Report - stiffraspyofkwsl.shop/

Report Overview

Submitted URL
stiffraspyofkwsl.shop/
IP
172.67.189.159
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 21:18:17
Access
public
Website Title
Just a moment...
Final URL
stiffraspyofkwsl.shop/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
66

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
stiffraspyofkwsl.shop	unknown	unknown	No data	No data	5.2 kB	305 kB	104.21.81.139
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-05-10	7.8 kB	830 kB	104.17.3.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 21:17:51	high	Client IP	172.67.189.159	ET MALWARE Observed Lumma Stealer Related Domain (stiffraspyofkwsl .shop in TLS SNI)
2024-05-10 21:17:51	high	Client IP	172.67.189.159	ET MALWARE Observed Lumma Stealer Related Domain (stiffraspyofkwsl .shop in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed
2024-05-10	medium	stiffraspyofkwsl.shop	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer
2024-05-10	medium	stiffraspyofkwsl.shop	Lumma Stealer

JavaScript (71)

	URL	Size	First Seen	Last Seen
	stiffraspyofkwsl.shop/	4.5 kB	2024-05-10	2024-05-10
Pretty URL stiffraspyofkwsl.shop/ IP 104.21.81.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 4345d01d0ceb9fc7e58f06d6ac9cfc32 b1a292130e1df15db28121e4533ea51be37a381b 86ae37ad688690879331edc1a34d5ec886be774f602cd57517b38e36b9084f3f Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881cf5b2293d0b55	440 kB	2024-05-10	2024-05-10
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881cf5b2293d0b55 IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:26 Times Seen2 Hash 18640d89865667a6c7e375f8869ab7e1 41e21c8486b49be7f58befbcbc32b0360182cb38 9b3be90a535e94589e50c7652e35354a9ceafe5585647f32b3631e61b6c9999d Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	3.6 kB	2024-05-10	2024-05-10
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 0374206b54303d86e821edac0a7ff35d 7116fcfc31858834668c92c9f411e10a432a51a8 e187f3c25e7e3a1534dbecb41deddaacb113ca66d2d903073036cfd812993a8b Loading...

	challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit	43 kB	2024-05-08	2024-05-17
Pretty URL challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 21:17:22 Last Seen2024-05-17 15:34:59 Times Seen1392 Hash 86183dd14ee10d1dee92b37b5069d716 9ec32d650ece484bbe624ca734a0a65e22d35dd6 ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4 Loading...

	stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf5af4944569c	406 kB	2024-05-10	2024-05-10
Pretty URL stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf5af4944569c IP 104.21.81.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:26 Times Seen2 Hash 1bacff7962b7a93e6809a56e26f2cf90 0ac67731bd2f454f5b28e65bfc6a663a06b4eda9 61b9cfa33e3851fe1cdc8c4f4594cecc27a10605201a8fd579cb47009030ac75 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 16bf89a494284faae247885bb6a66a41	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 16bf89a494284faae247885bb6a66a41 998e6bc8900d6864833b7af26fa5ecdf21f2e1e8 df040144b66919fd10f5c70958758469262fe61fb7edd969680a3e752dfbcb13 Loading...

	#2 Eval - 35fb5db7711c7deffabfba635c923640	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 35fb5db7711c7deffabfba635c923640 71f5370d2bb2610d936939c6f7c0971d1fbd6950 4895e9920a25cb30dd4b7e611a326d85cab6929398b876758c541551d281b06c Loading...

	#3 Eval - da3a2c4b498a2d518e2f1efa45da0ace	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash da3a2c4b498a2d518e2f1efa45da0ace b7e02c625e5e5032c84b8ee8cc84f6b1240c9ea6 3c1dbe4398a4576db68a01bf931e0769c3a3de7d97c3a325ef9f8ac6d0e52b82 Loading...

	#4 Eval - f9fbbdd3fe9e3f13dab07605b5b082dd	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash f9fbbdd3fe9e3f13dab07605b5b082dd d856fa8749a588dcc0e105ab549c8502ef39f20f 009d6c33c131182a0a666baa06e8fc006bb1378d79a50223dbd848796bb68ff0 Loading...

	#5 Eval - 5bcb5b8aa634d7c9bef40be777a74fae	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 5bcb5b8aa634d7c9bef40be777a74fae d66605e3655df5c2559d8f4b0fa981d4915ee78c d072409b8212beefecb4922bb1eb45ce8bdf028f476d78ac72cc12b8dca4e3ab Loading...

	#6 Eval - 08a481063f97492b6ae344f0d926c9bb	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 08a481063f97492b6ae344f0d926c9bb f5b43213c2471e6e42a206260a7027f1560b3940 a43ce4e4f31efd5dbb36589c420bab1055ca94b7d8d85f9b376337e1d8c66571 Loading...

	#7 Eval - 6de44db101dfb58f0e0ab01401ac8900	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 6de44db101dfb58f0e0ab01401ac8900 7a813c54b7da0a5d60f59b3891fb05ac9af079ca 880cbba52439ac8e1e26905ca606e9128ff24f0cb0d273a4098ca647d7350869 Loading...

	#8 Eval - 6675953d0caaeb1da915fc42321f4a17	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 6675953d0caaeb1da915fc42321f4a17 7f7946af7a99601ffac3d5f1e446faafdf497ed7 dab6b49d2d6887913a5e5806dc791344a8a97b0fc21ed765eeb0915d200bdafe Loading...

	#9 Eval - e69208210913fdec7a86137cabfffd9d	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash e69208210913fdec7a86137cabfffd9d b4eec568835c0a37029cad0e7fc0e66645d07528 bbae21402fd4a3f5d6f81c2355fea9c31a3dea19c3772dcc30542875b790191b Loading...

	#10 Eval - 58b77ab0076605a0616d2f0adf13128a	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 58b77ab0076605a0616d2f0adf13128a cb5ca6de4cdecb356f80abb4ffe23c3652e25f34 94077ea2e6f86702ffa76cded451ae5615cf3a57465ccd0834429734b6dbef42 Loading...

	#11 Eval - 4e616a3962e4a04ec8a95f1d9af6ac4b	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 4e616a3962e4a04ec8a95f1d9af6ac4b adf26634352f50678b1d92281709055910e2dfff f42c59aea9f23fc948314e6aa289e69006e502ba07bbbd6b4552cf71fae95540 Loading...

