| shortsvelventysjo.shop/C0L | 172.67.216.69 | 403 Forbidden | 7.4 kB |
URL User Request GET HTTP/1.1shortsvelventysjo.shop/C0L IP172.67.216.69:80
File typeHTML document, ASCII text, with very long lines (394) Hash2b5cfe89bd8407d8ae8814e40d040d76 cc71174a72588301204e7c482d71fc1b815af623 252189be7a8ec5bf4d5b9d238c862aadade80233ab00eea5535fbb41742737e8
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /C0L HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 25 Apr 2024 13:53:11 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Thu, 25 Apr 2024 13:53:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cEupqpTy9TyJP%2FrWTsb5nWUKdl%2F78SSDJEED%2FpEwgBBmk4P2Q34nNNORqFPtB0M%2Bc7Rq92YXlBfb7ElFIDK8ezXZU2d8OjRnpM5VyW8D7QRq0U0Gjkp2gOl9YzdSgcjLEB5IIx4QuCEa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879ed15f7f375690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| shortsvelventysjo.shop/favicon.ico | 104.21.16.225 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeHTML document, ASCII text, with very long lines (14484), with no line terminators Hash6474a7f51b7facbb6e28224eea9139b8 8ef08ee5c0c0241493c42a31a5be9230108721c5 3544045efb3e86df919b0ab480505c6e276736d6448c1be780a9ab444a5c3d2c
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L?__cf_chl_rt_tk=64DAawd0yJBQ2MBTg2EE4uo59mh35Jo__D2QuglnOB0-1714053191-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 13:53:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: omdEADKUm0295r7dWnBFXT6NGYGucbNuWhmcZVvt5jvVUUe6Bt+MHzE8NhmHgIliyDsg1EA0NT/VzAUDyrRirntwGpM8RPb864Rfn2M05JGkqdG6zeVwEdZbYL4M2PevKeTgbHjOImdq7cMVLAgQsQ==$cA3c/XG1ZmHpslc30PDfuQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tWjdLORLFHqzbiCBM2wACht5GsL66SIlN%2FgozZ8xFtcyctMunKOySqKuZr5CJz%2FD9Tb%2BQsAJSl77voJ2bXK0WDfJX9mgcKd4qxkv%2BEhWnNVJ%2FYItl5JnoSz4hzWtSOfJkQJjsCpQvtsb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879ed161bc900b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed1603a0456ca | 104.21.16.225 | | 112 kB |
URL shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed1603a0456ca IP104.21.16.225:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (112290 bytes) Hash79e8033e56a0da5582f7942c43133d8e 15f7bcfbc9264349920701c00e51f71bbe3954a3 be7e6a2e8c1e9e19d914b75f1909fb258232b364d9e79a5e78d51667ccd361a5
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed1603a0456ca HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L?__cf_chl_rt_tk=64DAawd0yJBQ2MBTg2EE4uo59mh35Jo__D2QuglnOB0-1714053191-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 13:53:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mt6n26cEO97FnPcGzXpzT0QFeNObsurPIUR0oX3nXL9yN9jZmUYc9QkPPcZyEa9NQ6p4pNNGhZZBD98VazKAkHRv5%2B7oDRVBOx5adAPuf7vbALxAoeKUJ67VBAF9NG4mHrlZGkseUFzU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879ed1611e13b4f3-OSL
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 104.21.16.225 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeHTML document, ASCII text, with very long lines (14398), with no line terminators Hashd4d90bdf5ebc68d51a4434075ad16e35 dc3a82447ba0984485a2c0611c2cae52233cb6fd 275cadd727f3064900f1766770801cbaacc364f7f32a2ea4976272dff0dfc756
