| obsceneclassyjuwks.shop/U/ |  104.21.20.88 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1obsceneclassyjuwks.shop/U/ IP104.21.20.88:80
File typeHTML document, ASCII text, with very long lines (14363), with no line terminators Hashdfd7ad5aa7dd96de37186c209fa084bc 11dd6f0b5fa2d33e5164c221847011a7fcdad5d8 81ea6d0a02995319df375e526d690b908585ba05f74f7bc24f1cf9f359b26564
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /U/ HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 21:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: psd6VTydJSWK3skuWHbS5EGUuJyoO/eMTeuK0dhrjhBRs4p4wz/yLhqGfyPnCAmFLSve43NKMsIaG0T1Vb/T3zZ+Bw49gM5hQX4KFyj/n7tYzrJyynKPqyuyljzpwRLPUG00oy0IayO20wft7AvoyA==$M5835/gpYB0ybYplTaRHjA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iX%2Fqj5xNNgJfe3Un490Zvum6gr3KM2%2B9dbkyE6QBBX8dC8Lpnc8%2BT5l4LU1Glai1lUyXSgRs%2B3%2B3qKzQ%2FXarv5lPWsgYrTjs%2FxC0g9HnR%2FGAKxl691PIzoz%2BjORDxC6Z%2BubwmbLF4pxVMw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880436c9fbd85691-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880436c9fbd85691 |  172.67.192.5 | | 113 kB |
URL obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880436c9fbd85691 IP172.67.192.5:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (113389 bytes) Hashc2da05b3a376c6664910414825cfc347 2d3724c6899f0c929fe894c0826214e397404199 6a8b7c1e0739b69ff0ef3f763b200fb370d76e8ad6b5730c68cbaefe6435bcb6
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880436c9fbd85691 HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/?__cf_chl_rt_tk=lDuOV8oT9rz54RrXkG8uLH5qmp.hMTQ1Z9SBQ.r19jU-1715116407-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:13:27 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2JJ%2BIYkQ4tAIx05i9LE0z8TY5uIx3v%2BlPDzgKWxXLrlahpPPJBQB28Fl8pS9m1Swu4SaGKnu8njyuYqKNg3oPberq%2BLGumuZofwaVnKYErsPtXTtMESF4KJAr0HJjtGeQNzPHm83DBKjRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880436cbae5256c6-OSL
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/favicon.ico | 172.67.192.5 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1obsceneclassyjuwks.shop/favicon.ico IP172.67.192.5:80
Requested byhttp://obsceneclassyjuwks.shop/U/
File typeHTML document, ASCII text, with very long lines (14485), with no line terminators Hash53c448144309c503d57c65ef67fa35d7 5554ada624f4d102e74a8be58d1fa5b594bc634a 034706920f516f32cea4e0514ab5ed85ea4712faabe3922a50cc9180762613a8
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/?__cf_chl_rt_tk=lDuOV8oT9rz54RrXkG8uLH5qmp.hMTQ1Z9SBQ.r19jU-1715116407-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 21:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: CEi2cE5f6sWH7weDs5K9gdmpF/XN5m1iX8M239kByJA17/2xP6pbaS5qctvqjtFOuGWjujfq8rLcbJiNPQ0XWUMFESAbqgx0Y7hGKfY8uoh0KjABHOMGqLqkblSoww0Y9iuT8/AibATEC2xxK2M3nQ==$gd6Bt0SmRN3rGZATVixUew==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HfaCuf19qhj%2FM4uVdABNhRKJ0ez4yBB8FyeRKQEMFT8JDNizmB1wUdzNYRWUeQkW2oKBqt4uzpjDWJRAw7BAL4a%2B9QV03CdcZ2WRYH7xl7qBceA4Zh2PVjKYzCL6qHwuonfTT2krG5ShEw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880436cc5f4a56c6-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/favicon.ico | 172.67.192.5 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1obsceneclassyjuwks.shop/favicon.ico IP172.67.192.5:80
Requested byhttp://obsceneclassyjuwks.shop/U/
File typeHTML document, ASCII text, with very long lines (14442), with no line terminators Hashce96d605cff9560f75b37843fa361fcf 5ad67a530162393b15efa7aee4a0e34f47504a32 9a05f3ff4f4358fcd7d3a2a85b896b0b443b2e65d90817942d7e8558271010ed
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=f6ce473c5834c55
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 21:13:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 1BuvKsVOtc0uqK/QFoPrRxn3keiVXDKUtJfo7tHH3YOhyyQ6qAgqcyiKGbdyVhTj1jR2APN9CBkcsSOiEy2ddrDAZocCyQClU9YzYx19yI8hRoGLPzmhfzBheocrPNzBWgytxi4TPEBJiD9XiX/Biw==$+MzKjKIgpYFD61mIhIZyeg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=158IpMk5iGlvoGzq1CUpafLxa4plqGfU%2Bqu45to1HiOTvUbwhj9Rhcecga2ZiKkSFrF3aNzoWQfVRv8bjRg6BJ4zlfXk1aP%2FwERw75dbNc6IYTr9Qb3C2%2BrNPcEwaNQOhiSAtkgPzSbpiA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880436ccdfe356c3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2101098420:1715113473:sL9cPTPWIEB7PL-n2ahwhDQWNgH5d0ODHeOWl4MsNzk/880436c9fbd85691/f6ce473c5834c55 | 172.67.192.5 | | 12 kB |
URL obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2101098420:1715113473:sL9cPTPWIEB7PL-n2ahwhDQWNgH5d0ODHeOWl4MsNzk/880436c9fbd85691/f6ce473c5834c55 IP172.67.192.5:0
File typeASCII text, with very long lines (16360), with no line terminators Hash1452b06b442603789c41e10a5953543e d3ce648e5514baa60c081b719a7f2b8e9ab39f06 560ecb665b6849cbb8d2a9dbbd9832c2b04a0342ecbd92b3ec51133044ccd3d9
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2101098420:1715113473:sL9cPTPWIEB7PL-n2ahwhDQWNgH5d0ODHeOWl4MsNzk/880436c9fbd85691/f6ce473c5834c55 HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/
Content-type: application/x-www-form-urlencoded
CF-Challenge: f6ce473c5834c55
Content-Length: 1877
Origin: http://obsceneclassyjuwks.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=f6ce473c5834c55
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:13:27 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: grBCeZsq5enuleuHDx5D7+oLK4e8nGSfpDSMTehu0TX3x5092O6foT/29Gc8rA6p$XoGexgPzQynTFOSqGZdX4g==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qGIaKv1uYXPxyx2kmLxiWru1rCYpTDx5YXNURZV36UlujHNJwyTXL%2FYOr5ZRVl0GsMJIU%2BSgkR1JTLN1sqTSnqJ70ycjhCC%2FCdKTp2uD2T0txQKd7ROPMz0wsam8ErkHl3xplxoQufQUwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880436cdc95cb51e-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8qwf6/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8qwf6/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash7f5cb5cea2a22144cf3d21ded99ea24a a9ec04f80a5281764b8c0cae08b7684b56869812 c3ff6df4b8897c696a80cc296648223f7072f8d485d64fd8f84333ee4b5a049a
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8qwf6/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 21:13:28 GMT
content-type: text/html; charset=UTF-8
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-opener-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
cross-origin-resource-policy: cross-origin
vary: accept-encoding
server: cloudflare
cf-ray: 880436ced83f56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/599508237:1715113402:3bEN1ny7iXWCq_LDjAUc0F5nta8jl0DSrw4mAEZnlc4/880436ced83f56a2/26914ad5057c148 | 104.17.3.184 | | 106 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/599508237:1715113402:3bEN1ny7iXWCq_LDjAUc0F5nta8jl0DSrw4mAEZnlc4/880436ced83f56a2/26914ad5057c148 IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size106 kB (106253 bytes) Hashb636163dcfd66e82973465b4d5078e9a a9ea96aabd3df7090f68be438315624e08522f74 792da3de97433d2aea3fb35e54c0490646227090e0454e7aa2f8d9f6221d42d6
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/599508237:1715113402:3bEN1ny7iXWCq_LDjAUc0F5nta8jl0DSrw4mAEZnlc4/880436ced83f56a2/26914ad5057c148 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8qwf6/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 26914ad5057c148
Content-Length: 3547
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 21:13:28 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: knfOBy92Ro+Gh4L92qwey2BzEHQbI9v580VV/D28oGuVZmSqFUfrsUxHaF//5KL+WV41EQ1SPcOpTyioCppcTHBc6bCXXzWd3mKD1gqrdeTbbg1y7sznpjhs38JNMhkbWkkqnD1B9cF4EL8VZbX3JoWqFA9Erf5tz32IGA9LDFUWhXxcJD7SthaM95xMMfaps5U4QCPem6nYQmEtl7Zdxd3V+mC8pslOpduOt5eR5UtHnPPeL3t3cuWTV4TePpbw6aVqfbmGbBSKGcqa++a25+xOLsP0cp6WXvIyNXPq0lyTVzKxjAtSJL9kKX+YNeZaNFhoQ0Bp52GNk2t4O9OhKLwI6BPMph9QxG8iQvnxqnOp1b63vb9UCvkfl1dHt+wzrSWEZVGRXmXf4uitCPLvRTcZD6vYWI7Qkx2sIf4xJgwW6QsuFWy5UVOwvOZKIi+J$BefWY4zE7GxF8/MetBgAYw==
vary: accept-encoding
server: cloudflare
cf-ray: 880436d14ba256a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit | 104.17.3.184 | | 22 kB |
URL challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit IP104.17.3.184:0
File typeJavaScript source, ASCII text, with very long lines (42565) Hasha5b92920e25651d2058f4982a108347b caeeadd68d38fdb681c52006c68880abc2e8a1a6 49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5
GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://obsceneclassyjuwks.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 21:13:27 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 880436cd3d285688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880436ced83f56a2/1715116408539/mPvWnl9buiOIGTz | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880436ced83f56a2/1715116408539/mPvWnl9buiOIGTz IP104.17.3.184:0
File typePNG image data, 97 x 96, 8-bit/color RGB, non-interlaced Hash1482edd7cb305f9efd9efae6f55e24b8 3e641f8927c387d13ecba6aabf7a750b030822f1 1e1c9b0f0e68c13b4d2082fc1f44cc40caa75cafc00cf01f94c646e8c86bf31e
GET /cdn-cgi/challenge-platform/h/b/i/880436ced83f56a2/1715116408539/mPvWnl9buiOIGTz HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/8qwf6/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 21:13:29 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880436d8ae8456a2-OSL
alt-svc: h3=":443"; ma=86400
|
|
| obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2101098420:1715113473:sL9cPTPWIEB7PL-n2ahwhDQWNgH5d0ODHeOWl4MsNzk/880436c9fbd85691/f6ce473c5834c55 | 172.67.192.5 | | 1.8 kB |
URL obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2101098420:1715113473:sL9cPTPWIEB7PL-n2ahwhDQWNgH5d0ODHeOWl4MsNzk/880436c9fbd85691/f6ce473c5834c55 IP172.67.192.5:0
File typeASCII text, with very long lines (2328), with no line terminators Hashb2fefbe1b6ddf819b73d9738db5e8105 dc42a53ccdeb5f62a5a832cdb2c25b93af9092ab f20bb95661f9263f3cf2a8bb72e9c836b7a27bdfe99d05b8c8096e5f5f939c76
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2101098420:1715113473:sL9cPTPWIEB7PL-n2ahwhDQWNgH5d0ODHeOWl4MsNzk/880436c9fbd85691/f6ce473c5834c55 HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/
Content-type: application/x-www-form-urlencoded
CF-Challenge: f6ce473c5834c55
Content-Length: 2575
Origin: http://obsceneclassyjuwks.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=f6ce473c5834c55
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:13:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: 8gKmkf5mIniA+NW1sK3I9Q==$R38ncEwOc1e0LvPYgcP0YQ==
cf-chl-out: aKqP+hPfEVeuZhonn234CyhOWUpzZRVPyamKyYRB3wEyFCZ2tf4dHE9FJRI7PWivEV6OBMk944Ag554jj0+cNPgvo1fjY0gVhv4S7ytNR9g=$woY41aJK8iovvj3I3WxjvA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yB47koR7dy23sTy5TLR7GO%2FHt9cvv8x1taaABdTGff5%2ByJO1FcazaZ9GFLtgESq54wfRi%2FsT4dzF9xaZ8cNS4x6s62xPy1U8nVnH96spdJZTz7sd5oQXCH%2FWugzVn4lIL3uXGTnvAO3gGw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8804370bc897b51e-OSL
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/U/ | 172.67.192.5 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1obsceneclassyjuwks.shop/U/ IP172.67.192.5:80
File typeHTML document, ASCII text, with very long lines (14179), with no line terminators Hashd301f3e599460c33d0d6f62638674b1a e3a9882573a6a92d008a5cb6d125a4dbc91efca1 888e2ffcfb283711f758f5bc5afc0dc0499e3143ceb193194ba08523c15ec150
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /U/ HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=f6ce473c5834c55; cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 21:13:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: jffiAQisl2qb/hEY9ttv94f+iS+V57HLcP8IOZtcb9LDu59seXeg9XTzRHnMtcyi/wY2WdAsBKcdXRvJexaOijLinJ0FhyUn8b4ukkaS7+hiSX9TWqFYeT78hYzJgxXhQiVHJMSPP0yNoWiwLX82SQ==$PyTqE1gSuDfg2SwgO9F77A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACCAFzwUbjdnFJdMAjCEhaHGOgemmLqazj4HjuMdgstZKHWkLbN09RkJ64Pt%2FJT23MDYuHCLXBBsmSwdOUR4MihVo28xcwnWJtU4DO%2FuGWsZfae6%2Fp83dD4YyxNubCsYstqpo88rZBxK4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880437189a25b51e-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880437189a25b51e | 172.67.192.5 | 200 OK | 113 kB |
URL GET HTTP/1.1obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880437189a25b51e IP172.67.192.5:80
Requested byhttp://obsceneclassyjuwks.shop/U/
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (113167 bytes) Hash07c7ec314f457ab50bd9ca3649f24d94 3c847ea6d32515c1a8b7604f7ad1c20d646c6988 31a1d6bb7cdebdd993f62aad5ea60ee9be14bc261d289d39794caa639e7e4597
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880437189a25b51e HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/?__cf_chl_rt_tk=klPrkQIA2Lv1tdUNDAhxANi7Es1GLa316gyicQqQmcc-1715116419-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=f6ce473c5834c55; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:13:40 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0u60o3FVKdp9GAE8uq82dsBkTGzbPBJqZQtWI10c27fX3kXL5mX6qt3xiIog0%2BW5dpope0spW5cJMGezDpsulseh50C2DcWVbY1SS9je6%2Fj1uMKMSejNN18T%2ByUZG%2F8Q0BkCWpWiYKv%2BBA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88043718fb04569a-OSL
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/favicon.ico | 172.67.192.5 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1obsceneclassyjuwks.shop/favicon.ico IP172.67.192.5:80
Requested byhttp://obsceneclassyjuwks.shop/U/
File typeHTML document, ASCII text, with very long lines (14442), with no line terminators Hash834356ebe155757e8744242b54479a14 790872b514f1d0b71a1345b0f4e93446fb35ad50 ab3cdc3a5c2512a0c9033af160e43014420acb90d5d8783d30be2bc24e730636
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=e4fe8ba12339a94; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 21:13:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: afL5DqVEzcQYWVKWoAe5fDflBAH9z7s/QtCCoQgh+x8m8wMqX1b6Sff3CuiRUt3NfdYhxLXfgNM43frkQtLbqnybxkpYsipoc88wG0EMGTI2HvTXYMNGVnvDsOgYFpheM1Z/FVG+//AqaifEcGskDg==$R7sa3SUXweKIbKMfSfyTMw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RBdlX9ezdXBkHGPE1Lfr5pUELlHPmYt%2BhLzLgG7HoaxMdG%2BoCdRf8OqjJVj11uerZnjOcmScyfnu%2F7HpnbQBy9RVBYPSlqpOfXJWZQ2iZBK%2Byl%2F8PXDPi7X4e4BxqPi0s6L9Yrcwjnfiwg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 88043719de53b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2116142722:1715113407:eJ1jTN1qbHwEk_dj_NkfQjGbNSJW8K9KdZTLwird3mA/880437189a25b51e/e4fe8ba12339a94 | 172.67.192.5 | | 12 kB |
URL obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2116142722:1715113407:eJ1jTN1qbHwEk_dj_NkfQjGbNSJW8K9KdZTLwird3mA/880437189a25b51e/e4fe8ba12339a94 IP172.67.192.5:0
File typeASCII text, with very long lines (16332), with no line terminators Hashced8b72ce02fb3a0b48a1cd654c58105 7eae56e34478dc836525e7e14a1103e0f67062fd b5aedbe311fef0c82e0ad77e9bdbdf7096a26ddb3b8ae1ce43a50a850108a755
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2116142722:1715113407:eJ1jTN1qbHwEk_dj_NkfQjGbNSJW8K9KdZTLwird3mA/880437189a25b51e/e4fe8ba12339a94 HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/
Content-type: application/x-www-form-urlencoded
CF-Challenge: e4fe8ba12339a94
Content-Length: 1873
Origin: http://obsceneclassyjuwks.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=e4fe8ba12339a94; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:13:40 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 7GCg5gOcVEKms/iy/O7rUD0cYRW+SN8tofmF4VPSrbv6V4M71eTfUoh5P0lrzyTj$1xXYgy3PLu4dunqPsajK9g==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sEkz1Y1unoa9sMorYnXf0CoQkG00ZLt6RXL%2BwsG21e%2BONWZrw6p53O%2BDhdtA97LNZipRlDmreLwGWiOSpeKPRgoKDW9%2FFeOexnM2feHdHa1J5UBFTa7yZ7aQvQGbqzOIOjj8ZXDKBwnHkA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8804371a99d61c02-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://obsceneclassyjuwks.shop/U/ CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hashed23cfe1d465ae5a74dbbc8786288cf4 e903f740e7b2024577f438b01e123acb1d6b6d02 6c22f7acb6094a9779128c591314a0a646dfa93e32f2d9c63a24ba858e42cb7d
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 21:13:40 GMT
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
document-policy: js-profiling
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 8804371b8a7d56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| obsceneclassyjuwks.shop/favicon.ico | 172.67.192.5 | 403 Forbidden | 5.6 kB |
URL GET HTTP/1.1obsceneclassyjuwks.shop/favicon.ico IP172.67.192.5:80
Requested byhttp://obsceneclassyjuwks.shop/U/
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 Hashe83b122d6ec1ec57574094a81f08cbb2 1b7978196644565efa83cadfae81fe5542d20ce5 2ef4f61cb92e2f0d1ebb7e20cb4c22dbb73a3eacbb82d253edd11fa57850178d
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/?__cf_chl_rt_tk=klPrkQIA2Lv1tdUNDAhxANi7Es1GLa316gyicQqQmcc-1715116419-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=f6ce473c5834c55; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Tue, 07 May 2024 21:13:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: vNxcQbh1ixgvDsc0jn2CunnnGfnBAXzEfRf+5iMOzPCRdrdUh3woL4z43FiAJ7BJ78TOaehF/rVS6RrwdExYSOMmbDkjfjTK244G51TWEQb1lEo2oxaYaU50dPhAJEgEln4jYnIptgSt/eMFbbHEMQ==$DYV1FMU7YIc4ws3pNMFttQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FXYlLyj9YfdBUgE5S531ZdnIU2kr0AXKNoHQPZzw81CeV87LBK%2B1jIU0wmc7pDGt1Y7vntVvcvWvoy6fE3TTclHijth%2Fv8kAUP3awFdUZ5bEpIDaiG9kHbbhdLNrOmrTVMwKfQaYpLhOsw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880437195bc6569a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8804371b8a7d56a2/1715116420819/50AbL45nHT2MZa2 | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8804371b8a7d56a2/1715116420819/50AbL45nHT2MZa2 IP104.17.3.184:0
File typePNG image data, 30 x 65, 8-bit/color RGB, non-interlaced Hash9a6ee70c490d742a7519cadf60a9a0cf 177c74a3398ea3e962ad5a2645501d71c5a6ea2e aed925b694b3e3fb7c81be7625b53f63c9ab670f6baba4dd225e127f764aab72
GET /cdn-cgi/challenge-platform/h/b/i/8804371b8a7d56a2/1715116420819/50AbL45nHT2MZa2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 07 May 2024 21:13:42 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880437260e8f56a2-OSL
alt-svc: h3=":443"; ma=86400
|
|
| obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2116142722:1715113407:eJ1jTN1qbHwEk_dj_NkfQjGbNSJW8K9KdZTLwird3mA/880437189a25b51e/e4fe8ba12339a94 | 172.67.192.5 | | 1.8 kB |
URL obsceneclassyjuwks.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2116142722:1715113407:eJ1jTN1qbHwEk_dj_NkfQjGbNSJW8K9KdZTLwird3mA/880437189a25b51e/e4fe8ba12339a94 IP172.67.192.5:0
File typeASCII text, with very long lines (2328), with no line terminators Hasha9bd49ca3a6fb731b93934a8d0691bb3 e20b4702476aae476f12473b70cfc6f66d4c4c85 051beb81f3a7438da8bf5f562226ed81454d3c2f0dc261f2e1deae533344444d
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2116142722:1715113407:eJ1jTN1qbHwEk_dj_NkfQjGbNSJW8K9KdZTLwird3mA/880437189a25b51e/e4fe8ba12339a94 HTTP/1.1
Host: obsceneclassyjuwks.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://obsceneclassyjuwks.shop/U/
Content-type: application/x-www-form-urlencoded
CF-Challenge: e4fe8ba12339a94
Content-Length: 2559
Origin: http://obsceneclassyjuwks.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=e4fe8ba12339a94; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:13:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: Vj5TYpjY9/1sADOF0ba32g==$l8RgI3O7k65O3j/CXwwnaw==
cf-chl-out: GLtH0sH/182rAn7mfsJvrXaFfFh2i+uL+0UZ0av3LtcbfW354Tdq3qZmy36ETKuA3bEll6yXnhIe+erg+pMmuRpAiE/M7H4uKLpyst6Jq3s=$mPckAt8+ywx/M8lOfSJfYw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BD8z90ulrmtmaW1Ox4FStemdMUTRHzzGJCAByAaUQCyl3UjjHi29s415dkwH%2Fo5%2FcuHEhHm0wC5W4AeeaRg48wZ1o%2BZC9maIcXFSJb7GjBcZFu%2FimL10LGIi0ksK3fxVuWHyHIhlU4FeeA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8804375a4d1c1c02-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8804371b8a7d56a2 | 104.17.3.184 | 200 OK | 430 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8804371b8a7d56a2 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size430 kB (429540 bytes) Hash92cc4f6134b10db23368a54ee7d5a7fa 4ca2d974ee7409daf1ff262366a44bc9ef5f1665 047ff7a13eb277aa3f816042ffbc0763e77202b99416f29ae606def419ed0a3f
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8804371b8a7d56a2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 07 May 2024 21:13:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 8804371c1b0956a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1227775874:1715113625:OIuOkQyyI08r91fMEKgGCSV-r1MdtvJ0cDLeQR4h0AY/8804371b8a7d56a2/3c7ddcdf45f19f8 | 104.17.3.184 | 200 OK | 104 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1227775874:1715113625:OIuOkQyyI08r91fMEKgGCSV-r1MdtvJ0cDLeQR4h0AY/8804371b8a7d56a2/3c7ddcdf45f19f8 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size104 kB (104364 bytes) Hash963becc3dfb23a369ff1966f1d3dbf97 b95a15a55953a315b64b7d71c8677d8b19eb3a94 678e24a007ba22913838408d975c2e51b8d1466099ed9c16c64308ecf7f6eb72
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1227775874:1715113625:OIuOkQyyI08r91fMEKgGCSV-r1MdtvJ0cDLeQR4h0AY/8804371b8a7d56a2/3c7ddcdf45f19f8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6b5h5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3c7ddcdf45f19f8
Content-Length: 3527
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 07 May 2024 21:13:40 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: nhE+Ra9XUAqbL6TouI4N/s1vYXZPiR3NFN2Kxf6rWu8zKyykbzGP2OMdeddsisXyWYW08CXsrMxum/Gd33jOIQvp6VKqZmtgiQSwxeXJF8TKfrzDTfVz8pHN+c/N4jqub71g6Zxz3WiwA9XGdxJZ5At+fz0VMcMfdad2zOj2AGEGiSMsxgt87MLnFfI6+CgsGuUaD/sZDmdVf9tvcLbytBPRPgw6jMETU2ljEp2RQi3uSczEJBMlQcQBGSaHofOTmloFgxs6CF1AhxyOFY2xU9AAJW/U9qMUFBm1dQkCU4QHox37P3HRSXVhEQ+gXKqy7B7gWVDBHRQmCYy4jtH7GcIPB7ocJnVjlcAbgibHdNWcRyGRUdqsyJKuwDSxR0INm1qb/ifxM2VVey8GGeJLqk14cMJfLqwEYyGZY1sj8wc=$krn00Aqza50PW7h2rctFHw==
vary: accept-encoding
server: cloudflare
cf-ray: 8804371e0d2256a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|