	#12 Eval - 87b33f39e091905bb403a0e3136678ff	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 87b33f39e091905bb403a0e3136678ff 32e3e52d5219668d655efc49d8d18d8d84571ec9 b0b5ea64020923bf6f27cca060c9a6f713c7faa2d067d933eecd7eef4f005490 Loading...

	#13 Eval - 7518de2e98fdb8beaacd29b1b1c7f7ad	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 7518de2e98fdb8beaacd29b1b1c7f7ad 50e154f0e9cd7bcb60e38bed8f17b2cabd6f7d28 2c883b2881dc1f6358066d049c1eb3ef7dff0eb1641931845750a3222faf9ea1 Loading...

	#14 Eval - 9ef48a77670f4644e325e43e448f71cc	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 9ef48a77670f4644e325e43e448f71cc bb39ea27c967da1a20b99916184d7f54d70a9f26 f7d7530cecaddf1179c60c1a408e915495b776bd0ed87cdfeaff33d9c6ca6e37 Loading...

	#15 Eval - b836a546046233e96fbc9f6782a64f75	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash b836a546046233e96fbc9f6782a64f75 07557aa483b9fda076274287839107fdf311e93b 984972caa07a7286393f5513c2786500704e55a0886fecde076b1aadf729beae Loading...

	#16 Eval - 3ee3a29c72c98563fa528a8de3b2ebba	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 3ee3a29c72c98563fa528a8de3b2ebba d93cffda578fde075f8dab3b37c9408eb61033cf e0795e6f6bdff5d9abfe0990f5f7829b70fdf2e1d26674b20562e18c61daf66c Loading...

	#17 Eval - 77890893e54313c04db3172044fe475f	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 77890893e54313c04db3172044fe475f 51e86bfe0f1d3d77a5039ab2b6e06eacec079221 a5a45ad97920307565988dd91ced799ff1100e0855acaec7a2f00c6330be0113 Loading...

	#18 Eval - 809b96476594e23739841a2a086a5a1e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 809b96476594e23739841a2a086a5a1e dae22c677d57137a26c8250fc4ad57b78a3b2f80 e445375eb2b8a04a4a8876e69fb2d51e59aa0fc7d05822f6fa8a5cbf4cc82d52 Loading...

	#19 Eval - dbad9e1d8c751e91c504269e99a95478	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash dbad9e1d8c751e91c504269e99a95478 02cce6836bb1d120a089ca15e39e71122bca6057 00a365461bf1759d727217fe2d2d245bec7fe45597a3e916bdbb9d6134199387 Loading...

	#20 Eval - b5e3de4021b9b79b6efd21b276ed8974	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash b5e3de4021b9b79b6efd21b276ed8974 026b6a11ec34aee7c0017454e7dce82137d15ab3 4efcfc80c7ea6f69b6120d0b60764ce850bc49062ce1936acd1cc93925a0885d Loading...

	#21 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-23
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-23 08:10:10 Times Seen355203 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#22 Eval - 4b60d9e2768e2ad3df85a6f922991804	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 4b60d9e2768e2ad3df85a6f922991804 23e298f4948ebb7224b660351274c3190cf8eca1 bb673e74362e7ed771802e5e34e51b8597f826f9b960768cc71dd3181f64d74f Loading...

	#23 Eval - c22bee0ba42e05a0929c2785055f07e0	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash c22bee0ba42e05a0929c2785055f07e0 5e5bd993337b45b1c2054d402bee9987c04f8657 3bad49e64b89ba12c1874762d97b5c6a9655bd6d75fb3ce37bda6c7696f76562 Loading...

	#24 Eval - 307fb9b6606d71d1166a4a0079f275b7	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash 307fb9b6606d71d1166a4a0079f275b7 f6618f9374e809014c70ad7a0f729eba9a2e6f17 3388104377bb4772d1e6cb14f97a97029dd872bf36eb5b374e664bd03c670bd3 Loading...

	#25 Eval - ab8d6d114f1164a6607a48ef6d2d8734	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:24 Times Seen1 Hash ab8d6d114f1164a6607a48ef6d2d8734 dd75295de5157fe141e64a52a915e9b07b9f7139 61898dcc6a5f7621bdc89ce4f0815822bbeec2591354d3069f4af3660c46b28f Loading...

	#26 Eval - cb9e431f61cae8d1fa099c53de8e1d47	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:24 Last Seen2024-05-10 23:18:25 Times Seen1 Hash cb9e431f61cae8d1fa099c53de8e1d47 35744fcf9f2731ce7244f9a874f96221b935bbc5 8ddcaa96f83ef4b6695f60ac5cc05116f32210faaeea65ee1dc4ad02924bdbbe Loading...

	#27 Eval - 6275f60dbcee493d600af6e5d00b6bdd	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 6275f60dbcee493d600af6e5d00b6bdd 246885147948cc4cafd108e5a95e24f1e2882b99 f5c144bb5cd493e3c9cecf596d630707227d365e6d3f13e433652d7ea1f3d987 Loading...

	#28 Eval - 3aab9d2bbb09b663420153165788a5ec	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 3aab9d2bbb09b663420153165788a5ec 38ca53d783778162b220e727dd8f7e48b608c780 7d99b371205ebb4b612f9e6ee4524afcdb489a6ca6325a007050291db12d15d8 Loading...

	#29 Eval - 53e146128252b9c8b1a1a4e1e18310c4	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 53e146128252b9c8b1a1a4e1e18310c4 05489fceba65531d666ce97907ff481c30ae39e6 abe280cfdbf9d22720699d707395b45905711fb56d4262041a0d1bd50748492d Loading...

	#30 Eval - 9f5a1bcd2d87b506c6fcbfd98dad69f2	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 9f5a1bcd2d87b506c6fcbfd98dad69f2 61f8499d89976e929d622a4d12f155f3af0c6132 652cda00eb9dfb0178f3f3399b80145027f94c319f75df5135701418b62e09cb Loading...

	#31 Eval - 74ca54d60106d4a8d44505ed0b27e1a5	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 74ca54d60106d4a8d44505ed0b27e1a5 72bf082e3eecfab9796110625d7cfde32ff0fbaf 4edd5edef11d80fa1e99053362379a9fdc370c06e41784e6ba135c5e7250e0c3 Loading...

	#32 Eval - 17c61abe329a1fbe5ba96e81e866dfe7	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 17c61abe329a1fbe5ba96e81e866dfe7 68e444da6b1529d024abae9207b76e9925740bc6 a021b29df8c5cdd95e915829a71d53d03fa86b51cd8adcb8464f9381681f6269 Loading...

	#33 Eval - ad8da107a5836330c2dff27df5050c30	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash ad8da107a5836330c2dff27df5050c30 b1ad4ba52ac462cefb2e4d07797e9437dffa4eef 6c7b6e441b18328acb8b6fa3540f217fffa2ed2d88684a5e385a44a2244a9efa Loading...

	#34 Eval - 298e52665be4d5ae8e6d12f24e39fad3	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 298e52665be4d5ae8e6d12f24e39fad3 b6e63b4cad3276d815344d0c201ca582e0175fb6 c96f5063e63669314a4d4d11c20ed1519959ddd3f7bce7bedab5a45f89a79b54 Loading...

	#35 Eval - d7c2c620a368237078212fe33b0418fb	2.8 kB	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash d7c2c620a368237078212fe33b0418fb d9ee472222144709c3981d867b80099bfb05332f 9ce6567440be956acad5c8ea64970b426c86c03871a745fd93938a46ed939b81 Loading...

	#36 Eval - dc77da9a1140b92a0c2ebead2d99c08e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash dc77da9a1140b92a0c2ebead2d99c08e 3e264231fd04c8df69e81ae638ee26b745c37df6 c3a97a09020a4706d58f80570f105cdd143c51c3c2cfb7dcd35e27ba1c54f177 Loading...

	#37 Eval - af4877ca2866b538ee1b77ae92a6f843	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash af4877ca2866b538ee1b77ae92a6f843 cb9948030e49eb4bcb00a6c92d862fd3034ecfbd 72dee9b1792542c1a3b9979a14fe0232a35fda3cccb75c2779e933dab4863444 Loading...

	#38 Eval - 4d17c079040f645fd7f28be048f6b5b3	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 4d17c079040f645fd7f28be048f6b5b3 d4f33144f6971dd477f5db0219b8bc26f583671b 100e16b00347fab78d31a5e08eb8e2bc447683b479f30f2fdff024b604711b07 Loading...

	#39 Eval - 52372e67738bb1bd30ef390b789b4c74	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 52372e67738bb1bd30ef390b789b4c74 4b70063b5fbb705e9a9e42a2c42f29c078094c5d 3339b823d6d22ef2fdf3a90fbe8dad7f9d44847d1b4fe336302b04bbfc0e9e25 Loading...

	#40 Eval - 9f55409b9849a4ab04eb53b7e6aeb67f	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 9f55409b9849a4ab04eb53b7e6aeb67f 2152a96cf68f8dcd30b811f24f5ac4eb37044759 451b933b003f4f1bcc363e32a73e516d9e872eecf41f82b73a494705f0f96ef3 Loading...

	#41 Eval - c483d62491e30ac12eb5560ac783fb84	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash c483d62491e30ac12eb5560ac783fb84 6d3d3f64385166a665bbd7c9088dd8c9f25c7a57 9605c4de5ff63151883ee6073171ef6ff03a456704761b5333b2bb3d81d1708f Loading...

	#42 Eval - a99afff29d8adefca57e5fada554a1e7	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash a99afff29d8adefca57e5fada554a1e7 803c85a376a421bc6bada5230dafbf239b6ba145 6dfdec13f01be0dc2a8bdd4bb73e0d0ca419bf678d420b47d17ea2501a900d38 Loading...

	#43 Eval - b72abc7309dbe3ff9ac321f3916c6b78	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash b72abc7309dbe3ff9ac321f3916c6b78 a79b6e239f56de27704162481e4ebede4baa26a4 f147af142ec51033b4e1a7ebe4ad873c8e96bf5635644a91ec68af256d4f6084 Loading...

	#44 Eval - 5270a3c69bbfb61177a281bcb9906a00	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 5270a3c69bbfb61177a281bcb9906a00 daa3023603be3b5aa2f171ca83325a4b6b53a870 6ef50a54a8685ed0696d9904a758106b55eaa3d2072cf88a44a110bd66818b6a Loading...

	#45 Eval - d5312e8b282905306788032ca10938a4	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash d5312e8b282905306788032ca10938a4 6a57df4bf3b544cf76663a05c1b0a1429beb28e2 8ed471800017bfc36d871d39ba702413357a64c3e71fd22ecb86349f3900ee1d Loading...

	#46 Eval - cd5b00a0b29fc68c44eec28642b3ae96	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash cd5b00a0b29fc68c44eec28642b3ae96 af4200373b302627b345c882e3d0d4bc32ecb513 8d30871761ba9938327b4c0df33ea520aff7426e0a0c4d12d0d8bf71d1012773 Loading...

	#47 Eval - a0c2b00e0815e6c4e2e6d9d242546687	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash a0c2b00e0815e6c4e2e6d9d242546687 d370b5b5ec842433516ed2f4fbc2f14ac6988734 2a08b659699d013aaccec6791d7bfc6575e6674d21f951cf1b067d6607b0b034 Loading...

	#48 Eval - 23419fcf3a08a62ac4b9ef038c0cdb8a	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 23419fcf3a08a62ac4b9ef038c0cdb8a 81a73678cd7f7277b16b10ce5114faf47d2e33be 3d298a2922cd786c384207ab787826ecd6edd4089f2c9798d3446abf7feba2dc Loading...

	#49 Eval - e85d5c2375c19548a3d7ba6d1a1dd82e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash e85d5c2375c19548a3d7ba6d1a1dd82e 8cd9c9553f500491c3c7b78b0e35e1ba9e0dd38f a5007463c631c0bdea69d0c5dd0c50108ed80f85d37457c7bdb7cd9db138a66b Loading...

	#50 Eval - 2104e51b45819fb48be29bd684a7a765	62 B	2024-05-08	2024-05-17
Pretty Observations First Seen2024-05-08 21:17:23 Last Seen2024-05-17 15:34:57 Times Seen967 Hash 2104e51b45819fb48be29bd684a7a765 4c63e1a706403ae3b72fd6bd15bb42ba662b456c 409852cd2d9ad570bc66e5cc8c403b729033ebacfadc90fd9548df7f494a5869 Loading...

	#51 Eval - d81a78b71a0bcb381b0b6e9a6a71d760	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash d81a78b71a0bcb381b0b6e9a6a71d760 32fa68b6a628874b002754faffa123cc06754371 09b90d245188c3abc89480bb4e4890db9af6f90d04e6b14a9310590e27fd11ba Loading...

	#52 Eval - f62e3f78e3bd11a5924fc8f6244f3ad4	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash f62e3f78e3bd11a5924fc8f6244f3ad4 8db0cd72b9112848e4001f9f8cc21d520e0fc1b4 8244d0277bed9cd1165a7a076684a608f59767959de7c8b7fd94c3b856fc6353 Loading...

	#53 Eval - 39e6e1f7eb53ab1afdd22a1aee805c45	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 39e6e1f7eb53ab1afdd22a1aee805c45 25feca2a9019da8ef24eef3033bf0db7eaa99eda 7ce58ff4d918b38650d1e2ac76278e9b36e23024509dce9274c8652f36fba01c Loading...

	#54 Eval - c3bfd8c4380a1d95a837627d74bef55b	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash c3bfd8c4380a1d95a837627d74bef55b 2c6cfb13d223f7486aaa97133dd56bb15f3eb18f 2e6a424525bd3c37ccd9ece42e9f08e499efcbf4e39e47a3fd67952c1acda9f8 Loading...

	#55 Eval - 72aca4c0012b1c310963892453f11b6b	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 72aca4c0012b1c310963892453f11b6b a7c14637307b9d07b7dafaeb8c2735b69138eed8 c2f1fb3840f729913b38ccd14115dd3fb834d8d251186d28c75c6944368ce0b2 Loading...

	#56 Eval - e5824729d7f14770c3663b6f6ac38a72	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash e5824729d7f14770c3663b6f6ac38a72 91270f94c52e91ca111f5327e357be1a0b421f06 4f6e859c6a1a0d1207bb48f96e997e047613a79e932c737c0132b9e96ece7b64 Loading...

	#57 Eval - f12acc17ab25b5e2cf4bd813d0cc6941	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash f12acc17ab25b5e2cf4bd813d0cc6941 e62ba69f9435998e10e3db782d5a8d79d454f69e 34a4439779b5403470d087aecfcadf370a0d8d979fb9331753c4691acd3420bb Loading...

	#58 Eval - bdea9491da012dc67887347c458dedc0	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash bdea9491da012dc67887347c458dedc0 ca23c1c9d442aaac51cdfabe75e739e1ec71c2b7 57d37015125ffee590136de5db41b37fc58ca2981f210e3d5e25e26d84bf627c Loading...

	#59 Eval - d7b024f1cf73196632b99b0fe3b88f66	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash d7b024f1cf73196632b99b0fe3b88f66 45f34b051a672d47bfe9db5aa5a762160eed2d8c 49e8c02e8c2bef6bf6fa0f09927581aa5fb02be3de8310734569310237334198 Loading...

	#60 Eval - 2f5865831714cbd741f66b85587c425c	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 2f5865831714cbd741f66b85587c425c d77bc43fb44648168bb8dcbc426697e6df7bd264 5183e5e9621995a03a3cf6bb2584327c7063d034e40ceaccfdd757dd41149a70 Loading...

	#61 Eval - ad7f11e3ab1077a0979039554f5e8a68	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash ad7f11e3ab1077a0979039554f5e8a68 2c74593118d113d7c00f14db0a129974d3784017 12cc16b72a7cca2550b180fef47742cd7ff52f52120506764d8b03c92b028baf Loading...

	#62 Eval - 4109d5d4cdf78dd9ff68650dd6d7dfaf	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 4109d5d4cdf78dd9ff68650dd6d7dfaf 2a0ea1311f6738e1de751d8028e896c7ff02a8a4 8b7edb19a896bbeff17378b0899cd6c430795ed0ddc7c4d4b6d6e0b0ff7593cc Loading...

	#63 Eval - b667a64609fe5ae50ef7eb433f9683c1	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash b667a64609fe5ae50ef7eb433f9683c1 43bae1cbf8a96746418dbbd7c837cd5fec6ecfd1 1e7b38048ab8682777fbdffb95ea25ab54459b53e90e4a0e5808e0c219cd54ca Loading...

	#64 Eval - 636a210d887a0037325ee1cf97c2eea2	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 636a210d887a0037325ee1cf97c2eea2 db701ed766e3e7fbb6ad05fc1d5b2679cb171a62 1316cc1de1e2043354234f6e2e21f07d04c81b9253a996994e41565a2f88417c Loading...

	#65 Eval - 08ccac3d82bb64bcc54054e1f67ac23e	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:25 Last Seen2024-05-10 23:18:25 Times Seen1 Hash 08ccac3d82bb64bcc54054e1f67ac23e 9ca01c716b0535b4200a7f90000e094e02dca192 0777bf103c559a1859134d9959b557b263efb36c850581c13c78a32e5cfac5a3 Loading...

	#66 Eval - 4181a98e864e32f0c173c28e67523de2	28 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 23:18:26 Last Seen2024-05-10 23:18:26 Times Seen1 Hash 4181a98e864e32f0c173c28e67523de2 dbec4e44d7de3bbe97229b29fa37019fe509e1af e38f7fc4ef458f4e8c3cef9dbecc63772ef770f3e8fcfb1923b5bbaffc648909 Loading...

HTTP Transactions (23)

URL IP Response Size

stiffraspyofkwsl.shop/

104.21.81.139

403 Forbidden

5.8 kB

URL User Request GET HTTP/1.1
stiffraspyofkwsl.shop/
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14100), with no line terminators
Size
5.8 kB (5765 bytes)
Hash
0cca4ddba158f03c9750b1f837f55f4b
29b88d2314d0a710ea3c85b1f299241f2e3dbbf6
30bb51064807e46cfbfca6a9001d625d2090d10b578d214ac99bb9d37be65ddf

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 21:17:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Ek8pXmxmzXEupqbTx6TofGYyJ7Gue9YBm35p2UgkxQV0GOKgyJ9I/z8Z5sOCk+mmQEi9CJcy1i32zDK9xDokQcfZ9zVyF2zNAop9CGHCmNHRoM3iowyg7OuBSKsPuO7OckBf17Fpe6QBqLNtRCeakg==$DCeEx/9SOd1v733qmgIpmw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=62QBzkT1C7V8N8okJ8cUJdajix8pGAUYZFw9cBlQEIpXy5HYEfM%2FpBrTqV5P670dZuKaNLzT9Y6frQK4BoQcJ5sntSi67yXA49Q6vNa7x5WCTqeI1reEKF1k3uSgvivcX%2FWckMY6eUY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881cf55d698b1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf55d698b1bfa

104.21.81.139

112 kB

URL
stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf55d698b1bfa
IP
104.21.81.139:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
112 kB (111539 bytes)
Hash
a5ca389f1421a29cdf7e2c4b47973839
5e5035b00865556e55cbd60e8b6acd623bc1de88
775343e1763687951fd987cd051844d5d79231b69c66ab80f3b0a22b21d99b34

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf55d698b1bfa HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/?__cf_chl_rt_tk=CpN.olH6DJ2TkhfonJMrwMrGh6N5RbRXwl8y8MijIgU-1715375871-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:17:51 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=47ISYE6LLlu%2Bi3nHnSsSIBfsP1I6%2B29cWBFB%2BpIRCMzbS1cd6WkPUQG%2BWZ1An5FmTJa0MxiDmhF94was4%2B5P1I2%2BE94PHOdkKqEZDcVb2%2FmWXhjppGLU%2B0Rw%2BDbHT5IsLTvR33dNpcU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881cf55f89917127-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

stiffraspyofkwsl.shop/favicon.ico

104.21.81.139

403 Forbidden

5.9 kB

URL GET HTTP/1.1
stiffraspyofkwsl.shop/favicon.ico
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/

File type
HTML document, ASCII text, with very long lines (14257), with no line terminators
Size
5.9 kB (5860 bytes)
Hash
a7a44f3bc517276988f6999c8145a342
e8eb0bc4ee86a4b2acc759b1b4da38ae344e196b
5f9d2d8f1162118577367d124a587142b4943b5639719068a27588231d985a78

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/?__cf_chl_rt_tk=CpN.olH6DJ2TkhfonJMrwMrGh6N5RbRXwl8y8MijIgU-1715375871-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 21:17:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Xet4wQsJDVtqjA+ZMv8jpOugRI9tVQwZnxIsDo/E33D0irzTx5VSrYTDZuCrqlGs/T1c+xN2EJoNAAbWUTeAvjoUtEFx1bAPa2ea2iYJ6eNe4ZVw7A0xrj7AcPj5shJ8av1g139Qc3FUR01jpLqX7Q==$xmdnZL6YW0k/NKUx2VXBjQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mfFwi%2F%2FqMkkG1jLcv%2FSP5MuQmk2Ftg9YTQXiXVpe7Quz4cHqA3V7R2I5GWR1ws2e0dJBMNcK3tGm5elmaJ41JrBoatjA%2FwUQtCPY26zaBIhsfbozUqx2%2Beq6E5sIBFIRsSGPg6gEdAs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881cf5603a207127-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

stiffraspyofkwsl.shop/favicon.ico

104.21.81.139

403 Forbidden

5.8 kB

URL GET HTTP/1.1
stiffraspyofkwsl.shop/favicon.ico
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/

File type
HTML document, ASCII text, with very long lines (14150), with no line terminators
Size
5.8 kB (5776 bytes)
Hash
5cf1cf69a478bd518f01190287a9cf27
3d58325b25dc9107b8152434e7a8cbed19cdb1d9
002345edd0f606bdaf23550cbc663b7ae513c58efdce114402ccb4fd38ccfea0

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 21:17:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: kYdeEtil37xRSWv9x2620eqHzpg7bQA3YkL2GJ8mGDATmsZPrqVIKYKFQ9a1F8nD4CESa6D/gfwEIx7Ke8M7CQuYua9FjnkAaTt9ELwQuN7H8uQUfuCaG2lHimTto5ArdYr9SvVReFlOMiISeHiR9A==$lvCpxCW4BhFldoD6iMXgXg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ODsQbglGPa5dGjPF0Aiwi8HTX4GLS8oiNiBx9hFIkX9k8D%2B3ORiYh7I1Js%2FI2Hv0wF4EeRepuPyY3rUi1xc9k3ogAK3JqlvDnqH9l1pUQDJUn%2B329mPV7AMVetAV9%2BwznRWyN9oTao%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881cf560ca0f56b5-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1605841052:1715371816:saSGS0qBt_r5U7ovSZ6CBMVrnECMSrED1J4UoiG4WdU/881cf55d698b1bfa/569b66259bfabc9

104.21.81.139

12 kB

URL
stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1605841052:1715371816:saSGS0qBt_r5U7ovSZ6CBMVrnECMSrED1J4UoiG4WdU/881cf55d698b1bfa/569b66259bfabc9
IP
104.21.81.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (16448), with no line terminators
Size
12 kB (12417 bytes)
Hash
ac849a25820c58f500328eb1ef30d3bb
74e54fefe6792d869d1de8c966e8d548f35ea5df
1defa202d0f5595cc1b07bd3e2c49de5dae87ac274c0c6ee0ac84aa6db29fac8

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1605841052:1715371816:saSGS0qBt_r5U7ovSZ6CBMVrnECMSrED1J4UoiG4WdU/881cf55d698b1bfa/569b66259bfabc9 HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 569b66259bfabc9
Content-Length: 1826
Origin: http://stiffraspyofkwsl.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:17:52 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: ZyoNAcI0uGdNTnfl/aTQ0VBY/7i+jjErBGc/3P/b4rK1zNM+zgxAR6w1WIkGIjub$2CdQjhEeHD7Mp6Y+nL82UA==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kc5h%2Bry84v0Pbyl0omNtTCgn5JOTnSk3VzhnWqg93w0CaJKecGFom%2ByaGT8MZrXQ35B4flZbQb6ledKSYauZc3u4jNeVyrHJbqI2ZFQUqiljfKYHwTcQM4rj6ncjkjijhJtQJk%2FS9xA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881cf561ab8d569c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8b99m/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

104.17.3.184

18 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8b99m/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (42150)
Size
18 kB (18372 bytes)
Hash
beb09bd31035bfce443060bc563c167e
9e4fd4ccf846b6a3e08139f970bf87de1ef22a27
f5146567cfa551f7b487346b69429c14e23307973d46a3ffd4722eb74a90804f

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8b99m/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 21:17:52 GMT
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
referrer-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
server: cloudflare
cf-ray: 881cf562bd2b0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881cf562bd2b0b55/1715375872877/qQvM6VcM4z6MAK9

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881cf562bd2b0b55/1715375872877/qQvM6VcM4z6MAK9
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 31 x 50, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
210889896cd554d5f0c010152a3bb253
1b845642ede11176e087846d0d2c9da4170556f9
457fa8113f649dc2e04b26c853a7dea27a01cc6e242d66c0a5c4eb7e2d95f31e

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/881cf562bd2b0b55/1715375872877/qQvM6VcM4z6MAK9 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8b99m/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 21:17:53 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881cf5697a1f0b55-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit

104.17.3.184

200 OK

15 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42616)
Size
15 kB (14807 bytes)
Hash
86183dd14ee10d1dee92b37b5069d716
9ec32d650ece484bbe624ca734a0a65e22d35dd6
ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4

HTTP Headers

GET /turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://stiffraspyofkwsl.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 21:17:52 GMT
content-type: application/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 881cf560e9cdb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/800379579:1715372085:t5SbG1ooEmH39aGelGegg_5dO5ThNyicZqQ-k8294u8/881cf562bd2b0b55/a7d8d379d8f03d8

104.17.3.184

97 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/800379579:1715372085:t5SbG1ooEmH39aGelGegg_5dO5ThNyicZqQ-k8294u8/881cf562bd2b0b55/a7d8d379d8f03d8
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
97 kB (97302 bytes)
Hash
7ad0edf686a2c1eeef38af1471e25588
204d55185e6d761fcb34da4e8a79e1cf623f47fb
81be11ba7d077ec55d970c1baae534d5c059778a8a24a76094c575a5a0a8c6d4

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/800379579:1715372085:t5SbG1ooEmH39aGelGegg_5dO5ThNyicZqQ-k8294u8/881cf562bd2b0b55/a7d8d379d8f03d8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8b99m/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: a7d8d379d8f03d8
Content-Length: 3552
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 21:17:52 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: f/CFiJUJJ+TBeZ8IiszZMogGBK19rO+pfgD7PRfJV71U0WruaGAB9D7zEHYe0vTL3R2WC0oP5bS07WI6SYSCUA1ehDLp/P9mnhqLIma20G43kdl4hp1lC3UzGVQw2RjYULY/pjDGiheCdM6kis1QT7XURqdUukaGDr8j/O9CbsAyYyC6boeVueHf0EwSGHkT3QhGebhwDT2klaUUijm5AEkgros6pCHCokwpst6IcozUGI8e6syqodp7F92VQZ0e2Br3EbU8ZGoWnXIZNlwhccSOQrZbaU0CUUUnJ9hbHYdNdsC/7CN+DGelF+ilU6JT6LGFY1kbX6HIfOpUV9oonwlExbN708SVTLsQPgUizAEriJbFexSe4V7Bi2yr9z8Xd5flrgiiehhLejDnwnS8cygSDmVIXWQuYTA9XtoROzf3PmZsWaUceE28LClCa5AG$GXie8okMGmvSvSutQeoh9w==
server: cloudflare
cf-ray: 881cf5656f370b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1605841052:1715371816:saSGS0qBt_r5U7ovSZ6CBMVrnECMSrED1J4UoiG4WdU/881cf55d698b1bfa/569b66259bfabc9

104.21.81.139

2.4 kB

URL
stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1605841052:1715371816:saSGS0qBt_r5U7ovSZ6CBMVrnECMSrED1J4UoiG4WdU/881cf55d698b1bfa/569b66259bfabc9
IP
104.21.81.139:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3048), with no line terminators
Size
2.4 kB (2368 bytes)
Hash
6f035d8c96a5cf7d0978966dd295f72f
4c82b240a91e0b9b4bf437cd6df8e64e3c0a08ea
9fa7966330757a077ebb13715c431bb6ba4a6a3b741036ac656155c4bee6673e

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1605841052:1715371816:saSGS0qBt_r5U7ovSZ6CBMVrnECMSrED1J4UoiG4WdU/881cf55d698b1bfa/569b66259bfabc9 HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 569b66259bfabc9
Content-Length: 2529
Origin: http://stiffraspyofkwsl.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:18:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: /2AfmaP7MYNgH1CQuG/AYU8UuUXo1+woN6IR1bh0r3lL9LdzlL/GZQnM4spJNegqpp6LQrsoaN8TGMRyUNXyWbmp/ZH+JoHGiOFvMNCmX4E=$KRY2tl1Bcggqs+2w6MwRtA==
cf-chl-out-s: IqZR0ClALYrEj41l/eq0jQ==$+t81WAsBi12m9fTO6jpUSw==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHLDGoy9ISEzfPTMMMDC2Xu%2BVGFMD5eKylhNL8wKYRmWYnnUvjYtVZPIvdFm5rfuf38cXbXidRPfV326K28hWbZZpppxVQ1nT79hLQx3kqSz69qgRDGLPULMu5q0%2BenEKgw7yzKZjQM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881cf5a26c8b569c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/800379579:1715372085:t5SbG1ooEmH39aGelGegg_5dO5ThNyicZqQ-k8294u8/881cf562bd2b0b55/a7d8d379d8f03d8

104.17.3.184

9.3 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/800379579:1715372085:t5SbG1ooEmH39aGelGegg_5dO5ThNyicZqQ-k8294u8/881cf562bd2b0b55/a7d8d379d8f03d8
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (960), with no line terminators
Size
9.3 kB (9271 bytes)
Hash
465d4a5e9c598ecbbbd5a47a911cca7f
d5aae8582f8a8d9bd0e9bb76e82d6c9fec756b64
fe3242d82b4b8ea8fc120accd32c0d28572ddbdf6c9be3faad3ced248d4285fb

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/800379579:1715372085:t5SbG1ooEmH39aGelGegg_5dO5ThNyicZqQ-k8294u8/881cf562bd2b0b55/a7d8d379d8f03d8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8b99m/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: a7d8d379d8f03d8
Content-Length: 40905
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:02 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: v5pVyIl8N44ko+cBgDhglw==$FbKutv8QDaJCs+Lhzr+CMg==
cf-chl-out: 0nZPeYsVyFCa3zTYL97isCCA4z23TcEuoFXL/uO2++Zpk9UwXP/+fQkqunCfasy8cp77plPkh8M43B6X8OSM57NljRn/drt7LWCTkWZ0cWA=$9ezD3NFZ0OQm3fzJiegmIQ==
server: cloudflare
cf-ray: 881cf5a1dd9a0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

stiffraspyofkwsl.shop/

104.21.81.139

403 Forbidden

5.8 kB

URL User Request GET HTTP/1.1
stiffraspyofkwsl.shop/
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14142), with no line terminators
Size
5.8 kB (5792 bytes)
Hash
fb958c584e0caa8f7f113d3910e1ab56
5cf644c46d95faa62bad812a073ecbe5b3c221b7
83ca911d285d38c42264c9ce528ae3a263aed29f4288a789b2c523db14dd177a

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 21:18:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: YYhymCl2KqDde03ZR/tBfZVVTq1RmIS601EtLkyQjT+E+fszo9/LOQKw8WqtnyxbkVgNMdZ2tz+1T9d953NjWaa8FegyGBu/L8W0U+7vwEPcGFRd97FOeRNzFc5HL7OAmKNPefjJv/WSUUAbhugbUQ==$jk6s956Z0x6kfc2V/xjYGw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDmQCxgarrLuLMXsXmpqh5JsJ1QWDek9e1rdSlumaUFzZLXMG%2FBRbqyP4Kt%2Bu9SjgdthTLG7cnhgEbBiVlYVOeboZjmVfbaS%2FRqrQ2%2BPsKyRFl74LaoC9ifd25DN%2FLeqF2gQUcYXv1U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881cf5af4944569c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf5af4944569c

104.21.81.139

200 OK

114 kB

URL GET HTTP/1.1
stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf5af4944569c
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/

File type
ASCII text, with very long lines (65536), with no line terminators
Size
114 kB (113555 bytes)
Hash
1bacff7962b7a93e6809a56e26f2cf90
0ac67731bd2f454f5b28e65bfc6a663a06b4eda9
61b9cfa33e3851fe1cdc8c4f4594cecc27a10605201a8fd579cb47009030ac75

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881cf5af4944569c HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/?__cf_chl_rt_tk=jVKUOVM3Ou4OqSFb9xwMSAitK2frhy82eKzO2vm69As-1715375884-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:18:04 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vaVrkpvx1yr11xcuIdPDk9SAJ3y2e2fSp5dRyJYJ99bVRh4SmFtLUDH8jnvob52d%2Br7S2tGeEz%2Bdt5L3Zojygythg%2FXzTcNJHgs4q8ZxQ%2FgVUVKdVyXEwE3kWelnTyqZWAjUdLmWRRA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881cf5afa92fb521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

stiffraspyofkwsl.shop/favicon.ico

104.21.81.139

403 Forbidden

5.9 kB

URL GET HTTP/1.1
stiffraspyofkwsl.shop/favicon.ico
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/

File type
HTML document, ASCII text, with very long lines (14278), with no line terminators
Size
5.9 kB (5887 bytes)
Hash
1e78e4b2fc7f279490e47af95ccf12c2
41515a197612701156a2129f73f5bf79d5dfe783
b06a08a4f16b66288c1d23f2f82c5977371a75a1e031af69074bd3c4540d7a10

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/?__cf_chl_rt_tk=jVKUOVM3Ou4OqSFb9xwMSAitK2frhy82eKzO2vm69As-1715375884-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 21:18:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: +NzV2kDDrg/JW9p+/JxKCnFBAMFaWOQ5swKVrxkfhqz60MmOSAOHhZgXG6AKeOXKArb2HCRGuGCYMJGbddnq9BCMVbS70YJeoEER/EZs3wKPlJwG+qdrB6e4fp1aOV5QvCKaZTR0VQ8njBUkU246pg==$tpp/k6wmFt1vpVWhPEzewA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n2J5tUvm0AGk6pM%2F3RY%2FQdDDgTXYDydJ8QuWalarr5BPK11MEs34JZ7nJEmFMUb4b%2FpG93ZM6Vz6lo1LFmm1gJW0qECBea922ZrTbJAebouzQevz6y1UYl8dzZY0UEi3TyFNBsogp3Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881cf5aff985b521-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

stiffraspyofkwsl.shop/favicon.ico

104.21.81.139

403 Forbidden

5.8 kB

URL GET HTTP/1.1
stiffraspyofkwsl.shop/favicon.ico
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/

File type
HTML document, ASCII text, with very long lines (14193), with no line terminators
Size
5.8 kB (5809 bytes)
Hash
fd4333770cee3f45e23d62442b7ec4d6
4af8fca2df7affd2682ac1ba7d52a0c3634bf946
02635146dcc70ebcf11abd999187d80aee54c8610669a239e05d559598dc82e3

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 21:18:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: RR0TbahBJzSwvwS+R1cIQ20UbeVFWz3wDU853EnrZVQG/l/GSjAAjfP1+2uQjU227uL6XbaLKcLo7EK3fBQjrnqYeCsxuKGBOJaT9PNT03w1vIccL+OfqKXSqJ+/fVgr4f5YAt0IGqIwY8g29NUwIg==$f+fSen6ny9/jeAmFfSSg5g==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v996a9JYLhircbyKpTTULEVVd2paaZx7cD2UOBPGbgDXxcBV5ksT8gXsbhUvfIQZg3f7Q2lSHPO963t1hoKG7f6cDvTJAC0uMAcp0quQOnRVWOqp%2F2LCn31iXiC7%2BMS9RM%2FJEJ09ksk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881cf5b06f02b50b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit

104.17.3.184

200 OK

27 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42616)
Size
27 kB (26713 bytes)
Hash
86183dd14ee10d1dee92b37b5069d716
9ec32d650ece484bbe624ca734a0a65e22d35dd6
ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4

HTTP Headers

GET /turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://stiffraspyofkwsl.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:04 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 881cf5b0680f0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:05 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 881cf5b2a98d0b55-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881cf5b2293d0b55/1715375885530/WLsXbRB1oVmh7aV

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881cf5b2293d0b55/1715375885530/WLsXbRB1oVmh7aV
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 79 x 58, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
0b3378d6e617e7a24e27a2d31de747f6
6706b338d41322ab4b2b5600e4e2777b14fc57d4
87c252e856fc416d9db13e80efe6f683e18e867cc3a3ac1ad1b1b8a04fc20fd3

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/881cf5b2293d0b55/1715375885530/WLsXbRB1oVmh7aV HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:06 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881cf5bc8ffc0b55-OSL
alt-svc: h3=":443"; ma=86400

stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1782673872:1715371808:cN0Hn0AyvDqjscFJmSgr_i8NcroiRZcsylmXfHb7_io/881cf5af4944569c/f54327fc690f01c

104.21.81.139

200 OK

16 kB

URL POST HTTP/1.1
stiffraspyofkwsl.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1782673872:1715371808:cN0Hn0AyvDqjscFJmSgr_i8NcroiRZcsylmXfHb7_io/881cf5af4944569c/f54327fc690f01c
IP
104.21.81.139:80
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/

File type
ASCII text, with very long lines (16444), with no line terminators
Size
16 kB (16444 bytes)
Hash
7e949841bafce2fac380966306c08d2a
85186797b4c7967e164743bb15b41a49f114302f
4f45c251e4f3469c74acc54de02676e0c6b21982720f31d1249bcbcf72a2e998

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1782673872:1715371808:cN0Hn0AyvDqjscFJmSgr_i8NcroiRZcsylmXfHb7_io/881cf5af4944569c/f54327fc690f01c HTTP/1.1
Host: stiffraspyofkwsl.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://stiffraspyofkwsl.shop/
Content-type: application/x-www-form-urlencoded
CF-Challenge: f54327fc690f01c
Content-Length: 1835
Origin: http://stiffraspyofkwsl.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 21:18:05 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: FoaA9RFIicIOvTYyIkbvHTsgtWbmkfVg3Z6qrRHdkpwZP8zpALROtM6m0GOvqbpW$AI8VXpnibajGcEKMZVHHoQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qgjCYsrTw9BHgtN4f4E47Qvt8y8y%2F4HyuENR6i%2BB86Pk%2Bv%2F9XErAV7BUDhdoWWeU1fFi1Mtqqg%2FmqUaMNRoOvn971LMC1hj%2F546BsltOgmHdkcXs8Hf6CdGl7BbClJ68qRJbz80T780%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881cf5b12d6ab4fa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

104.17.3.184

200 OK

79 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
http://stiffraspyofkwsl.shop/
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (42150)
Size
79 kB (79327 bytes)
Hash
7d367a9d43b80be6379ddeae60f084a6
c77f4dc41a586a68a7760599c34d6d2bbbf79d41
12a399a769ebc13fe4594c3bc7bcfc43f01184b76899769ae2d074734d7abdea

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:05 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
server: cloudflare
cf-ray: 881cf5b2293d0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881cf5b2293d0b55

104.17.3.184

200 OK

440 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881cf5b2293d0b55
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
440 kB (440185 bytes)
Hash
18640d89865667a6c7e375f8869ab7e1
41e21c8486b49be7f58befbcbc32b0360182cb38
9b3be90a535e94589e50c7652e35354a9ceafe5585647f32b3631e61b6c9999d

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881cf5b2293d0b55 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:05 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 881cf5b2b9930b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1183714007:1715372038:u2k76uMEJogGjVWzz2lbMU4RyfMdwfM52C8d6-Swu5c/881cf5b2293d0b55/8f997aab9eab6e4

104.17.3.184

200 OK

115 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1183714007:1715372038:u2k76uMEJogGjVWzz2lbMU4RyfMdwfM52C8d6-Swu5c/881cf5b2293d0b55/8f997aab9eab6e4
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
115 kB (114552 bytes)
Hash
e08108fc3573783a604fdbf889815312
ec7aa124c320aaffbb6f574317eee88d9bc5d7e3
3fa7f27a26b838abfee1dcedb32e703967abf37d6f38e36e04b6557c17f78db7

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1183714007:1715372038:u2k76uMEJogGjVWzz2lbMU4RyfMdwfM52C8d6-Swu5c/881cf5b2293d0b55/8f997aab9eab6e4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 8f997aab9eab6e4
Content-Length: 3525
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:05 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 4VCuuUUPfcRwb/bzxrlMiz4Tz8uwYHcSSsGqKT/lNMq5nKOZokg2ogde7t+n7fh19KYKv+IHDnbCYOHeWErNruh49iMizuWMzSjJHoDq8oiRXrP4GrQ6WrIpGH7TjCoywCKLBloqnRjo+Iytg9gDnFJALJdzcSpx5QbdLzGd073taArVaFKEIAa0u1bA7KhUBRqhaZBz4Y8p/9wLwuN0xgB+zEgYHJtXrfiqhKZI9HDCe5jrZcEQsd1bBmwry5qkBKanP5xvYV5bgo9N3hjaxJFshtNQPfYOh9kEz6lalWrm56gVbCgdXkV6qseR5qj8djN2HssRj1Kp/do7P3lbA90WBT5Pv2CNnii5rz0NP0TQzpQND5TejbxJDrrAKde5py1PSiEfiGu1JiWsr95AKLc5wnEV06MiE+HL21VsHbc0pSwTCuiur20F1JdPeCio$uYSy7u7l3uK9nTQ0eMGI/A==
server: cloudflare
cf-ray: 881cf5b47ac30b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1183714007:1715372038:u2k76uMEJogGjVWzz2lbMU4RyfMdwfM52C8d6-Swu5c/881cf5b2293d0b55/8f997aab9eab6e4

104.17.3.184

200 OK

22 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1183714007:1715372038:u2k76uMEJogGjVWzz2lbMU4RyfMdwfM52C8d6-Swu5c/881cf5b2293d0b55/8f997aab9eab6e4
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22332), with no line terminators
Size
22 kB (22332 bytes)
Hash
a1a7f1fb52b8ac379952221925521d79
dfef2e45574853db1e8b878bb30989a21f649285
28b77ddeb23796e9f89d294e8becb667b339170d8770358e69d125c25bfb1989

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1183714007:1715372038:u2k76uMEJogGjVWzz2lbMU4RyfMdwfM52C8d6-Swu5c/881cf5b2293d0b55/8f997aab9eab6e4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/wxfdu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 8f997aab9eab6e4
Content-Length: 28128
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 21:18:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 7uIpIc576Qt0WPLUJL60EWOHDZ/3sg85IFQlSc4ClYw6wBSXZx1W29skJzoWwoBW$llt1EcyMIP1JBTxGygpCWg==
server: cloudflare
cf-ray: 881cf5dc6f700b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (71)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations