa70ffe8790637aa1e8d295a0aaafb8c5358bcb8d0def29670d4
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 07:13:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: xyz3whxLnufYPpET64770mF40E0HoJeMd/asdSJOzvwRARH71/gT3+304+b9MOq5WT73faTiLDzRRCWTvj8uY5ZaEj1eFLEFTnR4zolWN/ygaBJxFf8XX3m2lqYIbrco0Ol4nddI8Qfs3QB9H8OToQ==$KtTH5IKkTB0ChxyO4jx2fg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yRWQaQMovRGKB1qJCTFI4xB3TJDxf7lNqeqljen%2ByaJpTmblkoQA5K4qq7foofbMzLcEwu6wCA2G9unNk6%2BWYJYatDfMp%2FOy6gLyROmwE7knuVkShib4sUo%2FwS4SKsaY%2FnNSHQllSufJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88181fe899385687-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/88181fe78dc6b51e/0d1e6ef4e227bfd | 104.21.40.92 | 200 OK | 12 kB |
URL POST HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/88181fe78dc6b51e/0d1e6ef4e227bfd IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeASCII text, with very long lines (16428), with no line terminators Hash19f2a76d7d322e4a3d547e811987da8c ce41de638a2f2baa6deed8143b404a067e1e8617 4b78577ed34eccc086943124fce52d890da6876f493282f21dd7fc8f39320f98
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/88181fe78dc6b51e/0d1e6ef4e227bfd HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2
Content-type: application/x-www-form-urlencoded
CF-Challenge: 0d1e6ef4e227bfd
Content-Length: 1839
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:13:05 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: fuqiO0XD6nPFHoYO6YPmnjKq3Lwc1kQuLnPnJOiYH+GtN2jIXM+9Z4+TKTMdXjp7$Ul3kYAC+59kcjIOBsYNc7A==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=St9As4WTOJgNZqhWtCuoLro2RnDzKB1UQAcSX%2BYmsHMK1BM3r42swoiLtWWLc88pSTGiFDjMC4AoR2icDWUkGAmg2g4EfOd3IV7JCZejPoKCvo6Yc5V96sdF%2Ffs62wvKZTds0gxNqM%2Fp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88181fe97b3a56c9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 18 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://holicisticscrarws.shop/api2 CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (42150) Hash906eea213f5846545f8d2b32b9b0ff4a ad06462f2b5b6441005946d42eb254a6f06b2c29 0224132a10402f08202244bcda150ec51d99fa4dc5aa0ae85d5bd95de50f80d8
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:13:05 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
referrer-policy: same-origin
server: cloudflare
cf-ray: 88181feabc27b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88181feabc27b51d/1715325186156/bK_IXpVWN1NW3ew | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/88181feabc27b51d/1715325186156/bK_IXpVWN1NW3ew IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 62 x 85, 8-bit/color RGB, non-interlaced Hashe81be32805e989f2d0c0ee681065be9d 382ab5819c51b512e44481d6fabc53d1d326ec95 b06a4d213d8a9c113bb5836e5d032489ff2abdb19d8c28f084d94d9c16a30176
GET /cdn-cgi/challenge-platform/h/g/i/88181feabc27b51d/1715325186156/bK_IXpVWN1NW3ew HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:13:07 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 88181ff4bef5b51d-OSL
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/88181fe78dc6b51e/0d1e6ef4e227bfd | 104.21.40.92 | 200 OK | 3.0 kB |
URL POST HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/88181fe78dc6b51e/0d1e6ef4e227bfd IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeASCII text, with very long lines (3980), with no line terminators Hasha3026ba748e872bb1115558de1670127 9d6dc2ea7297e55de3d886215bbea1e1aef1cce0 9cb3c5b13e22383b27b0f983a149942b2d3c5cc501186db91fc60a3bc6e6acaf
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/627704437:1715321573:cQOWHeCnwH5N9wjaJsrsZJZ6xeg2AXJwvRYAaGlhN64/88181fe78dc6b51e/0d1e6ef4e227bfd HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2
Content-type: application/x-www-form-urlencoded
CF-Challenge: 0d1e6ef4e227bfd
Content-Length: 3272
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:13:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: VubvM7MYeTwaiDkY5TpACsK0QjVrRkkpAexXNUdF2Fx4igEv0XS76xzT2+91Fg+DytcLDU3UziLeEc6hTwrScdRDVgGBBkiNQFS5OfyZOmoVVU/fa9SHzcFmihQupwPB$7iMTl0j1k1n/kfw4dTdFKw==
cf-chl-out-s: mC5JEdZr323zsZWseJdObA==$antcuJucrOqn3/ioolGp8A==
set-cookie: cf_chl_rc_i=;Expires=Thu, 09 May 2024 07:13:15 GMT;SameSite=Strict
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=98U0upD0jIfxAKcnNA%2B08Yrc%2F03RvpFlZbgD3m8GTPD%2BNaqESuK8z7iUSihksGMdLu%2B%2FYik%2BXcTErJXEExzPBRYs0CK8x%2BK8u4AiheEAnvA0BOZtUYtlCkNjN7Xr%2BL4Nn2qBbm1lwjs%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8818202468ae56c9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/api2 | 104.21.40.92 | 403 Forbidden | 1.0 kB |
