hghfe.cf/
104.21.21.176 7.1 kB IP 104.21.21.176:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (502)
Hash 2cefe02c68766ea19f50c797340e507d
b3883dfc74a0e862850c48bab890bb9bbc43b4e0
89486d44dc05c218ff2028c3dc6e85b320e43f5061118bf67a1a79917cfddc11
Analyzer Verdict Alert fortinet Malware
threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 523
Date: Fri, 12 May 2023 02:59:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
CF-RAY: 7c5f67b028660b59-OSL
Server: cloudflare
104.21.21.176523 7.1 kB URL User Request GET HTTP/1.1 IP 104.21.21.176:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (502)
Hash c29f226d73dabdc15acae0fd8c29e263
c775a39cabc7aa85eb21de609ed8daea407a2903
3eae0c1afc77565b7b201d93bc046362bf5538c7f4e36e0d6fa1e2fc384b1c72
Analyzer Verdict Alert fortinet Malware
threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
NIDS Severity Alert suricata high ThreatFox botnet C2 traffic (url - confidence level: 75%)
suricata high ThreatFox botnet C2 traffic (url - confidence level: 100%)
GET /Cj/PWS/fre.php HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 523
Date: Fri, 12 May 2023 02:59:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
CF-RAY: 7c5f67b2acb2b4ed-OSL
Server: cloudflare
172.67.199.170523 9.2 kB URL User Request GET HTTP/1.1 IP 172.67.199.170:80
Hash 530bfa52ebbd0a37ec32f8457266d3f4
16d505d24199720617d6eeccd80a67de82b5e0a2
8e00323e1fd27f59719093ff9cfaa7221d5857ec829be616d59990e73dc3b517
Analyzer Verdict Alert fortinet Malware
threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
NIDS Severity Alert suricata high ThreatFox botnet C2 traffic (url - confidence level: 75%)
suricata high ThreatFox botnet C2 traffic (url - confidence level: 100%)
GET /Cj/PWS/fre.php HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 523 No Reason Phrase
date: Fri, 12 May 2023 02:59:19 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 7c5f679d9ac71c12-OSL
server: cloudflare
X-Firefox-Spdy: h2
hghfe.cf/cdn-cgi/images/cf-icon-browser.png
104.21.21.176200 OK 484 B URL GET HTTP/1.1 hghfe.cf/cdn-cgi/images/cf-icon-browser.png
IP 104.21.21.176:80
Requested by http://hghfe.cf/Cj/PWS/fre.php
File type PNG image data, 100 x 80, 8-bit colormap, non-interlaced\012- data
Hash 59caf3c7eb63af78f12db37f41433779
8024e688e78e910ae1ea3bc25be7a7ab65444b02
78a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65
Analyzer Verdict Alert threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/images/cf-icon-browser.png HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hghfe.cf/cdn-cgi/styles/main.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 12 May 2023 02:59:23 GMT
Content-Type: image/png
Content-Length: 484
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 14:14:46 GMT
ETag: "645ba6d6-1e4"
Server: cloudflare
CF-RAY: 7c5f67c54de6b4ed-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 12 May 2023 04:59:23 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
hghfe.cf/cdn-cgi/images/cf-icon-ok.png
104.21.21.176200 OK 946 B URL GET HTTP/1.1 hghfe.cf/cdn-cgi/images/cf-icon-ok.png
IP 104.21.21.176:80
Requested by http://hghfe.cf/Cj/PWS/fre.php
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash dfaf0fbb758c874be231335db178381d
8f2597eb7ba4c89892aac0559816db3f5280b23e
ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b
Analyzer Verdict Alert threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/images/cf-icon-ok.png HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hghfe.cf/cdn-cgi/styles/main.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 12 May 2023 02:59:23 GMT
Content-Type: image/png
Content-Length: 946
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 14:14:46 GMT
ETag: "645ba6d6-3b2"
Server: cloudflare
CF-RAY: 7c5f67c55df4b4ed-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 12 May 2023 04:59:23 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
hghfe.cf/cdn-cgi/images/cf-icon-error.png
104.21.21.176200 OK 854 B URL GET HTTP/1.1 hghfe.cf/cdn-cgi/images/cf-icon-error.png
IP 104.21.21.176:80
Requested by http://hghfe.cf/Cj/PWS/fre.php
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash e5577f04b6d92590410e26bd2292933b
16946b2c99d98a57f83eac170ce94b012b7d1a7b
67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f
Analyzer Verdict Alert threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/images/cf-icon-error.png HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hghfe.cf/cdn-cgi/styles/main.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 12 May 2023 02:59:23 GMT
Content-Type: image/png
Content-Length: 854
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 14:14:46 GMT
ETag: "645ba6d6-356"
Server: cloudflare
CF-RAY: 7c5f67c559aeb51b-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 12 May 2023 04:59:23 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
hghfe.cf/cdn-cgi/images/cf-icon-cloud.png
104.21.21.176200 OK 1.5 kB URL GET HTTP/1.1 hghfe.cf/cdn-cgi/images/cf-icon-cloud.png
IP 104.21.21.176:80
Requested by http://hghfe.cf/Cj/PWS/fre.php
File type PNG image data, 152 x 77, 8-bit colormap, non-interlaced\012- data
Hash 3ec81e5e3a4de9fec46ce9e6999b9e27
8f03b6857ab8d31feb65f97b1ae6b678efdc2ddd
3a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58
Analyzer Verdict Alert threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/images/cf-icon-cloud.png HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hghfe.cf/cdn-cgi/styles/main.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 12 May 2023 02:59:23 GMT
Content-Type: image/png
Content-Length: 1484
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 14:14:46 GMT
ETag: "645ba6d6-5cc"
Server: cloudflare
CF-RAY: 7c5f67c55941b4eb-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 12 May 2023 04:59:23 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
hghfe.cf/cdn-cgi/images/cf-icon-server.png
104.21.21.176200 OK 1.4 kB URL GET HTTP/1.1 hghfe.cf/cdn-cgi/images/cf-icon-server.png
IP 104.21.21.176:80
Requested by http://hghfe.cf/Cj/PWS/fre.php
File type PNG image data, 95 x 75, 8-bit colormap, non-interlaced\012- data
Hash 2c11e67182601007f577f8bf2c72fee8
01dc915d4745f00632021c05d3eef634747a9c3d
41553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b
Analyzer Verdict Alert threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/images/cf-icon-server.png HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hghfe.cf/cdn-cgi/styles/main.css
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 12 May 2023 02:59:23 GMT
Content-Type: image/png
Content-Length: 1384
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 14:14:46 GMT
ETag: "645ba6d6-568"
Server: cloudflare
CF-RAY: 7c5f67c5585eb52d-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 12 May 2023 04:59:23 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
hghfe.cf/favicon.ico
104.21.21.176404 Not Found 182 B IP 104.21.21.176:80
Requested by http://hghfe.cf/Cj/PWS/fre.php
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 18ffb59b61525f781cf9251045be575d
bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
Analyzer Verdict Alert threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hghfe.cf/Cj/PWS/fre.php
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 12 May 2023 02:59:23 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: STALE
Age: 64289
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ko5uCdlE7MbhNjNaXLhPw21U7RzYlMIitMIBRlcfB8drayq7FguCueRdedwq1pskSkaw7TejjCTaHWz%2BbqslyyGgcccOx00oOWZo1BQ%2B1CxJMRMk2CtpnYExvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c5f67c58955b4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hghfe.cf/cdn-cgi/styles/main.css
104.21.21.176200 OK 8.0 kB URL GET HTTP/1.1 hghfe.cf/cdn-cgi/styles/main.css
IP 104.21.21.176:80
Requested by http://hghfe.cf/Cj/PWS/fre.php
File type ASCII text, with very long lines (8058), with no line terminators
Hash f05b791d939d996f45bac11e12cf755b
b492b16cfd44b512b25a041c77d4a43cbf0cf81d
fbe756fe507774e5868de0ef5ff58e4d4fe18c4bb8c76e7bb0d374b43108bf59
Analyzer Verdict Alert threatfox Loki Password Stealer (PWS)
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /cdn-cgi/styles/main.css HTTP/1.1
Host: hghfe.cf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hghfe.cf/Cj/PWS/fre.php
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 12 May 2023 02:59:23 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 May 2023 14:14:46 GMT
ETag: W/"645ba6d6-1f4d"
Server: cloudflare
CF-RAY: 7c5f67c52ddcb4ed-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 12 May 2023 04:59:23 GMT
Cache-Control: max-age=7200, public
Content-Encoding: gzip