| tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2 | 52.219.216.18 | | 36 kB |
URL tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2 IP52.219.216.18:0
File typeHTML document, ASCII text, with very long lines (3309) Hashd8284c232cd34e986ec575e00f8f7ab8 09830ebc7c405e998bbf127651b01266885b1feb 6a3116f71897d34ca6aee33cbe4d2360ed7323b15fe6c83679c93f5d094dfe4d
GET /uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2 HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: MLfLThPNZu95h3qMxoc6V0UBKxalDjyx7S1802Tk9vO8NR9rkar86YZvU0ORk8m22dnf8ZLQqXo=
x-amz-request-id: 2FWVFJ7CCSF8KBTQ
Date: Fri, 19 Apr 2024 13:40:53 GMT
Last-Modified: Fri, 19 Apr 2024 08:37:26 GMT
ETag: "d8284c232cd34e986ec575e00f8f7ab8"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 36454
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?render=explicit | 104.17.3.184 | 302 Found | 0 B |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP104.17.3.184:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 19 Apr 2024 13:40:52 GMT
content-length: 0
location: /turnstile/v0/b/471dc2adc340/api.js?render=explicit
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 876d4f14fee35691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 | 185.15.59.240 | 200 OK | 40 kB |
URL GET HTTP/2upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 IP185.15.59.240:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerDigiCert Inc Subject*.wikipedia.org Fingerprint48:3F:0C:71:F3:4A:E0:EA:30:D9:9B:D6:04:63:DC:DA:A8:F4:9D:FB ValidityWed, 18 Oct 2023 00:00:00 GMT - Wed, 16 Oct 2024 23:59:59 GMT
File typePNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced Hasha0b27ae4e940fbf1ec6bdb72da4601e3 282ac84c78f76a9939f84b1ba76f87829d9091a7 292ca7b17e46e208aa117de746d64e4724e83b3d5ac9d70e2f841e2cc03eb94b
GET /wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-disposition: inline;filename*=UTF-8''Cloudflare_Logo.png
last-modified: Fri, 13 May 2022 07:55:33 GMT
content-length: 39856
date: Fri, 19 Apr 2024 06:27:51 GMT
server: envoy
etag: a0b27ae4e940fbf1ec6bdb72da4601e3
age: 25981
x-cache: cp3078 hit, cp3078 miss
x-cache-status: hit-local
server-timing: cache;desc="hit-local", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js | 104.18.2.35 | 200 OK | 162 kB |
URL GET HTTP/1.1pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js IP104.18.2.35:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerLet's Encrypt Subject*.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size162 kB (162097 bytes) Hash99a8c60ed8fa39b9533a10013bd87904 c65f9f96a75d2174a99b04f0841ded4728926d9d acdb99f20b8b22ad7a901f81339fe4747b9b1532046e077e7a08d71c20d37dd6
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Unique code from Jetriz, Swid & Jeniva of the Tetris framework |
GET /index-EdAE6GUO.js HTTP/1.1
Host: pub-cb72f4af1674441897427b55eaf679a1.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 13:40:52 GMT
Content-Type: text/javascript
Content-Length: 162097
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
ETag: "99a8c60ed8fa39b9533a10013bd87904"
Last-Modified: Thu, 15 Feb 2024 18:53:07 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
CF-RAY: 876d4f152fccb4ff-OSL
|
|
| tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico | 52.219.216.18 | 403 Forbidden | 243 B |
URL GET HTTP/1.1tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico IP52.219.216.18:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerAmazon Subject*.s3-us-west-1.amazonaws.com FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT
File typeXML 1.0 document, ASCII text Hash2a60548bdb974bacdf5f250117847d34 cabaf6f23b8c55a4592a5decf6f80c9b8b188b88 66383fd9d97ffcf2c9a71cdba2cb52ba1355bd33d578d611dd40e6421724c7fd
GET /favicon.ico HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
x-amz-request-id: 2K6J9KHEVAX9AYQD
x-amz-id-2: TpRgt1kwCvh5go7XYryPCEzb7Sl096nArxlz7FpKE+mbgbNHXe97F9f0ZOTHjulvC2pkzLhm1OE=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Fri, 19 Apr 2024 13:40:52 GMT
Server: AmazonS3
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbggk | 185.106.94.85 | | 118 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbggk IP185.106.94.85:0 ASN#210644 Aeza International Ltd
File typeASCII text, with no line terminators Hash0414e369ba1215ec9ad6b7e71bd5e385 2d95a0b2ab5a0d27befa4a23dd3e524e7464748f f6a899a9b579fcafed6f47831c41b7da410fe1996182fd95ffa397da372454fd
GET /socket.io/?EIO=4&transport=polling&t=Oxsbggk HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 118
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmd&sid=dB4xWNlXRA9yAXO4AAih | 185.106.94.85 | | 2 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmd&sid=dB4xWNlXRA9yAXO4AAih IP185.106.94.85:0 ASN#210644 Aeza International Ltd
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /socket.io/?EIO=4&transport=polling&t=Oxsbgmd&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 2
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmj&sid=dB4xWNlXRA9yAXO4AAih | 185.106.94.85 | | 32 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmj&sid=dB4xWNlXRA9yAXO4AAih IP185.106.94.85:0 ASN#210644 Aeza International Ltd
File typeASCII text, with no line terminators Hash8699bc162e3c567beadd5d519ddf13e4 a1ecfd700e896aea0f2f89d3e734d75b9354019f be1bce371e09015b9be1b8e6f759131847eae19b8a8cfdedbcb0b62cc90b2563
GET /socket.io/?EIO=4&transport=polling&t=Oxsbgmj&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 32
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgo4&sid=dB4xWNlXRA9yAXO4AAih | 185.106.94.85 | | 2 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgo4&sid=dB4xWNlXRA9yAXO4AAih IP185.106.94.85:0 ASN#210644 Aeza International Ltd
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /socket.io/?EIO=4&transport=polling&t=Oxsbgo4&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 775
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=dB4xWNlXRA9yAXO4AAih | 185.106.94.85 | | 0 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=dB4xWNlXRA9yAXO4AAih IP185.106.94.85:0 ASN#210644 Aeza International Ltd
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=4&transport=websocket&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GYjnYkJPdNWGiIEmB7HDCw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sQCq/LrstqDQ8d5hHflShX8ueEE=
Access-Control-Allow-Origin: *
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgox&sid=dB4xWNlXRA9yAXO4AAih | 185.106.94.85 | | 2 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgox&sid=dB4xWNlXRA9yAXO4AAih IP185.106.94.85:0 ASN#210644 Aeza International Ltd
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /socket.io/?EIO=4&transport=polling&t=Oxsbgox&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 164
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgn_&sid=dB4xWNlXRA9yAXO4AAih | 185.106.94.85 | | 32 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgn_&sid=dB4xWNlXRA9yAXO4AAih IP185.106.94.85:0 ASN#210644 Aeza International Ltd
File typeASCII text, with no line terminators Hashffd400da2c89675eb925a5e4732401a1 32d0d30ddfbc6a2db88ddf8a607e34cdde16f5ec 5b06abe905f775fe5d3daf1b6497b07bd7a8ed2b5425c9de7e4f8554e755e596
GET /socket.io/?EIO=4&transport=polling&t=Oxsbgn_&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 32
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| challenges.cloudflare.com/turnstile/v0/api.js?render=explicit | 104.17.3.184 | 302 Found | 0 B |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP104.17.3.184:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Fri, 19 Apr 2024 13:40:54 GMT
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/471dc2adc340/api.js?render=explicit
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 876d4f1f9e6e5684-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html | 3.5.162.108 | 200 OK | 36 kB |
URL User Request GET HTTP/1.1tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html IP3.5.162.108:443
CertificateIssuerAmazon Subject*.s3-us-west-1.amazonaws.com FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (3309) Hashd8284c232cd34e986ec575e00f8f7ab8 09830ebc7c405e998bbf127651b01266885b1feb 6a3116f71897d34ca6aee33cbe4d2360ed7323b15fe6c83679c93f5d094dfe4d
GET /uc.html HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: WDBatkpM6jBL+Zx26Vs7rVcg3Z8KoTiYoXghl48VOAJE56rHpjgENREbI2wYM1X/SNkwLwC5L2jsP6zabSZj1Q==
x-amz-request-id: TJ4VXJ9AN91N7S7H
Date: Fri, 19 Apr 2024 13:40:55 GMT
Last-Modified: Fri, 19 Apr 2024 08:37:26 GMT
ETag: "d8284c232cd34e986ec575e00f8f7ab8"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 36454
|
|
| upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 | 185.15.59.240 | 200 OK | 40 kB |
URL GET HTTP/2upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 IP185.15.59.240:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerDigiCert Inc Subject*.wikipedia.org Fingerprint48:3F:0C:71:F3:4A:E0:EA:30:D9:9B:D6:04:63:DC:DA:A8:F4:9D:FB ValidityWed, 18 Oct 2023 00:00:00 GMT - Wed, 16 Oct 2024 23:59:59 GMT
File typePNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced Hasha0b27ae4e940fbf1ec6bdb72da4601e3 282ac84c78f76a9939f84b1ba76f87829d9091a7 292ca7b17e46e208aa117de746d64e4724e83b3d5ac9d70e2f841e2cc03eb94b
GET /wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-disposition: inline;filename*=UTF-8''Cloudflare_Logo.png
last-modified: Fri, 13 May 2022 07:55:33 GMT
content-length: 39856
date: Fri, 19 Apr 2024 06:27:51 GMT
server: envoy
etag: a0b27ae4e940fbf1ec6bdb72da4601e3
age: 25982
x-cache: cp3078 hit, cp3078 hit/1
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js | 104.18.2.35 | 200 OK | 162 kB |
URL GET HTTP/1.1pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js IP104.18.2.35:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerLet's Encrypt Subject*.r2.dev Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0 ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size162 kB (162097 bytes) Hash99a8c60ed8fa39b9533a10013bd87904 c65f9f96a75d2174a99b04f0841ded4728926d9d acdb99f20b8b22ad7a901f81339fe4747b9b1532046e077e7a08d71c20d37dd6
Analyzer | Verdict | Alert | Public Nextron YARA rules | malware | Unique code from Jetriz, Swid & Jeniva of the Tetris framework |
GET /index-EdAE6GUO.js HTTP/1.1
Host: pub-cb72f4af1674441897427b55eaf679a1.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/javascript
Content-Length: 162097
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
ETag: "99a8c60ed8fa39b9533a10013bd87904"
Last-Modified: Thu, 15 Feb 2024 18:53:07 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
CF-RAY: 876d4f206a61b4ff-OSL
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh6p | 185.106.94.85 | 200 OK | 118 B |
URL GET HTTP/1.1arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh6p IP185.106.94.85:443 ASN#210644 Aeza International Ltd
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerLet's Encrypt Subjectarcanecelestials.com FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT
File typeASCII text, with no line terminators Hash0881e531c418f0566c72577f2fe7dc97 db1a9d3166d8efe4cb4bc07cbd5422cd77a61b35 5b9e29605720ce510310cf05b474adfcf3a7adab4317c57856ee09b0f34d2d2f
GET /socket.io/?EIO=4&transport=polling&t=Oxsbh6p HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 118
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7c&sid=yAZclQD8ruy0kHEIAAij | 185.106.94.85 | 200 OK | 2 B |
URL POST HTTP/1.1arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7c&sid=yAZclQD8ruy0kHEIAAij IP185.106.94.85:443 ASN#210644 Aeza International Ltd
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerLet's Encrypt Subjectarcanecelestials.com FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /socket.io/?EIO=4&transport=polling&t=Oxsbh7c&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 2
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7f&sid=yAZclQD8ruy0kHEIAAij | 185.106.94.85 | 200 OK | 32 B |
URL GET HTTP/1.1arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7f&sid=yAZclQD8ruy0kHEIAAij IP185.106.94.85:443 ASN#210644 Aeza International Ltd
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerLet's Encrypt Subjectarcanecelestials.com FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT
File typeASCII text, with no line terminators Hashe3d133a38cf784134553701e8d7d2827 e4b1af7db2f49e88bb590061beedd1ef01f18393 1705025b55c69e2ab184c5dcf2956fd3907dee623a0e66f07cb1363b282edf0f
GET /socket.io/?EIO=4&transport=polling&t=Oxsbh7f&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 32
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij | 185.106.94.85 | | 0 B |
URL arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij IP185.106.94.85:0 ASN#210644 Aeza International Ltd
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JttngXDj7tO3JXI0kLGJ8w==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:55 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: arwZ1FSHVFR2eEjkw5E2jUGmBac=
Access-Control-Allow-Origin: *
|
|
| tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico | 3.5.162.108 | 403 Forbidden | 255 B |
URL GET HTTP/1.1tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico IP3.5.162.108:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerAmazon Subject*.s3-us-west-1.amazonaws.com FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT
File typeXML 1.0 document, ASCII text Hashb2a75fdce3d43bde10754d1615d2ff99 202e08837d5f581bf619d0622d277752dda65844 e0e545f73daa18ef8f0dbcb2136602485abc75c25e62eeb69151edb5b3ef9768
GET /favicon.ico HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
x-amz-request-id: TJ4Q6F62Y204RT4G
x-amz-id-2: zUJ1FUYmzlzYakgybaetUzGGXSmUJ8ScD9H5Qe9IHia/0CUY/fjPO+RNBgbHtRDl8wmCbFNf6TZr5qyMi9oH7g==
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Fri, 19 Apr 2024 13:40:54 GMT
Server: AmazonS3
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 876d4f242b005684-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh8N&sid=yAZclQD8ruy0kHEIAAij | 185.106.94.85 | 200 OK | 1 B |
URL GET HTTP/1.1arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh8N&sid=yAZclQD8ruy0kHEIAAij IP185.106.94.85:443 ASN#210644 Aeza International Ltd
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerLet's Encrypt Subjectarcanecelestials.com FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT
File typevery short file (no magic) Hash1679091c5a880faf6fb5e6087eb1b2dc c1dfd96eea8cc2b62785275bca38ac261256e278 e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
GET /socket.io/?EIO=4&transport=polling&t=Oxsbh8N&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:55 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 1
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/876d4f237a545684/1713534055364/3889fa14ab1472114cd83aca67090178c1d4248008a92cd2aed663ebdd4081cf/1tD_u-TRcixgq5Z | 104.17.3.184 | 401 Unauthorized | 1 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/876d4f237a545684/1713534055364/3889fa14ab1472114cd83aca67090178c1d4248008a92cd2aed663ebdd4081cf/1tD_u-TRcixgq5Z IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/876d4f237a545684/1713534055364/3889fa14ab1472114cd83aca67090178c1d4248008a92cd2aed663ebdd4081cf/1tD_u-TRcixgq5Z HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gOIn6FKsUchFM2DrKZwkBeMHUJIAIqSzSrtZj691Agc8AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArny_u1wyrVg8e-Kmwxyfb2WoiwwZ2VR7QAnot_CrcySq56Rui-jZM9090K9_dW6HmpAKhOjYXLCJ7g4U74G4z6SRM_YRj-GLp3EaBxay798DZIeAtv_N7Z9CHI_0VTYiqNXVm2z1bF5VtFasnv3JDaWb4yIjBd8vMfNUM4Y4nXXIeMIyXdVK2hlzVO8VxBkXca7UzhCq51WDKlSYPWUy9ieZTdwNf5Q49DwdF9woTnuKPY26TxVlEHMcf8JJiXLUR2bbdG-Qv1fqbwQloSjintj5uXWLsZd84bMpNedRNJBV22T0PgKNeip6oalvdYbaiHiyDATsKlA6-8KJ-CUQTQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIDiJ-hSrFHIRTNg6ymcJAXjB1CSACKks0q7WY-vdQIHPABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 876d4f29383b5684-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876d4f237a545684/1713534055366/BKRmzrdQm-ms8MO | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876d4f237a545684/1713534055366/BKRmzrdQm-ms8MO IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 39 x 66, 8-bit/color RGB, non-interlaced Hashb7a8a290e180d94065ac3599e54846ef 93e0439e0be3387eba3a68c4d1779954d9b7b6cc f3b97babca2ab165b3caad2cb64ac30b25089c9d1ec1dae6a7773daf3d5697ac
GET /cdn-cgi/challenge-platform/h/b/i/876d4f237a545684/1713534055366/BKRmzrdQm-ms8MO HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:56 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 876d4f2d8c5e5684-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 | 104.17.3.184 | 200 OK | 95 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash61b95e0dbef7aba4dd2c4ba888ffb84a dcf4347b159cca6a2dae97f4a03c68697a27f442 6270c807ae06d690891ecb78ab65cb425d5b0cd7f5de8ca4fa88e2536b1c974a
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e6e95b0bbf60687
Content-Length: 2734
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: m8i145sujVP6YROJJgbY9Q885GxNTYI3rqVNEreNyhRmy1CXzgalqkSwpSeqOwkDMvYxla2tzUb6p4k+9mVtq8wb5IHJ0s8/MGDU+skETdkz0ZyPO9W8Cv6C2PdIzLP9qmpHpvqdrwmRVsHjCTuKmtdIny7euNmOPMtNX6itmajWocGID/BfoNjY7bCifPt+mJBgVRk21IGhI8/89puVmAGedb16RKl//zW7XY19UpWgPfPpUrzB2CJPHkLLkmRRY+IFzp9iBqsBPFViNe/ww/lux4eKTI77RaB182Q80Nf+PV/8SH3JKXWFatrxPS2nuZ+hTeCXH+Q9dp/DaHmFkm3YyQt7+3UWF0YCVN5FAlt0c2DbNYCYLglMXYLNwe2P/UqAu69lPwca3SBx9fJmGg==$z1uPuQ8eH6/u4QWVr+fvog==
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f25eccf5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?render=explicit | 104.17.3.184 | 200 OK | 42 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?render=explicit IP104.17.3.184:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:54 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 876d4f1fae8e5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684 | 104.17.3.184 | 200 OK | 429 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size429 kB (429157 bytes) Hash1dae7dbcbb5978aabefcd73cc1d7493f 91dc44a7a44f113193180f19d067ae64b86fd4dc 20dc8e0d998747d69c94213476ec08f372245f466c08e08d4bf97d897e22a790
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f242b045684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tf00qniyit9edd.s3.us-west-1.amazonaws.com/ | 0.0.0.0 | | 0 B |
URL User Request GET tf00qniyit9edd.s3.us-west-1.amazonaws.com/ IP0.0.0.0:0
CertificateIssuerAmazon Subject*.s3-us-west-1.amazonaws.com FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal | 104.17.3.184 | 200 OK | 80 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal IP104.17.3.184:443
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hashd1a266fe190064da6b6752ad4a886614 213038cbd9d84ffbac5b42df2126ea579e438c19 5af2cc651a76880a2b1d8e022233185977423d7393a4393a92a355ec4d6dac76
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:54 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
document-policy: js-profiling
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
origin-agent-cluster: ?1
cross-origin-embedder-policy: require-corp
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f237a545684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij | 185.106.94.85 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij IP185.106.94.85:443 ASN#210644 Aeza International Ltd
Requested byhttps://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html CertificateIssuerLet's Encrypt Subjectarcanecelestials.com FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JttngXDj7tO3JXI0kLGJ8w==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:55 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: arwZ1FSHVFR2eEjkw5E2jUGmBac=
Access-Control-Allow-Origin: *
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 | 104.17.3.184 | 200 OK | 22 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22536), with no line terminators Hash85c62d9cca5040f641b32d1ef8eb1162 a195c6b6ce1e8128bfc7616854c18a021909c8ed 1805f3acc5ba10a029754352e1032a5eadf50b3d1485f9acff91ab62d4d11fe9
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e6e95b0bbf60687
Content-Length: 25981
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:56 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: v6xoBKjQgmiKY3Uab29uJDbjIqN76u9ymSHD7zZETo3uVQh8rd+i3vieFWPDObaq$AbVjrMq4ES/a3Jzug/ZGqw==
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f2f5e395684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|