URL User Request GET HTTP/1.1holicisticscrarws.shop/api2 IP104.21.40.92:80
File typeHTML document, Unicode text, UTF-8 text, with very long lines (416), with CRLF, LF line terminators Hash7918a2bcb5972fb9180547ebfa69bdf0 e903f27fd09e492fd214f1cfc73bea1f6a262c90 797e5cddce578311bdfbc496be17620fb8630210396c8839a3385c8512194450
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /api2 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/api2?__cf_chl_tk=m7TPml_yS4UGn49shVnk_ZmJM_sCJzPVC7642g5yNAE-1715325185-0.0.1.1-1301
Content-Type: application/x-www-form-urlencoded
Content-Length: 2501
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 07:13:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=WOFAAU9HlUwtoht0ammb0L8rR9UK7WrlZU5JBCgx_bs-1715325185-1.0.1.1-kwpot4H3bc9Nljv6tYLdr3a7IxSeSlsy9VmmnC69KGr6iQeN3p3Gx1tYMSbMMNsV5_KQTSb8DE3.qQmgWo0Bcg; Path=/; Expires=Sat, 10-May-25 07:13:15 GMT; Domain=.holicisticscrarws.shop; HttpOnly
PHPSESSID=587moekj706djvklje2tn26gcb; expires=Tue, 03-Sep-2024 00:59:54 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYRWbsrbPkzzY2YkmyAQj%2BN9AbWKtEYmjcOJNALJUJ6D9XfAC5ZO12QjHS0l3YrM2pL4jNF1AgwTaow4eD0LP1SHZ%2FGR9MNB3ijpB8bWliLu1rForRcKEiIydRax4fd9CBYaEeWqKK9G"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881820253a3756c9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js | 151.101.193.229 | | 18 kB |
URL cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js IP151.101.193.229:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1002) Hashcb0a959ac3d7a23dd8271f8438671211 8bc8a58a48d6f529e6b58e235b47d92dc61a0e2d 28d785eb15b9a3fb56d6869ee57952e0908d003a0cf911eaae7a14a8bea9bc76
GET /npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"c620-i8ilikjW9SnmtY4jW0fZLcYaDi0"
content-encoding: br
accept-ranges: bytes
date: Fri, 10 May 2024 07:13:15 GMT
age: 1374412
x-served-by: cache-fra-etou8220055-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18451
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/css/tom-select.css | 151.101.193.229 | | 2.7 kB |
URL cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/css/tom-select.css IP151.101.193.229:0
Hashc95b0bc73baee2d4aa8a5d31819916c7 5c6101d999331d9dd4f6902ec76fa484cc0e6150 c8168f6b45f8cf03ee444c7a0d2d61850899fd10dd13e2e523ca15e24fb1340c
GET /npm/tom-select@2.3.1/dist/css/tom-select.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"2618-XGEB2ZkzHZ3U9pAux2+khMwOYVA"
content-encoding: br
accept-ranges: bytes
age: 2852151
date: Fri, 10 May 2024 07:13:15 GMT
x-served-by: cache-fra-eddf8230097-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2714
X-Firefox-Spdy: h2
|
|
| holicisticscrarws.shop/core/panel/icons/tabler-icons.min.css | 104.21.40.92 | | 125 B |
URL holicisticscrarws.shop/core/panel/icons/tabler-icons.min.css IP104.21.40.92:0
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /core/panel/icons/tabler-icons.min.css HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/api2
Cookie: cf_clearance=WOFAAU9HlUwtoht0ammb0L8rR9UK7WrlZU5JBCgx_bs-1715325185-1.0.1.1-kwpot4H3bc9Nljv6tYLdr3a7IxSeSlsy9VmmnC69KGr6iQeN3p3Gx1tYMSbMMNsV5_KQTSb8DE3.qQmgWo0Bcg; PHPSESSID=587moekj706djvklje2tn26gcb
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 07:13:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fb9QRcguQvNoxeMsSw7li%2B78AApr8otW5g8f%2BRD3t%2BkDxG7%2FjO%2FiLdVpoh0%2BhJ%2Bm4TqXdNShOxaai5Ro%2F0iqYAVFe0qlA1iRutTuWUhMCb5vapPq17Y4XZXWbtz%2B%2FNg292M7DrdzCued"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881820265c1256c9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.66.137 | | 31 kB |
URL code.jquery.com/jquery-3.6.0.min.js IP151.101.66.137:0
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 10 May 2024 07:13:15 GMT
age: 1181376
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 227539
x-timer: S1715325195.350281,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| holicisticscrarws.shop/core/panel/js/doberman.min.js?2 | 104.21.40.92 | | 125 B |
URL holicisticscrarws.shop/core/panel/js/doberman.min.js?2 IP104.21.40.92:0
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /core/panel/js/doberman.min.js?2 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/api2
Cookie: cf_clearance=WOFAAU9HlUwtoht0ammb0L8rR9UK7WrlZU5JBCgx_bs-1715325185-1.0.1.1-kwpot4H3bc9Nljv6tYLdr3a7IxSeSlsy9VmmnC69KGr6iQeN3p3Gx1tYMSbMMNsV5_KQTSb8DE3.qQmgWo0Bcg; PHPSESSID=587moekj706djvklje2tn26gcb
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 07:13:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ygf76%2FqhXJa75bk0ntmZsgj%2FfbTisGoa5UQjX4WF8xhzZ5rc9LXHnUoSo1F6sW2ujKoW5W2EeuAVq2as%2Bp5IK0TXIkijqFiKzL%2Bp%2FyHGS8viaW%2FjPhs%2BeW0mo1jEFoCMYR8pJFyeDvVt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881820267dee0b02-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/core/panel/css/dober.css | 104.21.40.92 | | 125 B |
URL holicisticscrarws.shop/core/panel/css/dober.css IP104.21.40.92:0
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /core/panel/css/dober.css HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/api2
Cookie: cf_clearance=WOFAAU9HlUwtoht0ammb0L8rR9UK7WrlZU5JBCgx_bs-1715325185-1.0.1.1-kwpot4H3bc9Nljv6tYLdr3a7IxSeSlsy9VmmnC69KGr6iQeN3p3Gx1tYMSbMMNsV5_KQTSb8DE3.qQmgWo0Bcg; PHPSESSID=587moekj706djvklje2tn26gcb
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 07:13:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aPUsv8RjxOAloB87IM7nVhB%2FPHsNSzpSg57eb11DHxGCU05jBQI3ivtSBvKW9pJt0bjMaDpzbcUBWxzAEfYlise5sb0wpjcIVwyKqRF3e5qoFH66VFJTjfh5YpqtJqt4EYFzSKgy940x"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881820267821569f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1567969060:1715321481:vK-3CxotpGeN4bBlP2iw6ip21Gh9Sb_Rn4kZfzqdSDs/88181feabc27b51d/c7ef2d10c08abd2 | 104.17.3.184 | 200 OK | 72 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1567969060:1715321481:vK-3CxotpGeN4bBlP2iw6ip21Gh9Sb_Rn4kZfzqdSDs/88181feabc27b51d/c7ef2d10c08abd2 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22332), with no line terminators Hashe47292b12906ea9c84171de8f2070520 1d50366d9b600af335021f2bf279e50ad4cbf615 c698ea5e9b7dd86fc451b1b2cbc0db9ef896c2233861c842a8af3c05e565ac50
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1567969060:1715321481:vK-3CxotpGeN4bBlP2iw6ip21Gh9Sb_Rn4kZfzqdSDs/88181feabc27b51d/c7ef2d10c08abd2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: c7ef2d10c08abd2
Content-Length: 28221
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:13:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 4QFoMUGJUYvJ/7w85o5qUSEVEMbNBJro+bp3nwk79kntYvdFSPMzm/9HZ0wTQztx$QW66wg4Al7jsf2R8+OTqPw==
server: cloudflare
cf-ray: 8818200d88efb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=88181feabc27b51d | 104.17.3.184 | 200 OK | 124 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=88181feabc27b51d IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size124 kB (123928 bytes) Hash1f12a9a68904f499639312d14eb364be abf9f393d8a7ba998a1c73a4ebf5f3d19712ae84 f020eadea083a21088102fac0615ba8c910a246dd82869668474064d72237e17
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=88181feabc27b51d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hn6z0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 07:13:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 88181feb8de2b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/favicon.ico | 104.21.40.92 | 403 Forbidden | 125 B |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP104.21.40.92:80
Requested byhttp://holicisticscrarws.shop/api2
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://holicisticscrarws.shop/api2
Cookie: cf_clearance=WOFAAU9HlUwtoht0ammb0L8rR9UK7WrlZU5JBCgx_bs-1715325185-1.0.1.1-kwpot4H3bc9Nljv6tYLdr3a7IxSeSlsy9VmmnC69KGr6iQeN3p3Gx1tYMSbMMNsV5_KQTSb8DE3.qQmgWo0Bcg; PHPSESSID=587moekj706djvklje2tn26gcb
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 07:13:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r29u%2FN%2FDa8AgjXbm%2FJOj5AzFLJRg093%2BZEuViC8zX0DkA4cctWsxORMyu4vQc%2B2cVMSvR8efVtXV086dkEsJPcMZOfcrt7NWAq1Irzs8biIkA7VXmz%2FVa5FzaqoRKYVwpiW5R7HskpWF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8818202908a756c9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit | 104.17.3.184 | 200 OK | 43 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit IP104.17.3.184:443
Requested byhttp://holicisticscrarws.shop/api2 CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42616) Hash86183dd14ee10d1dee92b37b5069d716 9ec32d650ece484bbe624ca734a0a65e22d35dd6 ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4
GET /turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 07:13:05 GMT
content-type: application/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 88181fe8a858b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|