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 13:53:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: l/irS+kxp4PSRbxamkYCID6kPhv9nNcK5Mefy/far5yekGVs/pCTv6vd5Gy+MuR9wrtVkAuTOQsF8Tvtcan2fyP4pyLpsz2QCiqdnRvmfLV+SPc4Uxy3jWMBatSuI68KHWaYVPIknHGMmlLdX2lCEg==$yrqFuPqhy/Q65elGZEybtQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pFzs9EwEJm4FC7XDcMuaNcbrvzKUiGc6eYVhZNfqbTAYiYExwDrZ7jfHjCGroCFZqJksyoWKVgfkdF2SdGArvZNjcjwOc1wg5rDEq6IbmutX%2FP0%2BrF1r8qz884%2F7VK2Nc%2Bd01sfcv2x"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879ed1625fa2b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1185341848:1714051607:-cmLP6UI7w55214hhOC78iqo-CcBEJ-RSEkjgz4h26E/879ed1603a0456ca/064df46a218f0d3 | 104.21.16.225 | | 12 kB |
URL shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1185341848:1714051607:-cmLP6UI7w55214hhOC78iqo-CcBEJ-RSEkjgz4h26E/879ed1603a0456ca/064df46a218f0d3 IP104.21.16.225:0
File typeASCII text, with very long lines (15996), with no line terminators Hash7c27a102850f67e5525353ccbb3c3859 6bf36a727c808f1d9f7811c829dfdf953db71952 afea5333ecdd74ac6d1592280cd85c01b51874e311bac2ba34312ef211ff62a2
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1185341848:1714051607:-cmLP6UI7w55214hhOC78iqo-CcBEJ-RSEkjgz4h26E/879ed1603a0456ca/064df46a218f0d3 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L
Content-type: application/x-www-form-urlencoded
CF-Challenge: 064df46a218f0d3
Content-Length: 1850
Origin: http://shortsvelventysjo.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 13:53:12 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: Mfj09XWBEP9rx87G7ZF5XEhJV/Jf/Xq70zQ0hZwhsvuip+PqBY7VeSJjjc/lEg28$F0U3msx+I5+FTYnWdwQFRQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6UoVx6jkVqJTJzbzvG7sCI48s1E870CMV6zNh1oUvNdnQmgL1ItSL8Rgun9y%2FDhzTMCnPjvoFE8VYospekr%2Bt9ggHSLiv%2BEXLW0XZ9%2Bi8k8msoOwLap2Oqfi0hBGLQJFqP3Q4DreRn7d"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879ed1632c7356b4-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/caal1/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:12 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 879ed1646be0b515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed163fb85b515 | 104.17.3.184 | | 172 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed163fb85b515 IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size172 kB (171821 bytes) Hash74bfe139e81900d5fb6867eb5127d2d2 1b47966e82287d2acaf4cadedd08280ffc6a003d dc84cb059196da9a8fc8f753ddd5b22ff6487c190a3d2a8db17c83d8b392f9af
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed163fb85b515 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/caal1/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 879ed1646be6b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/506884785:1714051705:4uBrbixmCc3EqL8VGaqd6L_1nppTBX37YLPxnpVbdsU/879ed163fb85b515/dcbbe4938e417e3 | 104.17.3.184 | | 24 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/506884785:1714051705:4uBrbixmCc3EqL8VGaqd6L_1nppTBX37YLPxnpVbdsU/879ed163fb85b515/dcbbe4938e417e3 IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22536), with no line terminators Hash34788df1d581c5eb3c244a61f6ba9917 7865fbaff67e3a22aaf4ee0dbdc189a56559165a ef36e0c566d41c7e6abbd176fa654050190985d621875b31bd7ac9d76d771a16
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/506884785:1714051705:4uBrbixmCc3EqL8VGaqd6L_1nppTBX37YLPxnpVbdsU/879ed163fb85b515/dcbbe4938e417e3 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/caal1/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: dcbbe4938e417e3
Content-Length: 25751
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:14 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: /Ip7rSrBAf7EMvGv1Idiz13UGmobeHouMBH31/ZTJCJDZDmIUTv7TdqMUkW2i/M4$5EVsmak0JqjlPD9ZkajZHg==
vary: accept-encoding
server: cloudflare
cf-ray: 879ed17198ecb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/506884785:1714051705:4uBrbixmCc3EqL8VGaqd6L_1nppTBX37YLPxnpVbdsU/879ed163fb85b515/dcbbe4938e417e3 | 104.17.3.184 | | 120 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/506884785:1714051705:4uBrbixmCc3EqL8VGaqd6L_1nppTBX37YLPxnpVbdsU/879ed163fb85b515/dcbbe4938e417e3 IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size120 kB (120471 bytes) Hash2b02e1224bec7a93b1b2ff9c8c10dfe5 fdb8a766cef989544688e56a9416df6941544b7c f16ed395a61dc833d3d3ede85bf551828dbafe906a81e0af32824029543b11e4
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/506884785:1714051705:4uBrbixmCc3EqL8VGaqd6L_1nppTBX37YLPxnpVbdsU/879ed163fb85b515/dcbbe4938e417e3 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/caal1/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: dcbbe4938e417e3
Content-Length: 3323
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:12 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: taU3ab3FTq/y6nQC3eaL8ynOuDVFTJi18zp5TzEVGScpz+Lo/Nua0GGhl4EsrkF2RMfwPbNRaZ5r92sUPTQfrp1f+xP5I+ctYNcwTAPwl23gLKM7Om+EoUGjW1P5wo/ExGeOhYoZUEhZrX2MN0qhkZAM5HATMSMxcarb0uDrxekggpSKeFq+VezEoRevxkgQigyeYmm+nz+9yIfV7NltofiMDQzDhJOgCjPyDJ4+kRTM1w+DvTuqZWgWa7QcYbH2kh/MRTRtYEBBhh6edA/JjIMBOVwbtPQrCXuVo3E9WM7cNJ+5Z++YqKowuC/MfQ7UjVyMXcoLRhiD27nseHTUO//lsQGT12/KOfc1hRe4vEvSoQCBMJB8L8yKaic5jN++0irQW5FF8GTg6WGGg3bVQHBX7hD7Rkq4EHjdOWPlfzzjAZmNzgVRC5U/N0vFAXDy3A+5h5mwUBHNWF9riMhaiA==$URjoRHgHzSChVI6naVeoEw==
vary: accept-encoding
server: cloudflare
cf-ray: 879ed1663d64b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed19aee7856b4 | 104.21.16.225 | | 115 kB |
URL shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed19aee7856b4 IP104.21.16.225:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size115 kB (114994 bytes) Hashf6179b9aae26a55b44817a3c8d1c0b52 c0a2270ffc8edc28175b992e716f7391cc6904fd c4640ba15a07fb5fd0b28ecf6067f8539adca7957e12758b570b17081062f654
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed19aee7856b4 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L?__cf_chl_rt_tk=rL5J6ogPYCwN01.gfMBaXdt8_3qSbTfaB6wRwUg66bY-1714053201-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 13:53:21 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U4Jje6NmREjOAim%2FL0xDQ%2FihcdpiX1VdtUFgbjoPAaMqpRxgtX6JLXvhWX0SuREX6XHnrUVakCF8fOmJeHgej5l1IE0Ei8xar5JewVjuImy1THxZGDMZREAvBihlOW5UvDgY3NMWRfbS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879ed19b4901b515-OSL
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 104.21.16.225 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeHTML document, ASCII text, with very long lines (14504), with no line terminators Hash4d7dec222b8bb1d588953438705c11af 03649f59661f586bcf59cc61f95677f1af285aa7 5ff38fdd805c9e7a5f855da8cf1f564d34d64b613eae8ec6bf19318c2c7a6c2e
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L?__cf_chl_rt_tk=rL5J6ogPYCwN01.gfMBaXdt8_3qSbTfaB6wRwUg66bY-1714053201-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 13:53:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: bovS1S2QaCzCZWHYDGgHGKEX5HHeQOk1tXXd57htHstVDKS1myweBCo5TEPoT8BO7ZHQ2V6Ri7LOQG5rozbtZyO79sB+/reuS4DUzlvZCrxzNCkJZugE2NF8z3FX+pGZgd6Gv+sLo7YiLMcgD0y03g==$3yq/ppOSAbHbmJ+SPOQAsQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvitMsWDPLoCGzo0uMhNZMKMnaiYuDd%2BxK4YI7KbrJwQhzJKAzV%2FoBEcBPamNWprv4J2qcnVF9owuxAQd8dqBIJoZaKglkMF%2BAwxHD0f04ySm%2FwFZU4YxpB460OGRMM0X0leHyA65wZ0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879ed19b8936b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 104.21.16.225 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hash17e887420341beb2415cf82d942fbccb 722e1bbdc9883b3a55a70e01acaa9940cd5e0552 6060a6d92aa8cfb2e15a735ed6ba026d5800054dd43fbd6070bee49acc108029
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 13:53:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 1dyyHZ71+1gbiubQOGGBzvIZixwx4WlrlE67JEhuiUDTq2leBTgJeXOSH4yZu8qpA+69ORhIeq8eg/Fc6Xkqro8U8vY5FlXHUmZXNGnh2oA9VeIBPr7FQAtOb7MPKxbp4AXmpE4jlh2YcY4/0mQW+w==$UkcYdEMlvd00z//ljp3rSQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzlJIJEhTgD4SlgUBQrkPDQvSrIl%2B60h%2Fm2zgZXgDtM%2BZZaEPnah2XMTUx53T2C%2FTrY1jIYmN3z80JLxml0FEn%2FuN%2BvyTsRA8X4xOZF5vnVN5sRBIO4x9JB4YBsDlWeJ6c%2BaEZ0vMQng"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879ed19bd8a1569f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1723157285:1714051588:6reJTY_nR9DF9gySoX9fbu1iFIhV-uuJJQLBUSu9cqE/879ed19aee7856b4/771ba8e9deebcb0 | 104.21.16.225 | | 12 kB |
URL shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1723157285:1714051588:6reJTY_nR9DF9gySoX9fbu1iFIhV-uuJJQLBUSu9cqE/879ed19aee7856b4/771ba8e9deebcb0 IP104.21.16.225:0
File typeASCII text, with very long lines (15980), with no line terminators Hash76b19b663e5a7c3068dd484f8ff90b8a 4c07c3f97bfbf2db4a60f6d13862f80d54d976b3 f41e161849516f3174d3df8da7da42c8318bcebbcc4b3f13a8675c9334c50495
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1723157285:1714051588:6reJTY_nR9DF9gySoX9fbu1iFIhV-uuJJQLBUSu9cqE/879ed19aee7856b4/771ba8e9deebcb0 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L
Content-type: application/x-www-form-urlencoded
CF-Challenge: 771ba8e9deebcb0
Content-Length: 1859
Origin: http://shortsvelventysjo.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 13:53:21 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 2Z5MfyOh0DCvtwrFgzeIVrwR9sn3HeGnAi+MrNub8cB5356J6vai1IgCjdoPRNMD$o51+5BS3BrI6wZVLKTbiXg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgOWQe8RiWvpfsw8JSZHK%2FMCM2PFLfDaPzd9gXCtrbWDyGm1f%2Bnn9Y%2FgUDqjSbuKq7TRkk%2F9zFXGBKHdFUmxHLb1hjKQYxGvpH4EtIC4uFbV%2FQsfUr8ois8TtYPVPsdcc9vHI8Xxht8S"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879ed19c982a56b4-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit | 104.17.3.184 | 200 OK | 14 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit IP104.17.3.184:443
Requested byhttp://shortsvelventysjo.shop/C0L CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://shortsvelventysjo.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:21 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 879ed19be991b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879ed19d7b4eb515/1714053201888/HfqzGgrk9eCtMkg | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879ed19d7b4eb515/1714053201888/HfqzGgrk9eCtMkg IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 16 x 55, 8-bit/color RGB, non-interlaced Hash173dd44d346af197b0c0d5aa9dfb2404 f8f2ff7ad5f082f063cdfe78c38361f1f721c4e7 1776e3c47ca56f5339e8a017514936961a20739bac641b1621075c1f7d81bc78
GET /cdn-cgi/challenge-platform/h/b/i/879ed19d7b4eb515/1714053201888/HfqzGgrk9eCtMkg HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h4iwt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:22 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879ed1a4aa23b515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h4iwt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | | 27 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h4iwt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash9cf62d49342e97c9a54650aaf7415469 94ecb44aeb9cded83032944e7d54711e09576e5a f4e5e570a74425b6ff4a9d072cc9ebcac652e7705ab51393942dcb8e7e45160c
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h4iwt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:21 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
cross-origin-embedder-policy: require-corp
referrer-policy: same-origin
origin-agent-cluster: ?1
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
vary: accept-encoding
server: cloudflare
cf-ray: 879ed19d7b4eb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| shortsvelventysjo.shop/C0L | 104.21.16.225 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1shortsvelventysjo.shop/C0L IP104.21.16.225:80
File typeHTML document, ASCII text, with very long lines (14383), with no line terminators Hash248a7e01c310d650f7249c74e8f0304c 55c538b18d4c74667cdc146b30409d7707632965 ecb34a3333272531c759ff3cac89e934f3d1b261d8570cc62b768b878ef60305
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /C0L HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 13:53:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: U4gXBYhOQ/uRCVjZjyx0MvQiZwipJM0yhL4beO7yWYbTnChCpTCVticwTZBb17Gk/lJsYvWbFB9jXp/GAtHQIT+nt6li4J+n6dMu3wuC1TUkyVmugoBE2oQekIiYGVwNy2stbKT9XrZ/aZ0QAN8Qsw==$camYNz+CGgp5U+1PVbYJVA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AvrpDiwYyfYLHc0HwC%2FYJq3LrFo58JaflcT2bpt3F5o7HIBYr0FyZk87f0r89pVPMKUIenF5dpf2XeypmUgntpVEIYZWWtLRLqnKK9eK0hIwLMCAxYFwJeUjpyl5l3wHFg5%2B8eizEOne"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879ed1d868b656b4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed1d868b656b4 | 104.21.16.225 | 200 OK | 113 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed1d868b656b4 IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (113341 bytes) Hashb34ec93f2d6448d663e0556acedb7745 6f83abd4e376fc08b2952039481a6e3639f68bb4 92abb9528436182d549e2ea963d79604b9a5c8b642821a188bc4d86705d610dd
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879ed1d868b656b4 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L?__cf_chl_rt_tk=KylSBZLIreS8EOZRvwMKcBaGwXle4ejMIG.VHPYnQpI-1714053210-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 13:53:31 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7EeH3gk2oNbbXnOiD1IA7xZHYBjqCE5n9dvSPbOe%2FH8BpCmdXxic2KYyMKbI6bqrR4d0NwieMrs4LSu3r7Wdx2mhGcf%2BbzcDmltNDk7dcNU8fyViLlfTh8oxOOBpa%2BDjpMEWJoMGjoM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879ed1d8de560b45-OSL
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 104.21.16.225 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeHTML document, ASCII text, with very long lines (14505), with no line terminators Hash0aa319a3ee68978b82d4db2db43a7e80 b5d8c419f8bbf0bbc34c095de3dca96296eb3a2f 074ebc973672b6fbc5de2f97270bad5588f1635b3acd2054300084c4fb3e8244
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L?__cf_chl_rt_tk=KylSBZLIreS8EOZRvwMKcBaGwXle4ejMIG.VHPYnQpI-1714053210-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 13:53:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: nQEoQ3mG06XG4dSJtm0gnAVTzKwsLczfRxoljzQ37G+1C4Ks7DQDQBqjLZIOcGCEBhRitURHBYx+pSdC7uoqH1xpnieRYTSk6Ad/mF04W1lMgBnsH6+lLJ8HA+0HjDX0mlz8yFhUqB44I7L4T8SQFQ==$npqS4aut44WvNQXGRhuOPA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpnQXDXq7RMc63DSKowJqVAmml%2B3dDOyYU9Bh4cz4NAXj8R1HL9z9Y6ezswXYP%2Fz05gVWgJAi%2Bh5ZI7JugLGNRsRj885cxEpTVQvVdrt8SnBBTIkR2gmw%2BMSHk0EwL%2F5Tqnt4NLjZMCD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879ed1d92ea10b45-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/favicon.ico | 104.21.16.225 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1shortsvelventysjo.shop/favicon.ico IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hash4eeb67b2d923066c887d16c1ad1d15d2 1640628fa9a55d7b53e9a7feed0da5346a77ab15 b18429631bbad7d3dd9b7c03868fdd03f2adc0cdfd5411de105717f476849c77
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 13:53:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: PuYoc7zRTnPMPFKBJmd1KIpi+vJSHQmgqX6Q/HhJUovR+V0y5GxBnkycxMHNnq/Kd50kpWRkX/IeOzsxMvUPSNsi8YMQpdR/H1hREf5RNRShzm8ybvZ6NWWLnNqdIfhwpr+Mk7AxaiAcP7phxuP5iw==$LjdoADaUy9yX0IeEuN1v8g==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FL%2B8WZ0o5QGAHH5hb5GradqI8D5RFTWGMGMihcaF1xcuNs7f037%2Bn5J3IcGPuNaEgtYFyOtPfJMFSrDQJeKhILUNY2A5%2BZP0v3ExWU8F6NmvYN%2FYgKsG%2BI3Y925Nvf%2BCJoeasycRJTii"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879ed1d98b7db517-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/6821686:1714051537:lrg5UDYgcRlMqrXdG2E4WjpMC_0QSU6VeJ5Z8OdtXhQ/879ed1d868b656b4/373a8c7344593f3 | 104.21.16.225 | 200 OK | 12 kB |
URL POST HTTP/1.1shortsvelventysjo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/6821686:1714051537:lrg5UDYgcRlMqrXdG2E4WjpMC_0QSU6VeJ5Z8OdtXhQ/879ed1d868b656b4/373a8c7344593f3 IP104.21.16.225:80
Requested byhttp://shortsvelventysjo.shop/C0L
File typeASCII text, with very long lines (15996), with no line terminators Hash202ba0d9511ed4b2d75f6ff0c0cc2e8c 4a27b0705b903180c07d7457170bd7c77c26c009 83d339ef33cbf9aaba3105bc78b7013bb3f14b33719b6c0014b2f67093cfca97
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/6821686:1714051537:lrg5UDYgcRlMqrXdG2E4WjpMC_0QSU6VeJ5Z8OdtXhQ/879ed1d868b656b4/373a8c7344593f3 HTTP/1.1
Host: shortsvelventysjo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://shortsvelventysjo.shop/C0L
Content-type: application/x-www-form-urlencoded
CF-Challenge: 373a8c7344593f3
Content-Length: 1842
Origin: http://shortsvelventysjo.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 13:53:31 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: FUPqLMAkolX2ZWUcbUIo4pUguETGyYNOkFbqKswL4N1kX5pVbqhWNvC77Btgfixq$WGeBxerc/EhQB8gQxCVecA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z3HyNsPhDEDLsZjkQs4Gq%2FuM%2Fhq5TRhP%2Fzb1ALozlLZl%2FsLOE4E7ZJ8RdUmfH2HZv%2BehN2MIRzXfyoBC%2BHey5DESrts8jf%2BWZN%2F0rokXd7Q9%2BKbQwhh1DZMlr2neNIrA7%2FtNfs3ZNXB4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879ed1da4e8a568d-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed19d7b4eb515 | 104.17.3.184 | | 171 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed19d7b4eb515 IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size171 kB (170731 bytes) Hash4ef77921a04be1a7aee3d14ad8eb6c59 8b7da516c960e5126278092debe124c58796a8a3 a3e767481ff0c739edfc6c0518371aeb1b1774836c93f43443e2ddfe1ce1ea19
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed19d7b4eb515 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h4iwt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:21 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 879ed19dfbb3b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879ed1db0c9cb515/1714053211767/DYdrd7HBwcTM9NQ | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879ed1db0c9cb515/1714053211767/DYdrd7HBwcTM9NQ IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 48 x 51, 8-bit/color RGB, non-interlaced Hash886d563959830d9b54e29f75452d268a 2beca2d61019a40fc5104a796a1b38852c2e4b89 53972cdeb27f421b92aa87d8fab42fb48544e342012aced2c552c22926ce87a2
GET /cdn-cgi/challenge-platform/h/b/i/879ed1db0c9cb515/1714053211767/DYdrd7HBwcTM9NQ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:32 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879ed1e049c0b515-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1756319924:1714051777:2UrIHZV4MbBaFpNdOTREeKTKYEa2b1kx4bSYGvdfJtY/879ed1db0c9cb515/73c1789a7db8966 | 104.17.3.184 | 200 OK | 120 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1756319924:1714051777:2UrIHZV4MbBaFpNdOTREeKTKYEa2b1kx4bSYGvdfJtY/879ed1db0c9cb515/73c1789a7db8966 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size120 kB (120160 bytes) Hash3262c679cf89c4bdb1fc4dcb6efecad0 137993fce9350cb3224263ae1489dae75ff80f7b 912c187efa88d9655b8e1faf9c9b7fd0ec7fc99547c7c478c795823fdb4c46e8
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1756319924:1714051777:2UrIHZV4MbBaFpNdOTREeKTKYEa2b1kx4bSYGvdfJtY/879ed1db0c9cb515/73c1789a7db8966 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 73c1789a7db8966
Content-Length: 3325
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:31 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: a5lCQqAVTZoLGbD3kZf6ga250YhtoCvPI7ptv4xY4IO7lO0wfac7nUCyaSI2zxTBektlMOHDuBsfD2K0W6+ypVfRjVoqee0t5p4ZOkTuXMpr+5Prs3xpd2t7o4Y7WxhJgRfWl9wZKp2Ms/21I/3Vbb/YFy4/KYfF6wZht80AGDPzq1l5WSipRPDX7jcZG/J3IZY3Gfu9kWFXY8OpTxE7prztyKyCLff66+vO00c7iu9RQ23jOI+jd+PxbV2lUtGWxwukBYhUq/9skv4xYTRwJERVlv4LR4OGsZpSPY6EkIPe0h6JOZ3SIW7D/H9ToFjcc3GAsa6tc9/AZuA8NYmMhZa2fDt2Qq9u+dANJWDrKXoPdM2s0kBwotdIPtFuVgg0oXO25huKcEAnStXSgYYB0xVSciRjf7hKwZiH3cACTGoFLatjipzEYR/+s8bTYSXDhyRn6Vvru3tiTCtPKj4oS5IVDrI1YdvUYKl1qnUgOHPnk9yX2Rf3TM8W/1AMZ8F+mesEiis8UJMZtGaFVVfyaw==$n7kLxOkhGke+0rrnZEdGCQ==
vary: accept-encoding
server: cloudflare
cf-ray: 879ed1dd7f36b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 80 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://shortsvelventysjo.shop/C0L CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hashf2824eb4ae0a22db5a8dae793d2ac45a 89ef97c8e65d43984a7b967dbbf5dcae8c54ff8b d4ca6a18bfa2641fe91b84e793eca22ec46e7ca4960dcf1e01304c92c034e6f2
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:31 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
referrer-policy: same-origin
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
origin-agent-cluster: ?1
vary: accept-encoding
server: cloudflare
cf-ray: 879ed1db0c9cb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed1db0c9cb515 | 104.17.3.184 | 200 OK | 428 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed1db0c9cb515 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size428 kB (428326 bytes) Hash21dd54cb199f1ec142655d7c64ba361a 04a1f17cd0cad44bd52c2a2cb3a00312ff179dee 251152b571947af5a26cf0777305a9781aef1400b1e5cc2003c4930ae2bc655f
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879ed1db0c9cb515 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bj2fd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 13:53:31 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 879ed1dbad5eb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|