Report - tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2

Report Overview

Submitted URL
tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
IP
52.219.192.42
ASN
#16509 AMAZON-02
Submitted
2024-04-19 13:41:18
Access
public
Website Title
Checking ...
Final URL
tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tf00qniyit9edd.s3.us-west-1.amazonaws.com	unknown	unknown	No data	No data	5.5 kB	75 kB	52.219.216.18
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-19	6.2 kB	675 kB	104.17.3.184
upload.wikimedia.org	2215	2003-03-16	2012-05-21	2024-04-19	1.1 kB	82 kB	185.15.59.240
pub-cb72f4af1674441897427b55eaf679a1.r2.dev	unknown	2022-08-23	2023-11-28	2024-03-25	1.0 kB	325 kB	104.18.2.35
arcanecelestials.com	unknown	unknown	No data	No data	7.5 kB	3.2 kB	185.106.94.85

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework
2024-04-19	medium	pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (45)

	URL	Size	First Seen	Last Seen
	tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html	598 B	2024-04-19	2024-04-19
Pretty URL tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html IP 3.5.162.108 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash 2ee987889e34c39cc66c324d43bc177c 7afdeab0b746936d7f31c08b2c9c961e17a69165 720392a12099db7b2a789dc8f449382f8117a9ad5c9b7cdb5093a0f5f73a48d3 Loading...

	pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js	162 kB	2024-02-20	2024-04-19
Pretty URL pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js IP 104.18.2.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 12:28:36 Last Seen2024-04-19 15:41:26 Times Seen49 Hash 99a8c60ed8fa39b9533a10013bd87904 c65f9f96a75d2174a99b04f0841ded4728926d9d acdb99f20b8b22ad7a901f81339fe4747b9b1532046e077e7a08d71c20d37dd6 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684	429 kB	2024-04-19	2024-04-19
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684 IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:26 Times Seen2 Hash 1dae7dbcbb5978aabefcd73cc1d7493f 91dc44a7a44f113193180f19d067ae64b86fd4dc 20dc8e0d998747d69c94213476ec08f372245f466c08e08d4bf97d897e22a790 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	42 kB	2024-04-18	2024-04-29
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 21:08:49 Last Seen2024-04-29 16:17:51 Times Seen2594 Hash f94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal	3.7 kB	2024-04-19	2024-04-19
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal IP 104.17.3.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash 11ac3168796f9df4e1f0ba0db4bd642f fa88f1325bf1aa28807dfa993256c7b518a0bc3f 00ee69fa9cdd2c7967b1d68b6026bd549f8d03e79543c630a7e3121d879a10ab Loading...

		Size	First Seen	Last Seen
	#1 Eval - f304de5138de1eb4698678f1432cd407	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash f304de5138de1eb4698678f1432cd407 5b426b99e0cd90e207fd15a3c779adcce69bc6ce 5b70089aa9dfad72b97856e8f0d5d2e3b4b71365344574376f0d21cdd704c29a Loading...

	#2 Eval - b5b3a2938b08b1fd8a8367431870376d	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash b5b3a2938b08b1fd8a8367431870376d 41fb27041ddc62a9350c9c77f812d4ee2124afa2 b9969ece67d382f53c95013e1ee0074f2b8778b40ef6a57f8e547dc271a9a6f1 Loading...

	#3 Eval - 9b886d3c73563b9e3a2ab5fcaf0f7eab	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash 9b886d3c73563b9e3a2ab5fcaf0f7eab 13d8ca61aa19557955b3ba8ceab3b904533d1a3e 1668c0a243a266b39fcf082b243b4132ab104b745be49108e3277b7ec63f8a92 Loading...

	#4 Eval - deffbec0fab5a81c020ada9776e5fa76	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash deffbec0fab5a81c020ada9776e5fa76 a1f2ffaefbb5ee0e7b19083ed81a16a3b400691f 3f3eaf0a0fd75c4d6cb6de2d5f31516f6ff0a2d0947b21ffd9aa04b4d09b3a40 Loading...

	#5 Eval - 6751ebd021c4550398c3e7a9583a1fc1	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash 6751ebd021c4550398c3e7a9583a1fc1 2c28290ccc24f603fae9ceec1785f55b81db1040 c597f6e8a85695be6e5d859e33955804cb5ef02fd74ebcf997aa0cffb2c9414a Loading...

	#6 Eval - 16d37bf09151e437f4c01e76b97075bd	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:24 Times Seen1 Hash 16d37bf09151e437f4c01e76b97075bd affc910e0a060f5c5cb73749a973e8f7d2716239 f1b9cdc83d8f466995b9fb41c95f6809042d6dbbb4ea97b51ef97e7964cca499 Loading...

	#7 Eval - c215a0e65f5138dfd3ef961daa9fb247	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:24 Last Seen2024-04-19 15:41:25 Times Seen1 Hash c215a0e65f5138dfd3ef961daa9fb247 4b69aaa6183c9a992145946d0b663bd4f0724b37 8d1ebce7ef0c32faf69172966d1a1a0d5c7ed0e57e0da11eb1f6e1bafdcbde85 Loading...

	#8 Eval - 246dc75cbc07fd464436ecf219c88f9c	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 246dc75cbc07fd464436ecf219c88f9c 3a8242d827508d5b0462feff70bfa7846fa0d891 0a601950e4635a8fcdb00035f1d8fad23257006ac16df1a94475e8b7afd825a7 Loading...

	#9 Eval - 95f4c0ba3c0f7ac26d9a50fff3b2deb6	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 95f4c0ba3c0f7ac26d9a50fff3b2deb6 c82ac74d1dc8b982ece87f0a2f82648ab4e0eba6 5cb9a2dbaafdb8b7539f8696d74f518e812f06069bbf57917d032a3aa8bf916a Loading...

	#10 Eval - 4a5ca6fdfc96a58ac07c20a1a52045d0	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 4a5ca6fdfc96a58ac07c20a1a52045d0 ccbad08bc23f9c3a97b90c2429dcecc8571111f1 bead1ab0c0f6660f61c91d1ec0578849a42255a90d9944cbcd7e49b1d4d6f78b Loading...

	#11 Eval - 656bdb78295a802a98a2614340d7ff0d	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 656bdb78295a802a98a2614340d7ff0d 874c0426e790652f47708780af081b2183f239f1 c37cbd30e933281c21e61d32750d68b2c2a9fd78ef874874dccc6a278f08e4ab Loading...

	#12 Eval - 5747be61cf80a45cda6493febe8740fc	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 5747be61cf80a45cda6493febe8740fc 3b38ad855d6e10f17b9393a3acd8b45e02a62e86 cce52fda6957096ec914eb5f7f70d657de851d46d23f21e892ba45520b002210 Loading...

	#13 Eval - d1cfcbd372c9cfe2f24ef9c6e76193c1	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash d1cfcbd372c9cfe2f24ef9c6e76193c1 ffa42acec6adaeb03759aa4b6464213325655719 5b4bb6fd03b3ff42c592eb8e3fa47342080680eed521d079ef65736669c8d360 Loading...

	#14 Eval - bca9eca16158c8b858a9c8ef9e3911b9	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash bca9eca16158c8b858a9c8ef9e3911b9 25e09a674451f0f1ecfb88ca6710c6a4fa7f1a7f df61356d38ad9948d5debcf7a2d4e44bb67e27207248674f89309d0c7a62c1ba Loading...

	#15 Eval - 4be9689295f8ea5fe4e9b08cd1a5d115	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 4be9689295f8ea5fe4e9b08cd1a5d115 b1716596ec8a2fc39a63478a155eeb1281f93a24 e113c5048e149f0037f482fc35b02cd4ce3b22d1014cb7942edb0866e9f9f677 Loading...

	#16 Eval - 6cef8971f3390acd463242b609fe3798	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 6cef8971f3390acd463242b609fe3798 d7a1eb0ef31d233b6a75bdb52a5c66c1f85fa2ab 1daa69ee6719ac48cbab1ee14934d75427b5985144f28e9327da4c44ac110aa5 Loading...

	#17 Eval - 7e309d6ee7f899b580ebd143cbd0e305	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 7e309d6ee7f899b580ebd143cbd0e305 f51bfc5f9efeb2ef2981404f7b946f145d5a1e5f 87ccf66716ef18ef7e095da9ff791ddd637ffc0e2e61cdb245526091c060fc62 Loading...

	#18 Eval - 2c158e9cf5527786f4d5dfdbea89fb20	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 2c158e9cf5527786f4d5dfdbea89fb20 cb00aeb517aaad91813dad3601b9f1c5feffbcb8 2648c8f11cb87e4bf2704c9f4aa71fb2e501634b0d3722c63cf2409178308d24 Loading...

	#19 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-02
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-02 23:51:20 Times Seen351210 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#20 Eval - 51bb24950a2bb8152a7fa1471ec30795	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 51bb24950a2bb8152a7fa1471ec30795 2e63723ec653bb003e34910dbd5e19d04a9957e3 97ec2937c9244a493337e0826eede9804e6abe1d0913e5deb8b057b650940ab8 Loading...

	#21 Eval - 5c9e06980248baf5b973c3d560fa0d3f	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 5c9e06980248baf5b973c3d560fa0d3f bbdadddf168199cd92c5efdfc99b79ec07882595 ce3a50ae925d5ad7980cb00297f6f70999aa99a6311fbead305ba7d1a660b1d8 Loading...

	#22 Eval - c7c3fb4446d2d43e842cf87e23bde3ae	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash c7c3fb4446d2d43e842cf87e23bde3ae c7912691e2fa50d0bd7594c85e5e4c4e14c58bbe 4ec9401665f92d96dd77ac0cdeaa76d1d1fcabcdedccf57abe4bb6f68fb0d69d Loading...

	#23 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#24 Eval - 3ede48f013712f4dc37b0690f1ca115b	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 3ede48f013712f4dc37b0690f1ca115b 004f66a5a629a6b7b8e1eb65bb80ee6ecd2f6cef 897975f980812061eb8b4d09b404fbdebae11d8c3697cedf63d68f83f5fd1a2b Loading...

	#25 Eval - ba0cd0715775b2acf133c2c447e9df83	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash ba0cd0715775b2acf133c2c447e9df83 f80a1ee0d44420fe5e3c3e3d66714128ebe1afac 06781b551e3791820a389adc18cd24ef6843afdb4c270caf26a7aaa456564314 Loading...

	#26 Eval - 304d6dd69f8c9b9bac784561897715d9	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 304d6dd69f8c9b9bac784561897715d9 a4d81fcb7048df1d47d6df8adbe637a761cadf58 9465d3127a39d7cb1045e03b430dd5b7a2d3ef77b60b0392a519966dacb14812 Loading...

	#27 Eval - e3dca3d9505f42c782f7ecc55c58c5b5	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash e3dca3d9505f42c782f7ecc55c58c5b5 28b1ff1a476cc0f59f663cc4bc8cb0ae259dddc5 b9dbea6d92156b40c9a6bef3bd5853e539628ba1345fa904ca67a3d8bd334242 Loading...

	#28 Eval - 0c9ade0fb31c3c6ecb211730783e0917	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 0c9ade0fb31c3c6ecb211730783e0917 c903042ad64f3d8d4c1d10632e769bcb6b655dc3 8432023a3c2721cc48a1908bf32f96b20ed1d32d382f20ac20b57e60013ef510 Loading...

	#29 Eval - 69402ce7ca3bde0da7d15b2fbf32fed5	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 69402ce7ca3bde0da7d15b2fbf32fed5 91cdc1505d12c36c44a9a29fe960fa5f73185bce 5ce3d94bf71374c503a00a80b3476a17182883917f23948dbeab2158264ef9d6 Loading...

	#30 Eval - 0dca26d28b37eecc456391c90ac19f1f	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 0dca26d28b37eecc456391c90ac19f1f 4dfa603fe7b1c04fc8158fe91b3a8a8a4352131a ff268227f3897db28071d6752893cf9b7f224dcbc6014b6e44420ccb7ef10e61 Loading...

	#31 Eval - 68270c55a6ac5a6d5a52a60a3d9458e1	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 68270c55a6ac5a6d5a52a60a3d9458e1 bcd39aabb40823a2d27812863fef710d8c542cfb a34e5bf23b4ac29eb81c4804d2456d8cf26a0ab510d8365b20ba8f418426ee52 Loading...

	#32 Eval - f544209caa1b0349cd983598e06daf4e	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash f544209caa1b0349cd983598e06daf4e e29d44fc4cda666d4fc2e6a0ef83f4fac8fe1173 47df6579508faa5ab68a9787dc761bda405367457f766ba4b81bec5a4df3a515 Loading...

	#33 Eval - 45ea47418fc1b937412d8b12585b9ea7	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 45ea47418fc1b937412d8b12585b9ea7 7573d99516710b33e10d06b6dabac1ccc925bd0f c76e44ad3a1ae349f49311a914cde51aa9aedded7fa2abb567e2570d670d2572 Loading...

	#34 Eval - 6368488d04b6b91a558397a637d26ac5	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 6368488d04b6b91a558397a637d26ac5 d50f94e890fda20596b6550d04404d4d48b8f68a 63237a8e04b9f0cb2cadc75e1e8ebf77d46e81b8f7a1cbe21724bc41763668c8 Loading...

	#35 Eval - 56e76dea7f730120c10d19112c350d06	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 56e76dea7f730120c10d19112c350d06 7b2bf92c998faa9623019e4a6bec3a9f075bea0e 08d3d62fdd265e8ce101ad872e23b816d596df2d9a4d72583dbf82a0ca16e6ad Loading...

	#36 Eval - 48f99c4872a6d60310d4b52aa809cc2e	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 48f99c4872a6d60310d4b52aa809cc2e 2b821d13e9b04651e137d40b68ef695819b7bda9 36f05a522e4ddfe87f8a2656d9e06272c57374c4e23e5575d73dba0334063240 Loading...

	#37 Eval - 32d347e505f7b463afaba4b09c68f86f	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 32d347e505f7b463afaba4b09c68f86f b6fa63ac23e43905c6dc11ac223e85b8b0d1bd04 73a5079b85f421665406a146f26d3d9b1da28ed5eb4297cb1815f9b789dda08a Loading...

	#38 Eval - 01331a502476b35bbd9c360c681583f6	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:25 Times Seen1 Hash 01331a502476b35bbd9c360c681583f6 e2fa6609bc6fd0ccc8b5a7920f7a71d462183d4b 7bc9c0e3492bec08b2f82fbba07d693d3481e70656890ca60bbc18244aa32708 Loading...

	#39 Eval - ab7b5dba556a5e9c88140fa7b0fb0492	28 B	2024-04-19	2024-04-19
Pretty Observations First Seen2024-04-19 15:41:25 Last Seen2024-04-19 15:41:26 Times Seen1 Hash ab7b5dba556a5e9c88140fa7b0fb0492 61fbd5701f2b21895b67c4c5647aecc44577f61c 051e09434a7752734aa43c8f2313a0488e02e1de216b77bcfff34dfdfe4b6e16 Loading...

		Size	First Seen	Last Seen
	#1 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07	2024-05-02
Pretty Observations First Seen2023-03-07 01:03:24 Last Seen2024-05-02 23:04:10 Times Seen44723 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

HTTP Transactions (32)

URL IP Response Size

tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2

52.219.216.18

36 kB

URL
tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
IP
52.219.216.18:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (3309)
Size
36 kB (36454 bytes)
Hash
d8284c232cd34e986ec575e00f8f7ab8
09830ebc7c405e998bbf127651b01266885b1feb
6a3116f71897d34ca6aee33cbe4d2360ed7323b15fe6c83679c93f5d094dfe4d

HTTP Headers

GET /uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2 HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: MLfLThPNZu95h3qMxoc6V0UBKxalDjyx7S1802Tk9vO8NR9rkar86YZvU0ORk8m22dnf8ZLQqXo=
x-amz-request-id: 2FWVFJ7CCSF8KBTQ
Date: Fri, 19 Apr 2024 13:40:53 GMT
Last-Modified: Fri, 19 Apr 2024 08:37:26 GMT
ETag: "d8284c232cd34e986ec575e00f8f7ab8"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 36454

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.17.3.184

302 Found

0 B

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 19 Apr 2024 13:40:52 GMT
content-length: 0
location: /turnstile/v0/b/471dc2adc340/api.js?render=explicit
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 876d4f14fee35691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208

185.15.59.240

200 OK

40 kB

URL GET HTTP/2
upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint48:3F:0C:71:F3:4A:E0:EA:30:D9:9B:D6:04:63:DC:DA:A8:F4:9D:FB
ValidityWed, 18 Oct 2023 00:00:00 GMT - Wed, 16 Oct 2024 23:59:59 GMT

File type
PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced
Size
40 kB (39856 bytes)
Hash
a0b27ae4e940fbf1ec6bdb72da4601e3
282ac84c78f76a9939f84b1ba76f87829d9091a7
292ca7b17e46e208aa117de746d64e4724e83b3d5ac9d70e2f841e2cc03eb94b

HTTP Headers

GET /wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-disposition: inline;filename*=UTF-8''Cloudflare_Logo.png
last-modified: Fri, 13 May 2022 07:55:33 GMT
content-length: 39856
date: Fri, 19 Apr 2024 06:27:51 GMT
server: envoy
etag: a0b27ae4e940fbf1ec6bdb72da4601e3
age: 25981
x-cache: cp3078 hit, cp3078 miss
x-cache-status: hit-local
server-timing: cache;desc="hit-local", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js

104.18.2.35

200 OK

162 kB

URL GET HTTP/1.1
pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
162 kB (162097 bytes)
Hash
99a8c60ed8fa39b9533a10013bd87904
c65f9f96a75d2174a99b04f0841ded4728926d9d
acdb99f20b8b22ad7a901f81339fe4747b9b1532046e077e7a08d71c20d37dd6

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /index-EdAE6GUO.js HTTP/1.1
Host: pub-cb72f4af1674441897427b55eaf679a1.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 13:40:52 GMT
Content-Type: text/javascript
Content-Length: 162097
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
ETag: "99a8c60ed8fa39b9533a10013bd87904"
Last-Modified: Thu, 15 Feb 2024 18:53:07 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
CF-RAY: 876d4f152fccb4ff-OSL

tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico

52.219.216.18

403 Forbidden

243 B

URL GET HTTP/1.1
tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico
IP
52.219.216.18:443
ASN
#16509 AMAZON-02

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerAmazon
Subject*.s3-us-west-1.amazonaws.com
FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E
ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT

File type
XML 1.0 document, ASCII text
Size
243 B (243 bytes)
Hash
2a60548bdb974bacdf5f250117847d34
cabaf6f23b8c55a4592a5decf6f80c9b8b188b88
66383fd9d97ffcf2c9a71cdba2cb52ba1355bd33d578d611dd40e6421724c7fd

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
x-amz-request-id: 2K6J9KHEVAX9AYQD
x-amz-id-2: TpRgt1kwCvh5go7XYryPCEzb7Sl096nArxlz7FpKE+mbgbNHXe97F9f0ZOTHjulvC2pkzLhm1OE=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Fri, 19 Apr 2024 13:40:52 GMT
Server: AmazonS3

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbggk

185.106.94.85

118 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbggk
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type
ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
0414e369ba1215ec9ad6b7e71bd5e385
2d95a0b2ab5a0d27befa4a23dd3e524e7464748f
f6a899a9b579fcafed6f47831c41b7da410fe1996182fd95ffa397da372454fd

HTTP Headers

GET /socket.io/?EIO=4&transport=polling&t=Oxsbggk HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 118
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmd&sid=dB4xWNlXRA9yAXO4AAih

185.106.94.85

2 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmd&sid=dB4xWNlXRA9yAXO4AAih
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /socket.io/?EIO=4&transport=polling&t=Oxsbgmd&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 2
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmj&sid=dB4xWNlXRA9yAXO4AAih

185.106.94.85

32 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgmj&sid=dB4xWNlXRA9yAXO4AAih
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type
ASCII text, with no line terminators
Size
32 B (32 bytes)
Hash
8699bc162e3c567beadd5d519ddf13e4
a1ecfd700e896aea0f2f89d3e734d75b9354019f
be1bce371e09015b9be1b8e6f759131847eae19b8a8cfdedbcb0b62cc90b2563

HTTP Headers

GET /socket.io/?EIO=4&transport=polling&t=Oxsbgmj&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 32
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgo4&sid=dB4xWNlXRA9yAXO4AAih

185.106.94.85

2 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgo4&sid=dB4xWNlXRA9yAXO4AAih
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /socket.io/?EIO=4&transport=polling&t=Oxsbgo4&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 775
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=dB4xWNlXRA9yAXO4AAih

185.106.94.85

0 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=dB4xWNlXRA9yAXO4AAih
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=4&transport=websocket&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GYjnYkJPdNWGiIEmB7HDCw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sQCq/LrstqDQ8d5hHflShX8ueEE=
Access-Control-Allow-Origin: *

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgox&sid=dB4xWNlXRA9yAXO4AAih

185.106.94.85

2 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgox&sid=dB4xWNlXRA9yAXO4AAih
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /socket.io/?EIO=4&transport=polling&t=Oxsbgox&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 164
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgn_&sid=dB4xWNlXRA9yAXO4AAih

185.106.94.85

32 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbgn_&sid=dB4xWNlXRA9yAXO4AAih
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type
ASCII text, with no line terminators
Size
32 B (32 bytes)
Hash
ffd400da2c89675eb925a5e4732401a1
32d0d30ddfbc6a2db88ddf8a607e34cdde16f5ec
5b06abe905f775fe5d3daf1b6497b07bd7a8ed2b5425c9de7e4f8554e755e596

HTTP Headers

GET /socket.io/?EIO=4&transport=polling&t=Oxsbgn_&sid=dB4xWNlXRA9yAXO4AAih HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:53 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 32
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.17.3.184

302 Found

0 B

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 19 Apr 2024 13:40:54 GMT
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/471dc2adc340/api.js?render=explicit
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 876d4f1f9e6e5684-OSL
alt-svc: h3=":443"; ma=86400

tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html

3.5.162.108

200 OK

36 kB

URL User Request GET HTTP/1.1
tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
IP
3.5.162.108:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.s3-us-west-1.amazonaws.com
FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E
ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3309)
Size
36 kB (36454 bytes)
Hash
d8284c232cd34e986ec575e00f8f7ab8
09830ebc7c405e998bbf127651b01266885b1feb
6a3116f71897d34ca6aee33cbe4d2360ed7323b15fe6c83679c93f5d094dfe4d

HTTP Headers

GET /uc.html HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: WDBatkpM6jBL+Zx26Vs7rVcg3Z8KoTiYoXghl48VOAJE56rHpjgENREbI2wYM1X/SNkwLwC5L2jsP6zabSZj1Q==
x-amz-request-id: TJ4VXJ9AN91N7S7H
Date: Fri, 19 Apr 2024 13:40:55 GMT
Last-Modified: Fri, 19 Apr 2024 08:37:26 GMT
ETag: "d8284c232cd34e986ec575e00f8f7ab8"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 36454

upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208

185.15.59.240

200 OK

40 kB

URL GET HTTP/2
upload.wikimedia.org/wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint48:3F:0C:71:F3:4A:E0:EA:30:D9:9B:D6:04:63:DC:DA:A8:F4:9D:FB
ValidityWed, 18 Oct 2023 00:00:00 GMT - Wed, 16 Oct 2024 23:59:59 GMT

File type
PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced
Size
40 kB (39856 bytes)
Hash
a0b27ae4e940fbf1ec6bdb72da4601e3
282ac84c78f76a9939f84b1ba76f87829d9091a7
292ca7b17e46e208aa117de746d64e4724e83b3d5ac9d70e2f841e2cc03eb94b

HTTP Headers

GET /wikipedia/commons/thumb/9/94/Cloudflare_Logo.png/1200px-Cloudflare_Logo.png?20211125225208 HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-disposition: inline;filename*=UTF-8''Cloudflare_Logo.png
last-modified: Fri, 13 May 2022 07:55:33 GMT
content-length: 39856
date: Fri, 19 Apr 2024 06:27:51 GMT
server: envoy
etag: a0b27ae4e940fbf1ec6bdb72da4601e3
age: 25982
x-cache: cp3078 hit, cp3078 hit/1
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js

104.18.2.35

200 OK

162 kB

URL GET HTTP/1.1
pub-cb72f4af1674441897427b55eaf679a1.r2.dev/index-EdAE6GUO.js
IP
104.18.2.35:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerLet's Encrypt
Subject*.r2.dev
Fingerprint48:74:F0:98:E0:A1:57:3E:86:18:BF:B3:DC:C9:7A:5B:53:50:FE:E0
ValidityFri, 05 Apr 2024 15:25:24 GMT - Thu, 04 Jul 2024 15:25:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
162 kB (162097 bytes)
Hash
99a8c60ed8fa39b9533a10013bd87904
c65f9f96a75d2174a99b04f0841ded4728926d9d
acdb99f20b8b22ad7a901f81339fe4747b9b1532046e077e7a08d71c20d37dd6

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /index-EdAE6GUO.js HTTP/1.1
Host: pub-cb72f4af1674441897427b55eaf679a1.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/javascript
Content-Length: 162097
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
ETag: "99a8c60ed8fa39b9533a10013bd87904"
Last-Modified: Thu, 15 Feb 2024 18:53:07 GMT
Vary: Origin, Accept-Encoding
Server: cloudflare
CF-RAY: 876d4f206a61b4ff-OSL

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh6p

185.106.94.85

200 OK

118 B

URL GET HTTP/1.1
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh6p
IP
185.106.94.85:443
ASN
#210644 Aeza International Ltd

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerLet's Encrypt
Subjectarcanecelestials.com
FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D
ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT

File type
ASCII text, with no line terminators
Size
118 B (118 bytes)
Hash
0881e531c418f0566c72577f2fe7dc97
db1a9d3166d8efe4cb4bc07cbd5422cd77a61b35
5b9e29605720ce510310cf05b474adfcf3a7adab4317c57856ee09b0f34d2d2f

HTTP Headers

GET /socket.io/?EIO=4&transport=polling&t=Oxsbh6p HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 118
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7c&sid=yAZclQD8ruy0kHEIAAij

185.106.94.85

200 OK

2 B

URL POST HTTP/1.1
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7c&sid=yAZclQD8ruy0kHEIAAij
IP
185.106.94.85:443
ASN
#210644 Aeza International Ltd

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerLet's Encrypt
Subjectarcanecelestials.com
FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D
ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /socket.io/?EIO=4&transport=polling&t=Oxsbh7c&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 2
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/html
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7f&sid=yAZclQD8ruy0kHEIAAij

185.106.94.85

200 OK

32 B

URL GET HTTP/1.1
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh7f&sid=yAZclQD8ruy0kHEIAAij
IP
185.106.94.85:443
ASN
#210644 Aeza International Ltd

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerLet's Encrypt
Subjectarcanecelestials.com
FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D
ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT

File type
ASCII text, with no line terminators
Size
32 B (32 bytes)
Hash
e3d133a38cf784134553701e8d7d2827
e4b1af7db2f49e88bb590061beedd1ef01f18393
1705025b55c69e2ab184c5dcf2956fd3907dee623a0e66f07cb1363b282edf0f

HTTP Headers

GET /socket.io/?EIO=4&transport=polling&t=Oxsbh7f&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:54 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 32
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij

185.106.94.85

0 B

URL
arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij
IP
185.106.94.85:0
ASN
#210644 Aeza International Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JttngXDj7tO3JXI0kLGJ8w==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:55 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: arwZ1FSHVFR2eEjkw5E2jUGmBac=
Access-Control-Allow-Origin: *

tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico

3.5.162.108

403 Forbidden

255 B

URL GET HTTP/1.1
tf00qniyit9edd.s3.us-west-1.amazonaws.com/favicon.ico
IP
3.5.162.108:443
ASN
#16509 AMAZON-02

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerAmazon
Subject*.s3-us-west-1.amazonaws.com
FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E
ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT

File type
XML 1.0 document, ASCII text
Size
255 B (255 bytes)
Hash
b2a75fdce3d43bde10754d1615d2ff99
202e08837d5f581bf619d0622d277752dda65844
e0e545f73daa18ef8f0dbcb2136602485abc75c25e62eeb69151edb5b3ef9768

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
x-amz-request-id: TJ4Q6F62Y204RT4G
x-amz-id-2: zUJ1FUYmzlzYakgybaetUzGGXSmUJ8ScD9H5Qe9IHia/0CUY/fjPO+RNBgbHtRDl8wmCbFNf6TZr5qyMi9oH7g==
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Fri, 19 Apr 2024 13:40:54 GMT
Server: AmazonS3

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 876d4f242b005684-OSL
alt-svc: h3=":443"; ma=86400

arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh8N&sid=yAZclQD8ruy0kHEIAAij

185.106.94.85

200 OK

1 B

URL GET HTTP/1.1
arcanecelestials.com/socket.io/?EIO=4&transport=polling&t=Oxsbh8N&sid=yAZclQD8ruy0kHEIAAij
IP
185.106.94.85:443
ASN
#210644 Aeza International Ltd

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerLet's Encrypt
Subjectarcanecelestials.com
FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D
ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
1679091c5a880faf6fb5e6087eb1b2dc
c1dfd96eea8cc2b62785275bca38ac261256e278
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

HTTP Headers

GET /socket.io/?EIO=4&transport=polling&t=Oxsbh8N&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:55 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 1
Connection: keep-alive
Access-Control-Allow-Origin: *
cache-control: no-store

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/876d4f237a545684/1713534055364/3889fa14ab1472114cd83aca67090178c1d4248008a92cd2aed663ebdd4081cf/1tD_u-TRcixgq5Z

104.17.3.184

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/876d4f237a545684/1713534055364/3889fa14ab1472114cd83aca67090178c1d4248008a92cd2aed663ebdd4081cf/1tD_u-TRcixgq5Z
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/876d4f237a545684/1713534055364/3889fa14ab1472114cd83aca67090178c1d4248008a92cd2aed663ebdd4081cf/1tD_u-TRcixgq5Z HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gOIn6FKsUchFM2DrKZwkBeMHUJIAIqSzSrtZj691Agc8AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArny_u1wyrVg8e-Kmwxyfb2WoiwwZ2VR7QAnot_CrcySq56Rui-jZM9090K9_dW6HmpAKhOjYXLCJ7g4U74G4z6SRM_YRj-GLp3EaBxay798DZIeAtv_N7Z9CHI_0VTYiqNXVm2z1bF5VtFasnv3JDaWb4yIjBd8vMfNUM4Y4nXXIeMIyXdVK2hlzVO8VxBkXca7UzhCq51WDKlSYPWUy9ieZTdwNf5Q49DwdF9woTnuKPY26TxVlEHMcf8JJiXLUR2bbdG-Qv1fqbwQloSjintj5uXWLsZd84bMpNedRNJBV22T0PgKNeip6oalvdYbaiHiyDATsKlA6-8KJ-CUQTQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIDiJ-hSrFHIRTNg6ymcJAXjB1CSACKks0q7WY-vdQIHPABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 876d4f29383b5684-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876d4f237a545684/1713534055366/BKRmzrdQm-ms8MO

104.17.3.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876d4f237a545684/1713534055366/BKRmzrdQm-ms8MO
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 39 x 66, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
b7a8a290e180d94065ac3599e54846ef
93e0439e0be3387eba3a68c4d1779954d9b7b6cc
f3b97babca2ab165b3caad2cb64ac30b25089c9d1ec1dae6a7773daf3d5697ac

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/876d4f237a545684/1713534055366/BKRmzrdQm-ms8MO HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:56 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 876d4f2d8c5e5684-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687

104.17.3.184

200 OK

95 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
95 kB (94944 bytes)
Hash
61b95e0dbef7aba4dd2c4ba888ffb84a
dcf4347b159cca6a2dae97f4a03c68697a27f442
6270c807ae06d690891ecb78ab65cb425d5b0cd7f5de8ca4fa88e2536b1c974a

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e6e95b0bbf60687
Content-Length: 2734
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: m8i145sujVP6YROJJgbY9Q885GxNTYI3rqVNEreNyhRmy1CXzgalqkSwpSeqOwkDMvYxla2tzUb6p4k+9mVtq8wb5IHJ0s8/MGDU+skETdkz0ZyPO9W8Cv6C2PdIzLP9qmpHpvqdrwmRVsHjCTuKmtdIny7euNmOPMtNX6itmajWocGID/BfoNjY7bCifPt+mJBgVRk21IGhI8/89puVmAGedb16RKl//zW7XY19UpWgPfPpUrzB2CJPHkLLkmRRY+IFzp9iBqsBPFViNe/ww/lux4eKTI77RaB182Q80Nf+PV/8SH3JKXWFatrxPS2nuZ+hTeCXH+Q9dp/DaHmFkm3YyQt7+3UWF0YCVN5FAlt0c2DbNYCYLglMXYLNwe2P/UqAu69lPwca3SBx9fJmGg==$z1uPuQ8eH6/u4QWVr+fvog==
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f25eccf5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?render=explicit

104.17.3.184

200 OK

42 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?render=explicit
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42414)
Size
42 kB (42415 bytes)
Hash
f94a2211ce789a95a7c67e8c660d63e8
f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f
926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b

HTTP Headers

GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:54 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 876d4f1fae8e5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684

104.17.3.184

200 OK

429 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
429 kB (429157 bytes)
Hash
1dae7dbcbb5978aabefcd73cc1d7493f
91dc44a7a44f113193180f19d067ae64b86fd4dc
20dc8e0d998747d69c94213476ec08f372245f466c08e08d4bf97d897e22a790

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876d4f237a545684 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:55 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f242b045684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tf00qniyit9edd.s3.us-west-1.amazonaws.com/

0.0.0.0

0 B

URL User Request GET
tf00qniyit9edd.s3.us-west-1.amazonaws.com/
IP
0.0.0.0:0
ASN
#0

Certificate
IssuerAmazon
Subject*.s3-us-west-1.amazonaws.com
FingerprintFF:07:D4:DF:45:8F:23:FF:A9:06:D1:CA:1A:06:27:FA:FB:03:7A:3E
ValidityFri, 24 Nov 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: tf00qniyit9edd.s3.us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html?bId=1&targetId=38F17CDA17F64C5EB24E86575CC7C11A&cfToken=0.j_Rn8SnQ6CHwlcA9OzcT8IR2GaFyKvKjvIZ8JYpQHHrDZudsLRulWWtlH2tMPYU5L6-aBbWK-nxI7DSgAHVto_NP13UrPuVQrEuvmE-tyJmtM0A6Ocu4oc4ycKcvI2Yqk7XqvYGg2J-Ho7LS-Moif695GDU7nXlTcCa0I7hzjxmsKmtdcRx-Jm17TJDrByg_fkpk5EFCt_9Au-PeifEd9jE2MXDzCqE3yILCDnCneU7aBqyTD6bvKgH6iS0KwII0F7496XdXPEar6U5KtiA697JcbZUp_bb4mlsyx-iM9r7O6s6uuzRGT6MCF1xir3CUrDbG4AcjqRRsZhHd9omWsq7otaWKF0oXzeg2pR7RkepAcZeD9SGrXUL3BUZjX1iAqeaDfbhslxTBf02Zyad_jvs7x822SFS3kmhSaCjasV6j5hVK9WiTlcx8naMJBWZUdpHLOjag6SbknkV4vcGNk3AeX1L3_7mxvOsmceNoWgNMt2QTQfu8eAPntLtfkfl7.t4Rg0t6tIFZctPVQOk0WSw.67de1707144c85b59c27b79570f0598b47a7792cd80df1da0dc8045a5a7bc161&idempotencyKey=78c05dd2-03cd-4047-b6ce-e5658f705ac2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal

104.17.3.184

200 OK

80 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (41702)
Size
80 kB (80142 bytes)
Hash
d1a266fe190064da6b6752ad4a886614
213038cbd9d84ffbac5b42df2126ea579e438c19
5af2cc651a76880a2b1d8e022233185977423d7393a4393a92a355ec4d6dac76

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:54 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
document-policy: js-profiling
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
origin-agent-cluster: ?1
cross-origin-embedder-policy: require-corp
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f237a545684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij

185.106.94.85

101 Switching Protocols

0 B

URL GET HTTP/1.1
arcanecelestials.com/socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij
IP
185.106.94.85:443
ASN
#210644 Aeza International Ltd

Requested by
https://tf00qniyit9edd.s3.us-west-1.amazonaws.com/uc.html
Certificate
IssuerLet's Encrypt
Subjectarcanecelestials.com
FingerprintA9:72:FB:E5:52:F6:DE:85:5D:1E:F1:69:AC:0B:B6:CA:93:98:E4:6D
ValidityThu, 18 Apr 2024 09:19:00 GMT - Wed, 17 Jul 2024 09:18:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socket.io/?EIO=4&transport=websocket&sid=yAZclQD8ruy0kHEIAAij HTTP/1.1
Host: arcanecelestials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tf00qniyit9edd.s3.us-west-1.amazonaws.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JttngXDj7tO3JXI0kLGJ8w==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 13:40:55 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: arwZ1FSHVFR2eEjkw5E2jUGmBac=
Access-Control-Allow-Origin: *

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687

104.17.3.184

200 OK

22 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687
IP
104.17.3.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22536), with no line terminators
Size
22 kB (22536 bytes)
Hash
85c62d9cca5040f641b32d1ef8eb1162
a195c6b6ce1e8128bfc7616854c18a021909c8ed
1805f3acc5ba10a029754352e1032a5eadf50b3d1485f9acff91ab62d4d11fe9

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/823536233:1713532856:Cw9Wh2_BKFy9CWN970LSaBZKNc-zZoq5VnI_K8noYuw/876d4f237a545684/e6e95b0bbf60687 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/x878v/0x4AAAAAAAXfz5cXCad3M5bH/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e6e95b0bbf60687
Content-Length: 25981
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 13:40:56 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: v6xoBKjQgmiKY3Uab29uJDbjIqN76u9ymSHD7zZETo3uVQh8rd+i3vieFWPDObaq$AbVjrMq4ES/a3Jzug/ZGqw==
vary: accept-encoding
server: cloudflare
cf-ray: 876d4f2f5e395684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (45)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations