| affordcharmcropwo.shop/api/ | 172.67.181.34 | 200 OK | 5.8 kB |
URL User Request POST HTTP/1.1affordcharmcropwo.shop/api/ IP172.67.181.34:80
File typeHTML document, ASCII text, with very long lines (14372), with no line terminators Hash881bea15b52c1703c52e5d9278afbabf ecbd90dfae58491b498d8a397d4200f97e8e449f 371cf1afa10bd825acc5e061722265fed0a8b5713a93c0eccdd510c42d3876d8
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /api/ HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 19:24:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: VOvYTvh8lvYqXvoFF6TyFbryetMrOSRbNAU5LXK/z6VHy10HQl6kJHMqX1vhr+EsckPExV+axoI1NBOJ5f7pYQ2cOmFTAt4nFcEQPnm75z+jzO1sZ+nsimnXBEzyPOhCoI62ys1YlNxJuCIqKVDCpw==$VqGJ/t2sbjW7/8pABP3R+w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QGD7irYGK8qrcRAvfiLiGIquk9AsMpNytz8J7ssqqxqeKy333ShSflwDYSdT4cusMHq%2B1K5llJDxMsnw1pBa9kaqsqO2215PNZHPwqp5W5Vsxait4vfeKg1Vn9L4Km9vV5VqLz%2Fr6RIk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879878a6093bb503-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879878a6093bb503 | 104.21.67.211 | | 114 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879878a6093bb503 IP104.21.67.211:0
File typeASCII text, with very long lines (65536), with no line terminators Size114 kB (114219 bytes) Hashd676be11c129aa25b7185ab616c9489f b6db49a70bbefa59b9ecb5d7a0aaee1051a357ae 82a75d5b218bdb20851a982709d13d24a9e3813fd382a4dd7457b1852f06a438
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879878a6093bb503 HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/?__cf_chl_rt_tk=iTAYQKRhJ5gIN8HE_6yYqn96AhEPOxrp.UMMkbLhPQg-1713986642-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 19:24:03 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHCkx9cYFuxPRwcVKc0ShUteKHuEHkwtSqykD47p5Vaq5erqezIlcKkLycq88IzIRUdA%2BF0nIRxL0WtZHuXuh%2FRDVR5pONRQ%2Fl22NoCniosnwcceC9ABNhPQzRwK3xcT%2FH9O5nHZMGUo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879878a76acb56c0-OSL
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api/
File typeHTML document, ASCII text, with very long lines (14484), with no line terminators Hashf8470b654afd0bf8d3023e55ddd93c85 3508ffa6c1e7531e1e1e974ef43af9f9e787aef6 038d52c7513b13c657afca1a0f04733c92ca651d505f46e70ebc721c052e6064
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/?__cf_chl_rt_tk=iTAYQKRhJ5gIN8HE_6yYqn96AhEPOxrp.UMMkbLhPQg-1713986642-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 19:24:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Oa1m9O16BRzaX6PbQ/KW0XA/pidUV6gM9bxPW/vjjVQ44HXapoT6d3CAvdDxG6WnctCr1K2HxDXzYEpKh5ysphlT0hMr1G+qEOfnE0fIyUn1JeljnRs3mpKMa5C9UNyCJZ0mGThVE61mBud7Ru3CXA==$sVmoc7oE96V8P0044TithA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1kOO48ACR3qnlB3jEcoVmYBDpYK%2BtdYEa%2BWZqY%2FeW%2FqCN64ZnKX9y%2FInhoNnUpY2VMNqpcCNttXMd5Ah8hW5T8k6Czgti6FBFCro0%2BGIh3InBplKOSKhh23fK%2BajeJohjCMpa%2B5Ng1P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879878a7cb5156c0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api/
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hash0804dc2bb31563f8b30372a33c885af4 bb66fc1286026067029afc61e6787773d56b392b 217f4f13546624726042a5e4fc33d41b886eb8d6526595109811d0eab3f7a56a
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=21af6f4d0f0e4a8
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 19:24:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: TGLNBA+jlDbV0aALjlBQwPX+TaRXOBsgZFo9/BgkgZcVDyUaVQfqB0Sa14eiwz/QDQJg2DsDzXaNO6j9jOH0+s3pAEr0/Z/tQgz0mmZDetEjOPCKwtHtJA5b7e9+bzU2iyqUMPLJtqrjvQ/PjlHUYQ==$Z3wbqWUTf4BD5T2dG/IXyg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oliI4ZaWSwU78I6vEGS5peI1rzWx0kowQe6RGfB2bjXuEdW%2Fv3ogrQBaFZjtmLMimLDJUBHKiyfa8jkyt%2BdeFW1iO1BhlJJoAJC1nrhUDfOqOaYNP1pL1%2FOXOjrM1x46UqXCQslpmSe%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879878a82c06569f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1200216736:1713983227:4mThDUCvdqBl6gzPdULqJMP8Yx2vSNOSmmjYHGAZ3VA/879878a6093bb503/21af6f4d0f0e4a8 | 104.21.67.211 | | 12 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1200216736:1713983227:4mThDUCvdqBl6gzPdULqJMP8Yx2vSNOSmmjYHGAZ3VA/879878a6093bb503/21af6f4d0f0e4a8 IP104.21.67.211:0
File typeASCII text, with very long lines (15980), with no line terminators Hashd850a1c33f0365e57f62fbf313fe48eb bdf18f8bc3f10f4c04d273401af33bf3305abbc8 a88638d6969b34666405cfcff9de5a9eb7579608cd7d921e70877d643f15d825
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1200216736:1713983227:4mThDUCvdqBl6gzPdULqJMP8Yx2vSNOSmmjYHGAZ3VA/879878a6093bb503/21af6f4d0f0e4a8 HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 21af6f4d0f0e4a8
Content-Length: 1866
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=21af6f4d0f0e4a8
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 19:24:03 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: rqaEAeGF1GyvHfGoqU8kcuE6qwR5MyZCFcVhjx870wtxv0AYlV0Qrh2M89j2KBOx$3DViennHqO1DtzDT67yeRg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9b3awE7IzoXOnGeZvOjYG3AAScadK1vcpCWav%2Fg1CkKmH0JI%2BjPgotWWTgzPGHjfbrKAUzY3CVM6ZmXYRq%2FGEywIh4Rq1HzjJ1ZhP2G3oGGax4hja%2F3Xql7IMoIBN0Cgn2x8ZgWxl3C8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879878a9082a0b41-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fjomh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fjomh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash7eb7211bf4a0cdf492c49f339b5369a0 7549bd4a9a4f97d5a8aff52392652984a499b6f1 5b4666657692335e65c0b44f25fbabc6b9df93224ad1744b729377bd82d9b85a
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fjomh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:03 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
vary: accept-encoding
server: cloudflare
cf-ray: 879878a9d94656c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/843269845:1713983225:Th4bnVHNNNS-1DAXl74rCjJeVRc_5blBMuKarUgY_qM/879878a9d94656c9/77d46b307b6a862 | 104.17.2.184 | | 128 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/843269845:1713983225:Th4bnVHNNNS-1DAXl74rCjJeVRc_5blBMuKarUgY_qM/879878a9d94656c9/77d46b307b6a862 IP104.17.2.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size128 kB (128434 bytes) Hash0913733482dda371fcf3cd98d2eef2b1 6d81b1b18bd9c2e88ab09e9f4fbd14955978e253 ef40e211a0a42fcf25aafda8f542513a52552e940e31864fc70d78f1201edb4a
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/843269845:1713983225:Th4bnVHNNNS-1DAXl74rCjJeVRc_5blBMuKarUgY_qM/879878a9d94656c9/77d46b307b6a862 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fjomh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 77d46b307b6a862
Content-Length: 3301
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:04 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: eta4pGea0HtpRunJ1hP/x9JZCgcICIr7CO0fDqgNRiYB9ICLRBAqZ8AILQMQa1dQprxgLmqG3NlVqgwWdC3iPQUWK3Kmya/p3V7U0qOZ/Qx9lbsS6XxTqRE2IJVH2+BAAn7rn8odgW6ms2uj5svnoBMu5+xV3vpXcVkudG59IIbIliBBYO7Gqt2IXDEzOMJc5kfDh44SFMtmSQUMNu5v2LUQgl0cYDlTjqeBZCoFnX7fhvXcdQafe52NI1teNWj1/+L9Q/vBA15IUKitDg7FjtojcVf91VXi+V79fN6SF8f0VmUxgH/HBmJxMTXufTu6ZyMUH0Dsk1oGmwuIXE9Qdgd6TJnfkEMlCkiP0kkIiv55RxWk5iU6n0DIwsxKbecQhdq3NeDtgUjVgT/Fd3mmrgLNrAdWC609AGg3K+Kcgifmvj5VFEyV0yEvBKDCPdgj3jI9o35eQ6PFmLVkt/0WRL2n78UjFw0/oM5h3bfjqkn5BVBAnoyJEvjrvLmQEkZT$CZbR0FIfy3sDdorlCwV1XQ==
vary: accept-encoding
server: cloudflare
cf-ray: 879878ad2d5b56c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit | 104.17.2.184 | | 18 kB |
URL challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 19:24:03 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 879878a85efc56a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879878a9d94656c9/1713986644051/1vAinGLbjplCKtu | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879878a9d94656c9/1713986644051/1vAinGLbjplCKtu IP104.17.2.184:0
File typePNG image data, 60 x 55, 8-bit/color RGB, non-interlaced Hashbae4b600471aa57bb7aa16bac4fd95b0 25e21cb998be5cff73bbfa32220f0062512c9cba de4617972592094e9ac7c4d914d33408d3eac804d27a945c93a74b6a08e8c6a9
GET /cdn-cgi/challenge-platform/h/b/i/879878a9d94656c9/1713986644051/1vAinGLbjplCKtu HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fjomh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:05 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879878b45f2256c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/843269845:1713983225:Th4bnVHNNNS-1DAXl74rCjJeVRc_5blBMuKarUgY_qM/879878a9d94656c9/77d46b307b6a862 | 104.17.2.184 | | 24 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/843269845:1713983225:Th4bnVHNNNS-1DAXl74rCjJeVRc_5blBMuKarUgY_qM/879878a9d94656c9/77d46b307b6a862 IP104.17.2.184:0
File typeASCII text, with very long lines (22528), with no line terminators Hasha34fe18f8fdc56bd028d3ab17d5b2f9c 538b77bc136686d922ec83024c1ec7c0f52c3612 d5e8375ddfa69641b9d5aae1e356e244e8d778d8f8dded0d11a965ef425a248a
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/843269845:1713983225:Th4bnVHNNNS-1DAXl74rCjJeVRc_5blBMuKarUgY_qM/879878a9d94656c9/77d46b307b6a862 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fjomh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 77d46b307b6a862
Content-Length: 26228
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:06 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 8pDCF0Cl6jlSjH9CtTnA+JXTUsS7mYw/7Y1ymPOC3ItDx3lYucUr1h7at6WOUw1+$c4+ghTocxHkB4/bUp4Iyfw==
vary: accept-encoding
server: cloudflare
cf-ray: 879878bbb8e756c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| affordcharmcropwo.shop/api/ | 104.21.67.211 | 200 OK | 5.9 kB |
URL User Request POST HTTP/1.1affordcharmcropwo.shop/api/ IP104.21.67.211:80
File typeHTML document, ASCII text, with very long lines (14436), with no line terminators Hash79a00331f3e26de43f21d6984989303b a0e3f9007f6eb7128f02f0bbd14acf361fd0fba7 c1ad3cf869649f3490b10029a5be6e8405ca4e15c0baaf13529c636968c14310
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /api/ HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=21af6f4d0f0e4a8; cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 19:24:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 3JewbiKwVQUxwZuCF50Z575dqx2iDNYlhJOCn1ZjGTsNIKT/NwBeRAFONNvizKOU8MttPkuDiYJ3pu14IsrDA5equUnm8QUHL7NIxciOzxmKTZJCWUoKw8/tYVxPTkBzaZasIuDOqsKNl8vJsgYIdg==$Y5Zjysu6vhyeo1yfp388/A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xPKGpwu2IkNLZlgaj8ClCRcruyfpisjAGzkuEjf3%2B%2Bi7TBPqN6hJcsiutencGBVlbfb0YvidOVU9qQiiqKcxjGX4jn1bMCHfJA2CZ5NAsCq8hbDa%2B1YyrxmN9Chs3%2FCZiNStikQ%2FyKk%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879878dccb660b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879878dccb660b41 | 104.21.67.211 | | 111 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879878dccb660b41 IP104.21.67.211:0
File typeASCII text, with very long lines (65536), with no line terminators Size111 kB (111192 bytes) Hash501609318d214a90a88a89dbee3ffc44 ffff8ff45b868dccf338e1adf15d16fa4c52c54e 25958bac702991a56e1e2709b1634c9354d47520febdc13518278218fc90122a
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879878dccb660b41 HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/?__cf_chl_rt_tk=l7DKeSvMg7W6Sp2_QdeP34bEREO8Rgih2KEJYBYRfcM-1713986651-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=21af6f4d0f0e4a8; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 19:24:11 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYPK0reDYZFoxvBjI73sYGF1BqeQG78D6WQ6N2AhsXprAlFPgZ1qbmbq1OgBDVJiraJIt7mh8eYtas%2Fr4Daz9RE8dFxELKPN%2B5qvYDsvKgInwX4nRPL56K2%2BSUCfF56vIz9XYmIildaJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879878dd1d910afa-OSL
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 6.0 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api/
File typeHTML document, ASCII text, with very long lines (14525), with no line terminators Hash66da7283a3ad9a94da993444b58bf908 e46c510aa529f9e52aa0094b38ce259f3a525d0e 61314b6ae93c93de12ca2c9ee6123997440652f8c0079a29e75b9e7bd96eab6a
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/?__cf_chl_rt_tk=l7DKeSvMg7W6Sp2_QdeP34bEREO8Rgih2KEJYBYRfcM-1713986651-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=21af6f4d0f0e4a8; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 19:24:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ENurcCrLMlydoX1gygXJYzGoNFQwlCEhAj/70swKCFNsYCzuF2irqUExv/gTMAS45xMl/O8r6FeO9yfBQQOZWOknYsDnZwlMUZlRpfbF2jRTErgSmNynMM44G8e8OvqLake6LbGKIyIhPubJuq9H7g==$6XpR2L9QzE2ujlA2KU4xyQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QVuGqACYkTDI2l5j2A4X6E27CUJK5qKWxAJZKGwvlDTsvYif3DrSyopNb0f4gSv8lJYnd3OvnF2UWuJ2vTQEhTFaYvDxR4MvDPVyHn55Lo9bGnPDSS5kuKEwuORkjIoBYmNT3HMpD03Z"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879878dd7df50afa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api/
File typeHTML document, ASCII text, with very long lines (14440), with no line terminators Hash7841b9192a4abdfd7e17a93954b7efda 81c28ef65670c2c138299951bfb4fc84e5341a5d 85b7237a82cd6180c3d774e8a2d036c4f515bbedb691932decb8b9e14f88fbf6
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=9928244f9a258f4; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 19:24:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: LE4HRrJsum/mclJQWb/o1TsploJzGg+QM2159ZlY8RwlO6hHTYrlTZDW8rE1rd+SjxzE/HVOXeNh6HIZOjQ82QIPgI+ucG9K53vOpzsV0eFxrFnAvDZtaAgUt8FIVLdv3gJmil0DN+bEr4YjiM7/0A==$f8wrvxK0f33kdGqVGblOLw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x5saxxOg8ywbROnqPHn8H6%2FBojt0XrDVjKVhwxyYnzvP8Cbf%2FMnuhFeVjDZYjfEDoFrRe4Iv1nYLcsqO%2F1qD3t7iC2iasxcBClPAgb7C8RqsVzczHNKmFfxiU9X4OrdNis6tWnbCzdkq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879878ddbd4f5697-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:11 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 879878ddca9156c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0u5v/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0u5v/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash945e4644bf3c50654ad5d57d90d9b885 2b64547b61b6f75c85cb8436bd75b3c51beabd3e 93f49a5deab8a923cb76822167b4f826e4dcd2146336fdc2ec26f9029b751fb7
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0u5v/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:12 GMT
content-type: text/html; charset=UTF-8
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
origin-agent-cluster: ?1
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-embedder-policy: require-corp
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
document-policy: js-profiling
vary: accept-encoding
server: cloudflare
cf-ray: 879878df4d2356c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879878df4d2356c9/1713986652433/X1xBET7w0_aPk7q | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879878df4d2356c9/1713986652433/X1xBET7w0_aPk7q IP104.17.2.184:0
File typePNG image data, 17 x 20, 8-bit/color RGB, non-interlaced Hash9ebeef0b5724d20428c2454c89dd231f 8e46ef0ed179148c8a0a9339307117ccd5c70313 d4332ddd067116ef7fa8fa7e23ffcc00c40e41f794d0635b6c056f493050ed98
GET /cdn-cgi/challenge-platform/h/b/i/879878df4d2356c9/1713986652433/X1xBET7w0_aPk7q HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0u5v/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:13 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879878e9bd8b56c9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2081350045:1713983255:QjiAXfxAaZzzAFFHkPXo_6m0du_DPAwNJ6fUpzuIV4E/879878dccb660b41/9928244f9a258f4 | 104.21.67.211 | | 2.5 kB |
URL affordcharmcropwo.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/2081350045:1713983255:QjiAXfxAaZzzAFFHkPXo_6m0du_DPAwNJ6fUpzuIV4E/879878dccb660b41/9928244f9a258f4 IP104.21.67.211:0
File typeASCII text, with very long lines (3244), with no line terminators Hashffa54f5c5e7b06563845db175a412c3a 990ee9088ed315300870f6ebed96dc3b34bda915 7d1bd8d851c634dade96d8879cfdbe5e944109cf312712815b3d180851ea4830
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2081350045:1713983255:QjiAXfxAaZzzAFFHkPXo_6m0du_DPAwNJ6fUpzuIV4E/879878dccb660b41/9928244f9a258f4 HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://affordcharmcropwo.shop/api/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9928244f9a258f4
Content-Length: 3329
Origin: http://affordcharmcropwo.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_3=9928244f9a258f4; cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 19:24:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: ae4f7+PNYznu4OTVjCYG06nAmTsOOjKudFvoIWUmd16B8KWCZPOUjca6hqxSQVkMI0VJlwqxiLUiIdz4siummr3hJixJg7qHjC0RFED64o4onL5OPF5fshOG4zlE/dDmEOkYCFlyTnjNuM1Xvxqc3dHXBFaguJM3k0oIJ4FNjfc1RidU0mlcXbPWutkGhHd6GgHkWSrqVzZCACwpgP435ji8C4AXqnL9bHMfN2HSVxOztbMFfvpnfIF99ZjseHGyiGkI8mEeti5PamkmPHzABSuEeCYN+rY+Rt/JDYYCcnNELv7f38Mh47uwYbPZUk7cgLikfkQZXJfBm6UJMfC0QoBwYLwMrF8sh8urz6OXhg3i2stb3NXnNmSK4appEc/XaC5lDAIZc+iYaVX0vVV13Y463gdwg55Du445pj0DsRX34S80jDEk3YWp4MdnMupc3A5eLZBxYLKgnbH3hMhEpw==$EYb1xY4CwQCWqG/q8k3jPg==
cf-chl-out: THEhmLzSXsFwIyY5pXWSSvpZ4siErhM5a3vuT0+tOoxA6ZpxsqimhieG8hR1UUNeFCyE6MT+BKg7NYyNMBcxMR47jK5OlDTT8Y+cFSJY2Eg6eoNQa5WluPZ/cmu0no6I$sEu8o68Xbz+mY1bMlFWrgw==
set-cookie: cf_chl_rc_i=;Expires=Tue, 23 Apr 2024 19:24:20 GMT;SameSite=Strict
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rdjACu8jAGsBNAreuUlQpGvKSQy227xdKq96OqJv1cA3%2BtMR%2BjM4e2nWF8XlxJbRFBurIz702oHDMKGXrVZv2G7W7EupZN49zXLTBJkexdHecCN5DYqzTMQPBwyKmda3RhGpJnTNPXYG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 879879138ff856cc-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879878df4d2356c9 | 104.17.2.184 | | 166 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879878df4d2356c9 IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size166 kB (166497 bytes) Hashbcfbb2e810c23948087ab0d72589143b 5e84dff656bd902e00b2380a03a58bb988c5bf7d dcff1bef959ede01379cb9e71eb7d6f05254a2ad00a5658992011bb94ab3501a
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879878df4d2356c9 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0u5v/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 19:24:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 879878dfbe2956c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| affordcharmcropwo.shop/favicon.ico | 104.21.67.211 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1affordcharmcropwo.shop/favicon.ico IP104.21.67.211:80
Requested byhttp://affordcharmcropwo.shop/api/
File typeHTML document, ASCII text, with very long lines (14484), with no line terminators Hash46464b522ddce7a63e0e6d4dc2dba444 31b66321f15e24387ced7dd48387d891d1b1ab98 928377ffbc7a9e60a4d8824b3d81e19f57bb0d1b44fd16410d8ff26df8fd7290
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: affordcharmcropwo.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://affordcharmcropwo.shop/api/
Cookie: cf_chl_3=9928244f9a258f4; cf_chl_rc_i=1; PHPSESSID=jn32gbi2a29t9i7agr59bj10nl
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 19:24:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Ojjl63bxRQYqDgxHqNcI1IHLte76WuYouGzuqhyMENdV3OeAJNXHwTN9KKer3Ubsh1HPnpK1AUDRG5y38kwEj2lT/xpAjypDEUzpCBShyo/LnziVWKXjAaQrU8bzuAIimJacOFANpgHO4H8prlB29g==$1AspYxgTG0LmPGMqoq1rCw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7cl%2B37PLMLxjPEA6OwhqJ8mTT37p%2Fw5WcJneoJrYlttd87mbpVHr6Hf6O3Mf4hoDEyfoLqTg2uJGPrWiVGUcP3a8WeenRbCrN56tkQPCreaiCHrSROzZPDe6NEAB9VgnyYci0HlVnRAl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879879154a3956cc-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|