Report - diskretainvigorousiw.shop/api

Report Overview

Submitted URL
diskretainvigorousiw.shop/api
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 15:21:28
Access
public
Website Title
diskretainvigorousiw.shop/api
Final URL
diskretainvigorousiw.shop/api
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
46

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
diskretainvigorousiw.shop	unknown	2024-03-24	2024-03-24	2024-04-18	4.1 kB	152 kB	188.114.96.1
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-10	2.9 kB	101 kB	104.17.2.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 15:21:03	high	Client IP	188.114.96.1	ET MALWARE Observed Lumma Stealer Related Domain (diskretainvigorousiw .shop in TLS SNI)
2024-05-10 15:21:03	high	Client IP	188.114.96.1	ET MALWARE Observed Lumma Stealer Related Domain (diskretainvigorousiw .shop in TLS SNI)
2024-05-10 15:21:03	high	Client IP	188.114.96.1	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2024-05-10 15:21:03	high	Client IP	188.114.96.1	ThreatFox botnet C2 traffic (url - confidence level: 100%)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed
2024-05-10	medium	diskretainvigorousiw.shop	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-03-26	medium	diskretainvigorousiw.shop/api	Lumma Stealer
2024-04-28	medium	diskretainvigorousiw.shop	Lumma Stealer
2024-04-28	medium	diskretainvigorousiw.shop	Lumma Stealer
2024-04-28	medium	diskretainvigorousiw.shop	Lumma Stealer
2024-04-28	medium	diskretainvigorousiw.shop	Lumma Stealer
2024-03-26	medium	diskretainvigorousiw.shop/api	Lumma Stealer
2024-04-28	medium	diskretainvigorousiw.shop	Lumma Stealer

JavaScript (34)

		Size	First Seen	Last Seen
	#1 Eval - 5b15e19a6a5c5a732a44432867b870c1	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash 5b15e19a6a5c5a732a44432867b870c1 d7a455de4f74c51323440267b30132a361186ad6 33b6af800b2b8903c7563ff8538cb8e649ac181fea2b494ea69d7292ca4546bd Loading...

	#2 Eval - 1cd3d4504598e3002c89ac4344b05866	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash 1cd3d4504598e3002c89ac4344b05866 124c3c855b9f82a593ab151b10d2ff11a7760a6b cc8da4d02f52a9f19c8635c6c4896df1df8eff0dd42799b36b93b2a09916da9d Loading...

	#3 Eval - 06fc4f23b2b034e97fbd84301ee649b9	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash 06fc4f23b2b034e97fbd84301ee649b9 72f495f4062cd3fe58063426562c921fbf03a048 d4f024bc24a2e26810e18fd23e078fbed8562893c29acd99a9a1cf85b7e70f19 Loading...

	#4 Eval - bde3576773119ff8a9073d151fe9497c	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash bde3576773119ff8a9073d151fe9497c d017522d2b47b8e7f5e1864ef7c8b431181fd52c 051982edf454a2c8c49a2e53305d9e7815378eb1751bfc72de3e9f61f7be9f44 Loading...

	#5 Eval - 8f48094dce5525271d57a55afc6f5a6f	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash 8f48094dce5525271d57a55afc6f5a6f e884e5667a9fc30a4e594dde6302d6da92a8ed17 8c3648aea6fd6417a4874e29d91a77c4a163fdd16eba9ed12294e872c99eb25c Loading...

	#6 Eval - fb6875c3a77b381fb7d9f9c1c078018d	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash fb6875c3a77b381fb7d9f9c1c078018d d029ddc5590a6b595ea29b41fc55ee734d340aa8 abb1200f77f16ac63adca3a9e4ee6149b5e90cd332da48b85ca987d20a8fc29c Loading...

	#7 Eval - 2712a19eb1024bb7f824d379bc77b51f	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash 2712a19eb1024bb7f824d379bc77b51f 8d67d6301376a8c9f59ad852daeaeaf2e382878b 8a5a33b0fa65371439210af9e2f09800a455f10591cf4cfec1786268dd3ac163 Loading...

	#8 Eval - aa6d6e832c3833af2f804f3bb31d331b	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash aa6d6e832c3833af2f804f3bb31d331b 76938e7e87a07126d7f53cac453e159f4a4b47a4 4ff061100bcf1bc717b153e0a39c172480905136ca2761b1d0e3bfa4e2e26f18 Loading...

	#9 Eval - 2104e51b45819fb48be29bd684a7a765	62 B	2024-05-08	2024-05-17
Pretty Observations First Seen2024-05-08 21:17:23 Last Seen2024-05-17 15:34:57 Times Seen967 Hash 2104e51b45819fb48be29bd684a7a765 4c63e1a706403ae3b72fd6bd15bb42ba662b456c 409852cd2d9ad570bc66e5cc8c403b729033ebacfadc90fd9548df7f494a5869 Loading...

	#10 Eval - 5cd24099274744e45253c3052cc2e12e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash 5cd24099274744e45253c3052cc2e12e a125fa3a05dde483907b625d2e9936866c330849 f8b743466e9152049123a9dccf092cf730a00e3dff4419fe2bf4a014cf69629d Loading...

	#11 Eval - dec53ac0ae78f1d31e086b72ada35214	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:28 Last Seen2024-05-10 17:21:28 Times Seen1 Hash dec53ac0ae78f1d31e086b72ada35214 65fd97cf68405d8080897b003e549337bb190294 3f7cecc04fc3a3b7fdd35f79bc97fd36065f0f52ff4566a30391661a80f87d27 Loading...

	#12 Eval - d8b049301cbfcff291fd4d60a9cc4e6c	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash d8b049301cbfcff291fd4d60a9cc4e6c 651bf3a3a04f3cc4bc0044cfaf4b9d5b83edd4b8 689c815d5f568fdbe4acb80aa91a16db2d6a2e9c467f34f638a15515a8b44334 Loading...

	#13 Eval - 2746e9fc593e292e735e3ed5cf1a58fb	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 2746e9fc593e292e735e3ed5cf1a58fb d01b3446c0240e77c2aba189e9a8bea7c21e8349 cfe797556aca39817683023dec213b4815ea773c5ea0ba09e543d6a82fcdf2f4 Loading...

	#14 Eval - 088949467d8e7a3a425c98f2280f35fa	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 088949467d8e7a3a425c98f2280f35fa 5f1379b9f1a740c288385b9446acf2aa882e304c 54c27e5c8e9db7ec23c4590856f179feba93879574b5402a01ef528c3177b849 Loading...

	#15 Eval - 8a134d5fe38322fd62a5fe93626a0054	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 8a134d5fe38322fd62a5fe93626a0054 091033bea85229734ba151873e6a3140c6db1c03 05f0c383ad548df7d1bc113e50049e6f5681a6f5ca4598f6a111181217b3ebe3 Loading...

	#16 Eval - d3ae98d3f19fae14da72c7c8ff2bba39	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash d3ae98d3f19fae14da72c7c8ff2bba39 2bb63c04863ab31b305ad25623c0b09488a3a440 c73f6a977996bfa2838910eed8517b8b1fce48db1ce7bb2af2f343bb7ff946d3 Loading...

	#17 Eval - f34271319cbeefee0ac2e9f6d73d9943	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash f34271319cbeefee0ac2e9f6d73d9943 0daf11ec894d9949bc8bc438b4a735d438cea620 f2eb3f9ebc7705bd1986028d314f170673464edb94c9f4b92ecec1aeec06f1c9 Loading...

	#18 Eval - 61a6c10d6e0442ef8dbaf8781d86c2e1	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 61a6c10d6e0442ef8dbaf8781d86c2e1 5f59894df277bf5d635d85d7717a2cd9593e9730 ed36eb3a3ff685741b3083999ccb6d5e44f5f4de86e41cd3963435e42278f259 Loading...

	#19 Eval - ad55db21d506d5b77b886419d2966b00	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash ad55db21d506d5b77b886419d2966b00 f435d1b5a2ab702f752606cd333b5b03ca40c714 1c53c82e015120285d9eae0a034513a662ab4b316f15d6a635c781125c2d66e9 Loading...

	#20 Eval - af3c963e19c913bd36e937fabb98c0d3	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash af3c963e19c913bd36e937fabb98c0d3 67fb5ed62a387088822fe12ece533871a01959d1 b769ff4819c22513d31186ab8e2899f97b7e07d820a7c6da0be402c6a470a405 Loading...

	#21 Eval - a3340bbed0366b8812d9ca4049180834	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash a3340bbed0366b8812d9ca4049180834 bac6060cf50fa0bc8c14c36395207ec68aab166c b4b88c726448fa5181881b549a3eb953566b75dcedcb65f90bfa9883adc79861 Loading...

	#22 Eval - a88d890314eda4f5832b7c8def9b4e05	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash a88d890314eda4f5832b7c8def9b4e05 94ce7b6ddadcd02352a3a36865579b173ca2e710 82f6843a3234731f67a490842d5aa77e58a67f201dda728694f04bc58d55c18e Loading...

	#23 Eval - cb938cc2d4a84b9c9475c5c144397ea9	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash cb938cc2d4a84b9c9475c5c144397ea9 3f03c9ca311920b48a4b0c1eb35d407bc236dda2 247246a0cbc74e484719bc138b3dae5920fe4e5585213dcea258cd823760d6a7 Loading...

	#24 Eval - b80e3baf331c04373a44e385e3d45bf2	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash b80e3baf331c04373a44e385e3d45bf2 ac916cfc26f67aa3b978509ccbb10bf04c751621 fca981b2c42b3148b4a18893d3821f67d79e71ca7b0c9ac74f250c3548478635 Loading...

	#25 Eval - 99e33652132e61ddc97cbc179713766e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 99e33652132e61ddc97cbc179713766e 10b7d93c64ef6c5518c9250af1c552f833857555 0fac9af7cd54633270ef6a090186a0e4f619c701f1d8ca8efb4ace2d87b05aba Loading...

	#26 Eval - 3d2446b7bc2ad7dd75be2d516cad9cd1	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 3d2446b7bc2ad7dd75be2d516cad9cd1 0084956acf75f5817d4800a243a38990b9ed5b53 43a713f75c0799351a6a22b73a4fde022600a0b90e92948250ae49a408168005 Loading...

	#27 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-20 22:25:40 Times Seen354123 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#28 Eval - ed7fcc790e8b180bbf3f18411747518e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash ed7fcc790e8b180bbf3f18411747518e 45214b8f574c89865ca40f51d8bf81fa2d1b99dd 3dcd0e02e3f022e5ad70a560fd9b78e19dba8612b690902c6cfce62f02ec12f0 Loading...

	#29 Eval - 1aba9b3320b1a2263cde2af832a16062	2.8 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 1aba9b3320b1a2263cde2af832a16062 3442f4dd689320ce8dcc2efa0eacdf79393379b0 2ae3eb3a8117d05fc128213a132582ba93cbc49b24b5cc01190b9b6ec6d41010 Loading...

	#30 Eval - d2134dd1a906062fbfccf776def76d8b	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash d2134dd1a906062fbfccf776def76d8b 21718b8da6523d81b7c493e3da6a6bd52dd8a842 237fbb894994ff1d8062a52ce185611453b13d0385486cac3c48a356fb4d79b5 Loading...

	#31 Eval - 7031eac66d49021d86bd168200004c1c	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 7031eac66d49021d86bd168200004c1c 2b1d59537c3f3f78cd2a15ebb46d9b257f0d2815 b28306452a6789d5c913794e4bf7cd672d3ea357cc01eabbef9b3f2dbbc82804 Loading...

	#32 Eval - 06dafe26d33dbc82dac2f0de3de39756	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 06dafe26d33dbc82dac2f0de3de39756 9001bad0ec44f0008ced1a224af6715a025ba685 6bb4b60d0741872d1b71856ef3996e1b0c624a6a3828c6034fbf9a5403670414 Loading...

	#33 Eval - f5b15b7cc4cee320f129314328222515	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash f5b15b7cc4cee320f129314328222515 a0592a06277a4db118a64505c5d5ffff74033b81 1fba9a1deb00db7027de9d8cecb52275664ee975c1224e7beeaf6320f86dd8b9 Loading...

	#34 Eval - 05f6c4f7dd774ba8548a98c10e488e2f	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 17:21:29 Last Seen2024-05-10 17:21:29 Times Seen1 Hash 05f6c4f7dd774ba8548a98c10e488e2f f43965fc53d4ef91585ab6ef634c3149b96378ed c774229d58d9132ebffee6646203e9f1ca9e4ba8ef8ccd85a8a275b30f81f4c8 Loading...

HTTP Transactions (12)

URL IP Response Size

diskretainvigorousiw.shop/api

188.114.96.1

200 OK

5.8 kB

URL User Request POST HTTP/1.1
diskretainvigorousiw.shop/api
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14165), with no line terminators
Size
5.8 kB (5814 bytes)
Hash
76f7956c3b29a70b73afeee21014a0ca
d894817f10dc3c1dec0947496952c2fc5ba131d5
7111e4bcebb7866ebde6796347b632c8f21496e73e52d867f3e41ce5aecd1a41

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

GET /api HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 15:21:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: n1wWDObEVzpk/IYAr1FDHDV7mBb7JVRsCAJRUtdTRwXtO1Am5Gya6FQQ1sW7p7+uv8RmDCs2H4bvSURia+hmSVPgA5TsL2PiVjcXFvKDZwJHmXX7ueM2oYfeHjb75H13L4jJNfykKPVaOb44l9OadA==$UIJhXejI0oWR4YjKXvB5OA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UhT0BanOTRy7UgQMFbgyn0qXhJAlDe1J6hkNOZYYHqj0CvDkS7ypCFASp81xSRL0jpgfxV2L0qHaun0rf6bzkArul6pZg2fTnUkekBTVv3u4BYGmds5lR9Q29G6lSbkjSrlKyiykCNAMcRcH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881aeab38892b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

diskretainvigorousiw.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881aeab38892b505

188.114.96.1

110 kB

URL
diskretainvigorousiw.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881aeab38892b505
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
110 kB (109945 bytes)
Hash
d9d9d611b39064ebe5daa36c74485c2c
669ddcbd64d37169cf31d55413ae8d475da0f847
78ae6def45087e24a94c0f67fceda5e27ec0a1f5395e6a07d26fa58e344e9a3e

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881aeab38892b505 HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://diskretainvigorousiw.shop/api?__cf_chl_rt_tk=zGy8Eqg0D5i5m2OFFVaapM5wOF0YbHA1b9N8UQf.PJ4-1715354463-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:21:03 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLcGdn9sBLAu1WcZphr%2B679AR9bReRGtSOqwJh%2FyC07t4murQPuXItoybQXjvMWuRB1v4g5u7XvVEIT%2F2va1xTqe8OUYF4sv2v%2B4o2JohCKpjTvd8R8aVzIoyk%2FsP0dKt97KtsnRF%2BCNu%2Fn8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881aeab55d60b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

diskretainvigorousiw.shop/favicon.ico

188.114.96.1

404 Not Found

5.9 kB

URL GET HTTP/1.1
diskretainvigorousiw.shop/favicon.ico
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://diskretainvigorousiw.shop/api

File type
HTML document, ASCII text, with very long lines (14286), with no line terminators
Size
5.9 kB (5885 bytes)
Hash
f55ca32a2fb937c6af91a370284df9ed
92b73129c4d322662e4f81184d2711645d3d6f7a
45ec5be4091d8a6cb3a32524f5c03533d9e66df8a0273bda2f8b336178d24d43

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://diskretainvigorousiw.shop/api?__cf_chl_rt_tk=zGy8Eqg0D5i5m2OFFVaapM5wOF0YbHA1b9N8UQf.PJ4-1715354463-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 15:21:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 8bF0ss/ErXYYR0NcvCfpYTwPpmGuwNvevpaQxR5WK3EX3PURS9OTk5vnazWO/og9DkmiBmbq2/RNI5EnbjhttmtBWnGAOCEDolCfkYKdKMNEYfnSQfejFAc3Ulc/wMUE2BivJq6h71SO8al4aRVTPA==$Z983etUpif18LnjZ06yU2A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5bBhe3N2pb69w7M67A3no6XBjpI2jbyLPW7K7MIWbOii9jVu%2FGzEqTkAXb918nC3SYt3U5J2LUvSGdsYHBsxIJBQI%2Bek%2F8Br6YdS26a4bimmA1FZkzMUISyDVtAwguMYuHGySIdBYBwJGsOp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881aeab5be00b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

diskretainvigorousiw.shop/favicon.ico

188.114.96.1

404 Not Found

5.8 kB

URL GET HTTP/1.1
diskretainvigorousiw.shop/favicon.ico
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://diskretainvigorousiw.shop/api

File type
HTML document, ASCII text, with very long lines (14200), with no line terminators
Size
5.8 kB (5820 bytes)
Hash
e869754d4e6222c95411eba410731f5c
07d80f8f99695f9d1703b13c5eab4b305cbf5bc2
49546c4ce1f58af1af61eddab1671e6dffc962cab046f1fb0c3e896a236c9e94

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://diskretainvigorousiw.shop/api
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 15:21:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: eNj05SOwITS3ojst5iCcOsMCCApaNtt2sTsMfR3zjAPnY6FPFifSMy1udsZhMn+yWDJnfBNfTgxd1H6MgJfKZCT43ssIfzts10etismEGtg0+X7ZdHmlhtEnMMJM4DtUXCkHyX6tzAZnMbWZq8PMYw==$8Urp4soxAcIIrVNFHApKuQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kdUWuYrdbEsrw3Fw3nPpmYGnzom8iRs4IXLaCA0221Xs%2BjuLw6cd4gXpRPmup1mimF%2BRfYfc14nUY6M8yH62tgKaynJmnQ%2BlszEYCGKB2z9yqfVhU%2FjSQy41H9XCeK4vKGD%2FmsslLcu6CmSc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881aeab61f815697-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

diskretainvigorousiw.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2084328055:1715350233:4eaINjoMZsKDr0FCSnoH--6dPBmWM9GrZgGfJF6cnm4/881aeab38892b505/810da935c65f1d2

188.114.96.1

12 kB

URL
diskretainvigorousiw.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2084328055:1715350233:4eaINjoMZsKDr0FCSnoH--6dPBmWM9GrZgGfJF6cnm4/881aeab38892b505/810da935c65f1d2
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (16432), with no line terminators
Size
12 kB (12405 bytes)
Hash
8b0ff1b03d9fc8411868f7423844efdb
e20cdcce7c95686f103972bbf6c67141818c1e1d
e70613565d691898159544ab69c7f63328c36500f1d381734576b00caa6609e7

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2084328055:1715350233:4eaINjoMZsKDr0FCSnoH--6dPBmWM9GrZgGfJF6cnm4/881aeab38892b505/810da935c65f1d2 HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://diskretainvigorousiw.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 810da935c65f1d2
Content-Length: 1853
Origin: http://diskretainvigorousiw.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:21:03 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 40f76Q/e3f/zhaneqYZXCByHzO/ONf2w1aQoGQaLE9AhZ50IyrNOPn3CUe//nrV9$gevOKVmot0va8HNiO+6/pg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7zV0aaMsTZ3Vl5a1JQfHezpHvwB6lmx71SIQRQmQvpU2xLYEG2Meg9E9r1E3qf9%2Fs3xQFj4MoZKNqkcyrhT0GUROK6EsCErtTYpxJPDIydqqiScxEl5fRTSfUKOn0FLN19E6sU5BBunOqslC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881aeab6eae20b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rtzzs/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 15:21:04 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 881aeab8ce4b56a2-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881aeab7fd3c56a2/1715354464400/JAwyASzhcrErhui

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881aeab7fd3c56a2/1715354464400/JAwyASzhcrErhui
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 12 x 95, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
50d2f6f5a7a8bafae10dcf1645abd6f6
c554f381b7feb205f594819431ceee446c97e180
beac57a77942e94aec301d4a37212a1f0ff4f9012c4c6119f2af3fe622e84941

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/881aeab7fd3c56a2/1715354464400/JAwyASzhcrErhui HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rtzzs/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 15:21:05 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881aeabe5e3b56a2-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/559108544:1715350296:iFf_EsXXW6IVu5SpC-ixNPDGDilmF2cPgdg3CWECAs0/881aeab7fd3c56a2/449a7ccf2b41218

104.17.2.184

90 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/559108544:1715350296:iFf_EsXXW6IVu5SpC-ixNPDGDilmF2cPgdg3CWECAs0/881aeab7fd3c56a2/449a7ccf2b41218
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (90084 bytes)
Hash
932fcb9eb517a8038acdaa9eeb9224fb
54fadb3c24d1f5f9aa852342a7b80a548ba8a7b7
3b184a1c1e0671e177922dfbfcac44d2bafe5bfe59be0791740ef65f10148503

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/559108544:1715350296:iFf_EsXXW6IVu5SpC-ixNPDGDilmF2cPgdg3CWECAs0/881aeab7fd3c56a2/449a7ccf2b41218 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rtzzs/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 449a7ccf2b41218
Content-Length: 3532
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 15:21:04 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 2SrSK3qdIXj6fnnP2uaB9l/R7DGiiY/pw3SL7+6zM1DAnwCgERGXaJ/uiv6z7+9wuUxt6WPiDByEOkJtm235hoO08JyMBgOx718i0Xnle3yKDyyEM/RE1tGLgZ9tqhP3rhtJwkC3thw7g+q4RGOWFmtMauLES9QAABAjzSG4jySCGcVMGJTdT2Tv5Jc+OQbdGOjLVeQAuqplHmJSJEKyQVkICpaH2D7s60hlckwb97qxMqKQBAgV6vcdyuenjdglO44DmSaimPh8MwTQl+InoD90nA4YQnk067NLFvFHl5y2o1eNzKciCvB72IX0SwzhRL+a/+FwZRC8Mom5ISqIcAoIlaDSMsCRK0xLU4gc5GxUNEw16xz2Aa8ffDoFe6d5sX260nIbTuDIOBO0HYeFYQOXPttkcqsfH6DkaI/Hc0DWqZQeOVP2BwbneLm9G4wK$wLboGdWfy5oV3tUX5LdCVg==
server: cloudflare
cf-ray: 881aeaba588a56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

diskretainvigorousiw.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2084328055:1715350233:4eaINjoMZsKDr0FCSnoH--6dPBmWM9GrZgGfJF6cnm4/881aeab38892b505/810da935c65f1d2

188.114.96.1

3.0 kB

URL
diskretainvigorousiw.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2084328055:1715350233:4eaINjoMZsKDr0FCSnoH--6dPBmWM9GrZgGfJF6cnm4/881aeab38892b505/810da935c65f1d2
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3980), with no line terminators
Size
3.0 kB (3042 bytes)
Hash
fc0ab50f3a9d8c05056c5173d608e8b1
4147cae915c3bac3ef1b5354606c93fd28914319
c22a0fadb30b6bda8d70a337ea0ba83aa34a503afd3263c02298a76dba5d4243

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2084328055:1715350233:4eaINjoMZsKDr0FCSnoH--6dPBmWM9GrZgGfJF6cnm4/881aeab38892b505/810da935c65f1d2 HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://diskretainvigorousiw.shop/api
Content-type: application/x-www-form-urlencoded
CF-Challenge: 810da935c65f1d2
Content-Length: 3352
Origin: http://diskretainvigorousiw.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:21:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: 9TmMUQ/bz0OqLJJjdlrvx193QfpaW5FDF+jmNsxt7qwAvPTTkhUVMsQDoxnzfhFBp0VwtArWS0AgaoJmcndpRbEd/itl0pks9vEc3QQuIaFi3AU+YWKChfCHM2RejEbO$DvKDpXi4ozBHagxknTRzzQ==
cf-chl-out-s: xnQkwIFXsOgPOqvr2plByw==$VKrtZ1kseTO/juSulzNYlA==
set-cookie: cf_chl_rc_i=;Expires=Thu, 09 May 2024 15:21:14 GMT;SameSite=Strict
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aSur7QzhiS1ZowDHNsjGEULvCMmGBmi%2F1olXIH0fCrhcPJHbFG0OlHCvCqUa8CHH0R7v8Zfh2R5Cbdmj8FzKujZdasr4nsSmd4xRtpUln2yoG3fOMK2%2Fbat%2BylQMt00SKLTMLIn6T%2FPHhEM9"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881aeaf64ff20b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

diskretainvigorousiw.shop/api

188.114.96.1

200 OK

36 B

URL User Request POST HTTP/1.1
diskretainvigorousiw.shop/api
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
36 B (36 bytes)
Hash
f7f65f8e1e7aac5fea69b0a756f7a0a6
0fd6949c452076605ecdf4c4a04112c72e044b45
c4f5d9c48b173615278f74c308c7b569085d7a8e658d8eb4310286b8d32a6153

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

POST /api HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://diskretainvigorousiw.shop/api?__cf_chl_tk=zGy8Eqg0D5i5m2OFFVaapM5wOF0YbHA1b9N8UQf.PJ4-1715354463-0.0.1.1-1301
Content-Type: application/x-www-form-urlencoded
Content-Length: 2480
Origin: http://diskretainvigorousiw.shop
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 15:21:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=R90D2mPm58bQ.EsV31FXD0uEwn3uYNPzsDtINtNqQ1E-1715354463-1.0.1.1-Guga_oQzaWf_9U5N8Y834p3e8Rb0QYaIIYT6opxP8cv2xNv.X7GVBvoDkHwTpgCOncIBAlv7GPeJ.sY2YB2yXA; Path=/; Expires=Sat, 10-May-25 15:21:14 GMT; Domain=.diskretainvigorousiw.shop; HttpOnly
PHPSESSID=m0ouif1occfe9vr944h8gjv44g; expires=Tue, 03-Sep-2024 09:07:53 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=igerN5TGGy8Bi165OS5RhRmGJQnk8mlPjE2uWa4e1CwNlYoTrVtJtvuzFnkK1PPG%2FKGA%2FzYLntWREiAzFgXWhOt3mwiPi%2BdhGG45CRoDMvCbWTzahrkfLMUWKXcj21rMwqc8vAM2oDCx%2BWD6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881aeaf729040b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

diskretainvigorousiw.shop/favicon.ico

188.114.96.1

404 Not Found

125 B

URL GET HTTP/1.1
diskretainvigorousiw.shop/favicon.ico
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://diskretainvigorousiw.shop/api

File type
HTML document, ASCII text, with CRLF line terminators
Size
125 B (125 bytes)
Hash
1b7c22a214949975556626d7217e9a39
d01c97e2944166ed23e47e4a62ff471ab8fa031f
340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: diskretainvigorousiw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://diskretainvigorousiw.shop/api
Cookie: cf_clearance=R90D2mPm58bQ.EsV31FXD0uEwn3uYNPzsDtINtNqQ1E-1715354463-1.0.1.1-Guga_oQzaWf_9U5N8Y834p3e8Rb0QYaIIYT6opxP8cv2xNv.X7GVBvoDkHwTpgCOncIBAlv7GPeJ.sY2YB2yXA; PHPSESSID=m0ouif1occfe9vr944h8gjv44g
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 15:21:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iE7EI2yrWphOHdHLr1vXt4v6leHqbhUrgwuupGiBJRMMRz52V9YZU9H1LkOLZZhyRtRvbdHekoQUl69PrwOf47yWpEMCez1GpCsvTdMRpy29Kh6xWX6I%2FFbjxQ23qKFwieMf9MYAT7F8q6VY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881aeaf82a790b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/559108544:1715350296:iFf_EsXXW6IVu5SpC-ixNPDGDilmF2cPgdg3CWECAs0/881aeab7fd3c56a2/449a7ccf2b41218

104.17.2.184

9.4 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/559108544:1715350296:iFf_EsXXW6IVu5SpC-ixNPDGDilmF2cPgdg3CWECAs0/881aeab7fd3c56a2/449a7ccf2b41218
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3600), with no line terminators
Size
9.4 kB (9400 bytes)
Hash
b921ef2bebffb342afa2ece40fae23fe
4c8a61241ecc4b0f921bdf30750299816a3bbbee
73c75be2db7a2dd50ff3fda11a270f17b5fab82f7383ca1b66123fe4cdc32d22

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/559108544:1715350296:iFf_EsXXW6IVu5SpC-ixNPDGDilmF2cPgdg3CWECAs0/881aeab7fd3c56a2/449a7ccf2b41218 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rtzzs/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 449a7ccf2b41218
Content-Length: 37616
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 15:21:13 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: YtiWJfX+JpDRFPq6C97wvM67Q0AyxUMDitsCR3n1WqGjDuKTk5ppHH3QJ2vUxD2le74UTq2VC62XEGY8o+Z1Qs5I4eATLTbuMfPhI5MATTKFh1+Ajkocv67+JWJpF4oT$lY+hrZbdbv7QGVuKcKJ6UA==
cf-chl-out-s: KDrgucTsPZDVwlgwZQSncw==$EbNK5cXlFwTpKOYSnd3ChA==
server: cloudflare
cf-ray: 881aeaf59f8c56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (34)

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash