| sweetsquarediaslw.shop/;E.U | 172.67.203.170 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1sweetsquarediaslw.shop/;E.U IP172.67.203.170:80
File typeHTML document, ASCII text, with very long lines (14165), with no line terminators Hash4f4ef19b7cfd9bc4373bb89f3a6c831c 79b7ced3bb6a9790102d27acc6104deae582ea46 902354b7dbdd0566f08365dd9715ed8b984b05d4dc0cd1d033147384de228ab0
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /;E.U HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 09 May 2024 02:56:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: zkqG5IAFTebi4+GLzWejmj/OaALkTZ+oEXO6PwvTIEuaskmkxXJopZpFGx87+vJcdkPJ+51nMdkJuGxTaF7oioxDMCKsII907YMG2YSq/heHaCHq5oLtN76ZAEX2zoqvAllEwv7+fNNfKzzyTHZyqA==$y9nPuFHTF2jPceLbl00cYg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yP0d2LF54QQPHVIyLii14yIFEwLqGCQ%2BCttjKWXwO3ESEn2irKMNkPhVknG4lnsm%2BC5YxDAGGmrrrscN5odJbfC3Szc38x1XO%2FYMGAl%2FCkMtS1IUxE96ocx%2BXdWG%2FKAyyeGS375RyeZO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880e6a0c38c5b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880e6a0c38c5b4ed | 172.67.203.170 | | 111 kB |
URL sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880e6a0c38c5b4ed IP172.67.203.170:0
File typeASCII text, with very long lines (65536), with no line terminators Size111 kB (111209 bytes) Hashc8150741f1192820c1e385118a6db789 f55981c0f228e315cb33c4683c11c735e8931849 a8b06e562801ad95615174a122c723f2c7e0c9794cd4c1614a9625f36898fa9d
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880e6a0c38c5b4ed HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sweetsquarediaslw.shop/;E.U?__cf_chl_rt_tk=hsbUnEhDc1JRomSry1z36_wdltT5qGKWTZxW2SIxBAQ-1715223364-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 May 2024 02:56:04 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h68pBwCGo5Lu3W0W6An%2F3MadS3kqEYTl2gn9N3Tv8uEkHoRJKTH9DRRauXLoQi2tYkQOW%2BB9tEWN%2Bxq26t6E8whBWKXUuJtZulw4g3gkz1tR%2FEmY1Oue3aBTX8SqOUlF%2BAEtZDIa0feg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880e6a0de82e5696-OSL
alt-svc: h2=":443"; ma=60
|
|
| sweetsquarediaslw.shop/favicon.ico | 172.67.203.170 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1sweetsquarediaslw.shop/favicon.ico IP172.67.203.170:80
Requested byhttp://sweetsquarediaslw.shop/;E.U
File typeHTML document, ASCII text, with very long lines (14172), with no line terminators Hash2b1b30f39ee16657eb3d5715039eeb9f 82d916ed9aeb43feb67eed6b7e63d493206e26c8 a6cd370cd43e0495ff11ab65f203078b905a04474f833538a55810e008e7f78e
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sweetsquarediaslw.shop/;E.U
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 09 May 2024 02:56:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: jLZVjrASN3gaT+dIwv1KKR4Wgc6Z83R7I4lGjdRMyrm+PQeZ1vNepUwcIhVeYAEf1llAvwODicmRpyZCZqYDjdSjRJ2qseuOzGLBpBEOkaSWz7DZqaECS5qr7hmryjdX1PEkZPiJynhfQkXwBpaL6g==$LlrQaJD49BB6+VlAbcQkAA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m8azVQXP%2FTw8cLwOX%2BOHWG0TbBcjTtXWrncxrtWrLg16b5n9crgh%2FBVmY9383eEMVPB4lytjkcnCOf7dfm4kNRf5%2Bx1F%2FqFtDzztAV41c7fmD1YAsxFuNyL%2BKxr1ed5mXA49NtOza5PP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880e6a0eed29b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit | 104.17.3.184 | 200 OK | 27 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit IP104.17.3.184:443
Requested byhttp://sweetsquarediaslw.shop/;E.U CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42565) Hasha5b92920e25651d2058f4982a108347b caeeadd68d38fdb681c52006c68880abc2e8a1a6 49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5
GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://sweetsquarediaslw.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 02:56:04 GMT
content-type: application/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=604800, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 880e6a0efb77568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1ldm8/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1ldm8/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash9c0c1f1de230de6bb3adb41bd1ee11da 414494cf80b6bcf99d64071441c18994445b2d31 51f57e1dab8e9bbd88d0fee16b0c89adc11cca479a03e3bb08d400eb4781bba5
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1ldm8/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 02:56:05 GMT
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
vary: accept-encoding
server: cloudflare
cf-ray: 880e6a10af907129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/87396418:1715221848:7OTM8XebTkmaGxYMQ_vIDBnck3q39w0wJNin2fca-fY/880e6a10af907129/544248672032e1d | 104.17.3.184 | | 122 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/87396418:1715221848:7OTM8XebTkmaGxYMQ_vIDBnck3q39w0wJNin2fca-fY/880e6a10af907129/544248672032e1d IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size122 kB (121510 bytes) Hashfc8f47686c15a2458c9cea9f721ad55d b23e5c9b1063764a892571ba9f89418b6d4515bc 8a3a9c071afe1e810b5260b60bee257fc873b7d87837b7018efda38e353ada12
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/87396418:1715221848:7OTM8XebTkmaGxYMQ_vIDBnck3q39w0wJNin2fca-fY/880e6a10af907129/544248672032e1d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1ldm8/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 544248672032e1d
Content-Length: 3515
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 02:56:05 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: tVaUdMBOySmjQzd+CyB5UDmOMDrDNwP91JoBYnzmiGReLQsQLYfHmsOyDn1kJ8A0SI9LVx3w0lcq+5BHurwdmOmbUTugb+N9ed2U1PsjS26HI/mpWDzQDqRsTpt7Y73mRnmx4FHGAOBfDD+/rFh24pz5zbvvKMSsl9jxDUhMkQEv8rOJhZOmjgQLtNe+hVdCRl/aIulDqWuj/qUEwObcuKHK8X1CvlTkBslHbi+DK9NxVoR4B1d29q11+7sWEgLjv46w7MaYYoTyzsgHzF4JS/DGttvwvdHIFLkwq6zuZXa4HQLQNVyimWGU3OxUleWWJ6VR8xl+4NdqIjLakdulmoGbGr88Lkn5Sj6+xe0WhPhjsNOjalWkBhEaRFdiaol69do8C6MaxC5DqZeQyPcXy/Y+tPD25na1zpBPE7d0RSDBqVR2J+I48O2IXyUCTfYy1AFm0Y6brV0AhB1V/EFdWw==$kz7MGrHm6hnQrOuvVowW9w==
vary: accept-encoding
server: cloudflare
cf-ray: 880e6a1398a07129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880e6a10af907129/1715223365710/aG0WOMbW37J4Qwi | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880e6a10af907129/1715223365710/aG0WOMbW37J4Qwi IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 98 x 29, 8-bit/color RGB, non-interlaced Hashcb3514b44b3f287a0be5beb1b28cb078 d25e04e77dc513c748d292497afbacbeb38333c9 a6f1076007d99c4bc0a062ee4cca981dfd336fd781b5dd49e9e9438594f757e7
GET /cdn-cgi/challenge-platform/h/b/i/880e6a10af907129/1715223365710/aG0WOMbW37J4Qwi HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1ldm8/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 02:56:06 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880e6a1b8b5a7129-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/87396418:1715221848:7OTM8XebTkmaGxYMQ_vIDBnck3q39w0wJNin2fca-fY/880e6a10af907129/544248672032e1d | 104.17.3.184 | | 23 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/87396418:1715221848:7OTM8XebTkmaGxYMQ_vIDBnck3q39w0wJNin2fca-fY/880e6a10af907129/544248672032e1d IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22248), with no line terminators Hash2ed96fd33f8fd2d9e3f95ef8e830cc1d 67606be3f4db519f25e8ed8a2c87a2dbad53be6e 2446ce540235afdf2a8deefb186f3bbf782c4fbededd0a378e10ac0cf9bc2962
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/87396418:1715221848:7OTM8XebTkmaGxYMQ_vIDBnck3q39w0wJNin2fca-fY/880e6a10af907129/544248672032e1d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1ldm8/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 544248672032e1d
Content-Length: 27966
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 02:56:08 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: hghENM3MxMsEBhYZzkCyln4qgx57+YokFqPtYuMm7K5NsJZHD+s5wbF71E7aMAQM$QD6R4+l4/sMpiMGjuz8hpg==
vary: accept-encoding
server: cloudflare
cf-ray: 880e6a234e1a7129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| sweetsquarediaslw.shop/;E.U | 172.67.203.170 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1sweetsquarediaslw.shop/;E.U IP172.67.203.170:80
File typeHTML document, ASCII text, with very long lines (14186), with no line terminators Hash19909b63cd7fd1a5ac8cb1c2df44e99d d41f68def488e25b9f0f4469befcfaa60b20252c 741babd8e22d5f65089cfdede42404dc31518f9b103e3d6b0a7682483af217f5
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /;E.U HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 09 May 2024 02:56:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 0tC1riyj1xWGekzAEmEWyzDFI6L1CCNuc7QI3Hs6bH1TcCRANUcDWgoByr0gLJnmoMZXZVep9Wzz1ARAGmAPJYi3EkdREpSN+GBiLdwKyeJFvVHVJdl50yXc3exnpN91QVm/m4+JqUa6iYVIUxmpIg==$j+aaQ/QEy5C5VNdp2RlNZg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pz9WbdvnMaPGdSesM%2FXMMtcaTbGCrNuVArsV%2FDGslxnqUxvuO4B6d9UFLls1KlS6L%2BdKsFdrlSuhMFscSW2VWoLJdAbshfuF1cZN68kUdzQgwrel1mEizhCphkHWKlafYSZ3L681irHh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880e6a4dabcd5693-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880e6a4dabcd5693 | 172.67.203.170 | 200 OK | 113 kB |
URL GET HTTP/1.1sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880e6a4dabcd5693 IP172.67.203.170:80
Requested byhttp://sweetsquarediaslw.shop/;E.U
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (112757 bytes) Hashb5564b6e5c81572f78e0e7b85e80eb81 ea7ed1a0d43c2b6dee0ab36b4367aaa15b2a127b be520fc78c480f267061802a30e9c6eef1c3c76cdd7e35e22ae6beb0e7d785a0
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880e6a4dabcd5693 HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sweetsquarediaslw.shop/;E.U?__cf_chl_rt_tk=XCUvn6tFwyosRELkbIzw62uDTRVOOIHlg_9eIgE4ujI-1715223374-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 May 2024 02:56:15 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LK19uTvBz1eSro4QrUCp%2FYWJOFaj0GH3j2slfCljI6bVLifcxClWOKpmORawR7QG7cyOIrzzq7J9KepsFZLSTIPwbG94llhE3ua3f4ig52dp2iQp0iHtYBzCu7s42QY%2BrZYHYVlI7B35"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880e6a4e2a737128-OSL
alt-svc: h2=":443"; ma=60
|
|
| sweetsquarediaslw.shop/favicon.ico | 172.67.203.170 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1sweetsquarediaslw.shop/favicon.ico IP172.67.203.170:80
Requested byhttp://sweetsquarediaslw.shop/;E.U
File typeHTML document, ASCII text, with very long lines (14194), with no line terminators Hash85956cb4082328f3137f13da2ccd142e 5aafe44aee3c9130d885faf337058ef58c414c72 506a75d7af6c4e6541c00b41dc1e69d4cf5a2b3368beb6de2f024de8cf3cd173
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sweetsquarediaslw.shop/;E.U
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 09 May 2024 02:56:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: k7jMqyqygmbZ/LsAFYRjwjH42E7ZzLmGxbZOtsBg22v9llutmtKZK0uASlVXgbfZJsjFd+C1/ozxX1MnUNKJ4jrYYG37G3Z/707wACCSCcMSxNY6hD3ISSZlyHbwiYKlEWqJDYV/vjiY+sgXfrTpXA==$Ytmx29dNDJSQlK1TUNVJmA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P7hzB%2BiZSul8BexzShmyIQ5jUreIIDTP4qX3gcgVY1%2BhXHHfVHTv%2Bp8sn0nh3lf7YiQpQEM9mw0LDhbnWP%2Ft5qbMxBajyL1lcKA4vQrAnj5Av0DMbKap69KwPpacvvh9ogF7BdDt7ONS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880e6a4f1b53b503-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1176456546:1715221734:WfVjhzgUq34TmaF4rjeCJFUKI9Y-rUAr46j1DqAM934/880e6a4dabcd5693/7fb07a167bfb9f8 | 172.67.203.170 | 200 OK | 12 kB |
URL POST HTTP/1.1sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1176456546:1715221734:WfVjhzgUq34TmaF4rjeCJFUKI9Y-rUAr46j1DqAM934/880e6a4dabcd5693/7fb07a167bfb9f8 IP172.67.203.170:80
Requested byhttp://sweetsquarediaslw.shop/;E.U
File typeASCII text, with very long lines (16368), with no line terminators Hashb4a04ca9f8bb352869ec9b7a0589770a 0fc267043e4390882bec5aa2b7015cc4b200e316 e432becfb1eedfee6ec905953e86e25671e03faceb56cd2df766bdc3520b735b
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1176456546:1715221734:WfVjhzgUq34TmaF4rjeCJFUKI9Y-rUAr46j1DqAM934/880e6a4dabcd5693/7fb07a167bfb9f8 HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sweetsquarediaslw.shop/;E.U
Content-type: application/x-www-form-urlencoded
CF-Challenge: 7fb07a167bfb9f8
Content-Length: 1842
Origin: http://sweetsquarediaslw.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 May 2024 02:56:15 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: S69XF13oG2Wfi3/gzHbBDs2EIQicaze6QFf9xprLkYjQG8sz91XWV8ovtkEjbJ9Q$A4WE14MnJGFItVKa53U9gA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULOkIFsW2Ei0TwnW4Sd5bq6G0UaqSeqMCVkuBb6zjPY6cZoe20gY9XVsLqVGqeZV9AMJ0WhP2pFPrw6ZBpITVK12UTEbSziHma5dNi6blTTKfpausoZUcmbHyZD%2BeVdRfLVA0er4tYt%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880e6a4ff9e056b4-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1b285/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1b285/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://sweetsquarediaslw.shop/;E.U CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash44b3e447fcbad30d5e41a3246ec9c156 36a82b4ef876b4b97af3042e66b6e712d0444f65 10b373ecdb871bba46f84b653450229ef62275fe8530354078c0ed786ee975e9
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1b285/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 02:56:15 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
origin-agent-cluster: ?1
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 880e6a512f627129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880e6a512f627129/1715223376035/NVhny2vhmFWl7hO | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880e6a512f627129/1715223376035/NVhny2vhmFWl7hO IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 100 x 31, 8-bit/color RGB, non-interlaced Hash0c2cca53023eb93b7b17e4c3af57c188 c06bc020041272ca189a0666d957ff8076d50ecf c455787ca627421a7789705a40f3dcad4e3bf516c027cd397f0c4f899246644b
GET /cdn-cgi/challenge-platform/h/b/i/880e6a512f627129/1715223376035/NVhny2vhmFWl7hO HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1b285/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 02:56:18 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880e6a64ee187129-OSL
alt-svc: h3=":443"; ma=86400
|
|
| sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1176456546:1715221734:WfVjhzgUq34TmaF4rjeCJFUKI9Y-rUAr46j1DqAM934/880e6a4dabcd5693/7fb07a167bfb9f8 | 172.67.203.170 | 200 OK | 1.8 kB |
URL POST HTTP/1.1sweetsquarediaslw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1176456546:1715221734:WfVjhzgUq34TmaF4rjeCJFUKI9Y-rUAr46j1DqAM934/880e6a4dabcd5693/7fb07a167bfb9f8 IP172.67.203.170:80
Requested byhttp://sweetsquarediaslw.shop/;E.U
File typeASCII text, with very long lines (2328), with no line terminators Hashd79acced21cd9dd849c09084f2ffa1f9 fa0faaf9ae5b048262abc1d23d3092cb99eae754 56b911c8c6e751f71b0901153eae4f7c9d17e627046ad85a5d4884ced5cd2fd8
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1176456546:1715221734:WfVjhzgUq34TmaF4rjeCJFUKI9Y-rUAr46j1DqAM934/880e6a4dabcd5693/7fb07a167bfb9f8 HTTP/1.1
Host: sweetsquarediaslw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sweetsquarediaslw.shop/;E.U
Content-type: application/x-www-form-urlencoded
CF-Challenge: 7fb07a167bfb9f8
Content-Length: 2520
Origin: http://sweetsquarediaslw.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 09 May 2024 02:56:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: hSQn6umA1fDmYHKF9CHcSPLsYLKRCjVHdiu2yLHW5q0uHTf+i9sPt87aqYMxYO0Irya93S0ICqWmrrTny5NNQ8cMpHL64TXDJrOacY7O2SE=$Rg66JMnrjwhu11zMaRGfAA==
cf-chl-out-s: aru+w9Asqzp2kZCcUVyKuw==$mYWfhIppTgQeVmYxTkgqcA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lEAdgxYW8zR8%2BljXwvnsVEaojG9OsTHsi0KkYRWsodqVBP8WRrOjdYKZu7%2F2e8A3SP3ILYMbg6DLTlMoY0HpenrvmR9A3dgG8TnAePiRtt6uk4dDQcJBhnMZ1jZ7f9J4ewqZZo6niAY7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880e6a863ce656b4-OSL
alt-svc: h2=":443"; ma=60
|
|