Report - alcojoldwograpciw.shop/api4

Report Overview

Submitted URL
alcojoldwograpciw.shop/api4
IP
104.21.48.243
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 23:25:31
Access
public
Website Title
Ошибка
Final URL
alcojoldwograpciw.shop/api4
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
64

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
alcojoldwograpciw.shop	unknown	2024-04-12	2024-04-13	2024-04-14	5.2 kB	187 kB	172.67.157.23
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-25	2.1 kB	31 kB	104.17.3.184
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-25	451 B	90 kB	151.101.130.137
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-25	907 B	23 kB	151.101.193.229
unpkg.com	11693	2016-01-06	2016-01-08	2024-04-25	2.3 kB	251 kB	104.17.247.203

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 23:25:05	high	Client IP	104.21.48.243	ET MALWARE Observed Lumma Stealer Related Domain (alcojoldwograpciw .shop in TLS SNI)
2024-04-25 23:25:06	high	Client IP	172.67.157.23	ThreatFox botnet C2 traffic (url - confidence level: 100%)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed
2024-04-25	medium	alcojoldwograpciw.shop	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer
2024-04-20	medium	alcojoldwograpciw.shop	Lumma Stealer

JavaScript (33)

	URL	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js	51 kB	2024-03-03	2024-05-03
Pretty URL cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-03 17:02:32 Last Seen2024-05-03 13:51:59 Times Seen30 Hash cb0a959ac3d7a23dd8271f8438671211 8bc8a58a48d6f529e6b58e235b47d92dc61a0e2d 28d785eb15b9a3fb56d6869ee57952e0908d003a0cf911eaae7a14a8bea9bc76 Loading...

	code.jquery.com/jquery-3.6.0.min.js	90 kB	2023-03-07	2024-05-05
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-05 10:41:27 Times Seen266045 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	unpkg.com/@tabler/core@1.0.0-beta10/dist/js/tabler.min.js	143 kB	2023-04-05	2024-05-03
Pretty URL unpkg.com/@tabler/core@1.0.0-beta10/dist/js/tabler.min.js IP 104.17.247.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 11:01:39 Last Seen2024-05-03 13:51:56 Times Seen100 Hash 6b8c7ed1789f82fae27c6d0ea68eb5a9 2c7919d960617e0afe6cf9611e26fec4303d85fa 71f241ae336a94269629238402a78d26fdf16cb78911f9dab2e43753f94bdca8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c4cbfd28b84a059f76944be9d8a3cf2c	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash c4cbfd28b84a059f76944be9d8a3cf2c 35b50366b7a51b9756b58d121d9c622058c73e76 4740510f49ff0e1ef58f0605e927c2aaaf4ed0286bd775d77834c9338cf29e33 Loading...

	#2 Eval - 59fe92739678813b2eff603fbfd4c254	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 59fe92739678813b2eff603fbfd4c254 343784f578fa1a305b726c76f77b97263df3b4a1 f5a504150ba6f8360376a865f4956541041800ae8d12a685b32327df935f0f22 Loading...

	#3 Eval - 6bd68e0d4fdf9428a2f784536aa31793	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 6bd68e0d4fdf9428a2f784536aa31793 12698602d92f46049c6caf7061241c9e486a8b82 0c8f6f13c26746098d11ae67ac9b17e59dbd10aa00b3a23f0ff73c2bf9eb401e Loading...

	#4 Eval - fe918d97722d7ff0106f540e145dab12	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash fe918d97722d7ff0106f540e145dab12 80284f40ea75174c8a617436ac86574b348a9d53 64ae3bb7015262994bd7c3236aa715f4d05baac5eb55346d349767c5e8857132 Loading...

	#5 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#6 Eval - 805a9b95084b5b8e498980ead69003e3	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 805a9b95084b5b8e498980ead69003e3 c3198180fdc02f42a7adb89abc4a9858d82305ad d622c927c27c057d7d5936c49cd47932141e12c46c985e3bbbc291fecde860fa Loading...

	#7 Eval - f28c848f165238984008059f987e9d7b	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash f28c848f165238984008059f987e9d7b ad9c3824cd6e38179a5b7e65a164c269e3a92d6e 58a65ace8aa45d86051729864e7cee2da6a6851ab759484157a4bea3bdf1b415 Loading...

	#8 Eval - fe6655b3d4b5b1e33502e8e4bdbeca21	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash fe6655b3d4b5b1e33502e8e4bdbeca21 4370161c832b04175b689290790d530568e23378 29252384bb9faf7e0f1675ea7846e0ca77034fc1a367d177b8a0e4c9896ff7c6 Loading...

	#9 Eval - 0393398164befcb8c7fa2444c298662b	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 0393398164befcb8c7fa2444c298662b 598934195bf4b79a4f03b9090bd98e4f913730f2 eaed14009646b9f8ec370e39890f3789856c4a04bc6ab5b7bece19eb281fdb29 Loading...

	#10 Eval - 02c2c40de1305cfce68ce9b73f94295a	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 02c2c40de1305cfce68ce9b73f94295a 32c6f0ca7d848cba2c138f573b1f4753a5369f19 5543321e916f4c22f39d5cf6c06f53223333376d033650f7a8ecd885f31a25c6 Loading...

	#11 Eval - 30f5b95b29225076e142c60267bc4442	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 30f5b95b29225076e142c60267bc4442 f88e057d8d85cf406cb234b2d39f52e00f14d770 de08a4828c556f51c9643133a0d5d0f15f4eb629ec68a7998099d67f95e31560 Loading...

	#12 Eval - 1b2dfd1e5ac9f488b1929899f03f93b9	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 1b2dfd1e5ac9f488b1929899f03f93b9 67092ca92ea841e332cfaab943f9d54244d2f921 dff798ccd12d20e046874d1c0e2149f96f3a70f71e6808337e912b19d6e4ef7d Loading...

	#13 Eval - 2117e087423a88bcfbd65236582a1e94	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 2117e087423a88bcfbd65236582a1e94 b50fa747e0270de4cc426314344d1ac6670a678e f8283e23aa973a1c487f1f1499f69555f4ef858a464b0aded14410dfc0197154 Loading...

	#14 Eval - 6abfdcca21b6be1556e0158297bc3040	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 6abfdcca21b6be1556e0158297bc3040 7c5144dca7ab6ea71595c98a24a80163adbcd11b 2dcdd1fdc8303305f468cdce3ccd5d51ef293ed2ec05520e056078ef79c99c1e Loading...

	#15 Eval - 894bf57f373bdc85ca19c10467a30194	528 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 894bf57f373bdc85ca19c10467a30194 c96c1a02dbae63897fed5b539a594b7696eb0b40 56c410e67289fbe7a2f3089b60a0155782ab9eae238cdf37b92830c67b84e5c6 Loading...

	#16 Eval - ad82d8831cad3d877969505d8777959c	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash ad82d8831cad3d877969505d8777959c cf7ed14e8885bde3abbfaff85c3839360aabed26 d68a60370b1dc852b706e673fed3fe103c9cbd6156808e345a73e9cf17b0913f Loading...

	#17 Eval - cda8232de5b75e8159bbcd1b7a15d17e	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash cda8232de5b75e8159bbcd1b7a15d17e c547ec95d090ae4de09a37291d7097544fca5ffb 24bfa2f32e26498d9815ab92e1362cd3da411e9d9e0c56d4645c0a4f4bae82b3 Loading...

	#18 Eval - 2abb2318833216b9de7790611035fa72	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 2abb2318833216b9de7790611035fa72 9ea34d8b02c3bf805d9fad1a234ae6bae0b4e300 bde118114c79c68055aac7aa0c0b8d20558aefe92d2eb136618e35db1d85d9d1 Loading...

	#19 Eval - 04b9f4e68e63424915136f4a7e145ee5	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:32 Last Seen2024-04-26 01:25:32 Times Seen1 Hash 04b9f4e68e63424915136f4a7e145ee5 8d44d3091ea204afd3924059a1c3615a19399538 988741596cf5dfb879e733cb193e0cfc0f706487f5445aba791bd8ba4de68730 Loading...

	#20 Eval - 65c9d54ef4b1cb22cffa2ab6c42ccf42	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash 65c9d54ef4b1cb22cffa2ab6c42ccf42 3d3361024c8395e2c042d8a6d3f1098f3f34da9a 5f8cc351a16e62ad8aa93206898259723f3e3a28175d66a800d833f15ef961a9 Loading...

	#21 Eval - da179cdb8b57824cb2e212b7c3ca380b	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash da179cdb8b57824cb2e212b7c3ca380b ddcb6fd6e6e793166a05b2d07ec4e64d3979a4eb d5862d47e32de3d40392f6aeba82b80bf6bd6aebba8dcc3b3834452571cd065a Loading...

	#22 Eval - f7a5a9222a60520d8d8e4026a26f9965	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash f7a5a9222a60520d8d8e4026a26f9965 1bdd6fd38e5fc7b95800ef0514fc2cd2ca7da5f3 1513a230c464b0937730e945b95aeff5fb075e1619b31af83a6f319425ac5bd5 Loading...

	#23 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-05
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-05 10:11:28 Times Seen351496 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#24 Eval - 056123e57eb48e512dc0eca75070c9d8	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash 056123e57eb48e512dc0eca75070c9d8 7f39a88158685dc561b6d6f690a302e34ff7a7c7 6517616b67b376cfbb30ffedae56fc77082188a17a62b1eb78467e13e96a612d Loading...

	#25 Eval - ae2d9529c87193771b7177f7d70437b6	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash ae2d9529c87193771b7177f7d70437b6 a15cb64be7985c69e476b86d654ff4b3e4ae20c2 3d70fcb3976b1d25a2c1fb0cd808b3e4018de4abe95e18a77298d6727ded7107 Loading...

	#26 Eval - 8b6732a3b3e614abbdab52d17cb32e84	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash 8b6732a3b3e614abbdab52d17cb32e84 e541784fe61bb62690504daa7cf73e8b06d4c0de 42fa90519d23a8fd607f38e5cef171936228d885995841a015a4800f0cfb158e Loading...

	#27 Eval - 850b0171d5dfc1f1bdb537973b611b5e	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash 850b0171d5dfc1f1bdb537973b611b5e 4d765fa26a41936c39bf93154f40a72d17f6fad6 97fa75af205f870cab7d4c29b64f3d6a54572d2d34e7686bdc7fb1772a3eb713 Loading...

	#28 Eval - 08d14718c3895c759efa1132d6019e89	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash 08d14718c3895c759efa1132d6019e89 f0141c66b84b561d72a5f4a108db0684454c5bf4 724773afb97cf163062917471dd11f0bee5a8119b3574f7cc3a7e6e2cede0fa4 Loading...

	#29 Eval - c4a7217d632b3e0cc327828a342b5643	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash c4a7217d632b3e0cc327828a342b5643 c2510b4e2929774057aedbf9f5f485adcd7e104c 1b7cc3dd44c9d7325f0a4bf80847ec02860cd9da04e058dd72f72f03066c2d97 Loading...

	#30 Eval - e8b8f661c6c3871060a17b6c1d23dc0a	28 B	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:25:33 Last Seen2024-04-26 01:25:33 Times Seen1 Hash e8b8f661c6c3871060a17b6c1d23dc0a a590caa221ebf06ac538b9d42792c1bec3502976 a00771c347e05bcf561fdbd2e15a4a7ae71f659d0301b75db81c20e17eec6dcc Loading...

HTTP Transactions (22)

URL IP Response Size

alcojoldwograpciw.shop/api4

172.67.157.23

200 OK

5.9 kB

URL User Request POST HTTP/1.1
alcojoldwograpciw.shop/api4
IP
172.67.157.23:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14391), with no line terminators
Size
5.9 kB (5860 bytes)
Hash
b45a350243f5e2688667223f2aeb14f2
5f8d798d53b60ea2d567a4460eb43b728433837c
d2ec1b38bb6bb128360492b1cff68de7722095c2e96b06cc8daf383cda383b5f

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

GET /api4 HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 23:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ntbY9Ltu26ynHyybyIbQBMpWt+F1IMfQ71ZGkcSGY6Z75DGYXCV9yRiRN1aE9FLNvxdqt/5Kjy1+MqQePCOAIZUgkhAlvbs7jXd/A44jBLrkklSaBybjobMxutGPSujKa7877oIwytF//G42MsJfKw==$dz7UweUVB8eTX0GjKBIRhQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVHc3TH4SesO5yHfgLogIa4zIISOChC%2FY1EPomzdZJiFs273r7WRhn9BDGiS%2FkGYo8anOaWcjARJTco%2FdTOnaD%2BZoR0lulbV8ZgQHMUcfimJ8G%2FV4nyL7lOojlJfKd%2FKV6c4Er4NyfPv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a217207c5fb529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a217207c5fb529

104.21.48.243

114 kB

URL
alcojoldwograpciw.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a217207c5fb529
IP
104.21.48.243:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
114 kB (113560 bytes)
Hash
10e37cf30c1f6438ad3ac2cfbe038d84
7253e1e668f360a6a97eb4712b09b70f6a5b5a0e
f9bc5ed9738d56b11598427058a0c1503dbf0fd891fb7231fd4f95841462e0c1

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a217207c5fb529 HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://alcojoldwograpciw.shop/api4?__cf_chl_rt_tk=_0lHpU14P6LsfqYGWjcEd5v96wkzNmjFbOcSu0u_dAs-1714087506-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 23:25:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DGk7OT7mcPsmHbe%2BdJx9qBMVT2vcWgysDIIcYz4g15%2FzAVuCigimgHljPSItPMLrWFg8QU46JGvkWEHKAyHhVYATIBjuJHtEOk9iD6ill%2BM641%2FlgStoYAkKJcrlZxjmX536buKYa1%2BD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a217215a09568b-OSL
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/favicon.ico

104.21.48.243

403 Forbidden

5.9 kB

URL GET HTTP/1.1
alcojoldwograpciw.shop/favicon.ico
IP
104.21.48.243:80
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4

File type
HTML document, ASCII text, with very long lines (14484), with no line terminators
Size
5.9 kB (5922 bytes)
Hash
70e4b9442d89bac31eac3682dc17f3f9
64d438e81a18870e1ba3a36ae167bbaaeb855c55
fe518282b12ca8ab20e0fa1d02100b2a79f22868f812a3e5e41b0067db081604

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://alcojoldwograpciw.shop/api4?__cf_chl_rt_tk=_0lHpU14P6LsfqYGWjcEd5v96wkzNmjFbOcSu0u_dAs-1714087506-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 23:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: xHAC9Z+WBQqW7AJID5rdF80MEamlIznGV25pHe/M06BfpugQ+A5B7Qx+fRqeEedF3HESuCRMDKKGrt3/AYetUyBeVpFR35Krw7x0Leq1Cn9Mc+WUI25nhVtefa7aLfyJ/wjoA18w0HFntFIl0g0/tA==$6qiZDP5M3H9Yi22JvnBA8A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHtcO1ONED3GfRYPgExpAC7eLQr%2FYhTrzQespO4sAViHYcnXJj4sKopd%2Fo3r3qxq4RoafnyuQBHpA7Bc73AdMDfVXf9noei7sN8kUb%2B%2BWIxHuv3HPSaKglBza2JeWCtjDZ2%2Fa%2BGUbxqQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a217219a1b568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/favicon.ico

104.21.48.243

403 Forbidden

5.9 kB

URL GET HTTP/1.1
alcojoldwograpciw.shop/favicon.ico
IP
104.21.48.243:80
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4

File type
HTML document, ASCII text, with very long lines (14398), with no line terminators
Size
5.9 kB (5859 bytes)
Hash
33a0a2b0e981b38b9bcf117398fccc40
88214df75b88c8cdea899411acc20cf09031976d
09992ab8566dbd30007edf94aef91a7fffb6e0edab1c2feffea19a48d3dbe7b5

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://alcojoldwograpciw.shop/api4
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 23:25:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: X6z8FJLM69fca0N4f1ui8UjUdngBDKzzactpLQ3gPzj0RmFoHcG0aStS0QNdjHYoFCUPAYGnbZg1fO/Dy3bC2VxX5ubl7q3/IOKoAvryX2Vd0VseZBrtb/XgSsgDFZsHqjnTg6IlJzmX0oOm/3289Q==$hcHMrVc6/Qqmr2BsEK6HJA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GPWnVIF5aV5BJlt4Af1USlcVi9gqriLcmFhtNkvBUNMtqbaoHk%2Frr5cl1gKOsrVtshgG1ejzlhdiRQKdxdK7%2BXdb1wCZYwULkCRFiV1toJ48EUq3rCj8UdvKDrEhm0XnL0MOGJQ%2FuK0d"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a217220f54b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/959027168:1714084022:JnFnQDZ7bTCe89yjn0QOIzLzKFtPTr8FQHbR4U7gaI8/87a217207c5fb529/468875e46a633c6

104.21.48.243

12 kB

URL
alcojoldwograpciw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/959027168:1714084022:JnFnQDZ7bTCe89yjn0QOIzLzKFtPTr8FQHbR4U7gaI8/87a217207c5fb529/468875e46a633c6
IP
104.21.48.243:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (15984), with no line terminators
Size
12 kB (12159 bytes)
Hash
88c53db713ceb7706ab4cd15837e41ab
606e6f27d09be3afb4969322f4660ba2584a2686
b8b609d9ff143047f6dd3854bf29faa19bf8313a996846b3a3051e48409a39b3

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/959027168:1714084022:JnFnQDZ7bTCe89yjn0QOIzLzKFtPTr8FQHbR4U7gaI8/87a217207c5fb529/468875e46a633c6 HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://alcojoldwograpciw.shop/api4
Content-type: application/x-www-form-urlencoded
CF-Challenge: 468875e46a633c6
Content-Length: 1870
Origin: http://alcojoldwograpciw.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 23:25:06 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: ecwbXbq0F+NRSTeEQzVbRqjkSlyekstELkJi4l7R1oDa4uCd2HOvU9CbMbxIYKVS$TZcBH0vy1wXzMjrjDqvqOA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CuPdm33RxRYRZbebS6bOO39s2oziZ1Ddq0rrDpMAR4gT%2Ffi%2F2W82i7Hi5k0CeW9OaMYVBjvFkRUmhludZk8Lb02H6ZhM60HBXTBxQX2s8ppMsqCH3bB3zO0IVxrH7zyWPynccBrjpZrj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a21722ca6cb4ee-OSL
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/22nn9/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:25:06 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87a217241ae0568b-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a217239ab2568b/1714087506903/UBSrJib3mbMlVj-

104.17.3.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a217239ab2568b/1714087506903/UBSrJib3mbMlVj-
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 41 x 60, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
c5baa41a61b0f8d31c427302ed365d48
948b5ce07536194989a101e8a4577c2d6bf0c09a
3afa2ee96ab67128ed97e982a19192c408cc0f6f6777fb7dff6a97c048cd28de

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/87a217239ab2568b/1714087506903/UBSrJib3mbMlVj- HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/22nn9/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:25:07 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a21729aca5568b-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/226940968:1714084187:Rm2FEAwMv67sxthj19kq1PgP2WkzWWVzLuxzkiYOU5M/87a217239ab2568b/33a61b66dec46b6

104.17.3.184

30 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/226940968:1714084187:Rm2FEAwMv67sxthj19kq1PgP2WkzWWVzLuxzkiYOU5M/87a217239ab2568b/33a61b66dec46b6
IP
104.17.3.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (22560), with no line terminators
Size
30 kB (29868 bytes)
Hash
736d163b50e899417b48d55ac685e0d0
2bd27c0babb2d09f78be7b441d34bfb5f8bc68b3
80a87f5d4c24a996e60f400c2f3da2e0cb4ba5f5e80b99fb1db4ffd7cadaa1a1

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/226940968:1714084187:Rm2FEAwMv67sxthj19kq1PgP2WkzWWVzLuxzkiYOU5M/87a217239ab2568b/33a61b66dec46b6 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/22nn9/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 33a61b66dec46b6
Content-Length: 26392
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:25:09 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 6+iJTkJRxfbzstDBQMAL8Da17F9utGaVncq594BYnDAQe0rL9Qcr616pd9jfIgqv$R766hYJZkfPVm57XEky5bw==
vary: accept-encoding
server: cloudflare
cf-ray: 87a21736293f568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

alcojoldwograpciw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/959027168:1714084022:JnFnQDZ7bTCe89yjn0QOIzLzKFtPTr8FQHbR4U7gaI8/87a217207c5fb529/468875e46a633c6

104.21.48.243

2.5 kB

URL
alcojoldwograpciw.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/959027168:1714084022:JnFnQDZ7bTCe89yjn0QOIzLzKFtPTr8FQHbR4U7gaI8/87a217207c5fb529/468875e46a633c6
IP
104.21.48.243:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3244), with no line terminators
Size
2.5 kB (2491 bytes)
Hash
96146ddf957159e0de5fc8daa40ca879
85ecd6166b46954ad2ebdb3f02e4232ad5153ab3
81f007c96383ecc7b8c531429e6d6e6ad66d4955651cf724ec010d5a1d41c330

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/959027168:1714084022:JnFnQDZ7bTCe89yjn0QOIzLzKFtPTr8FQHbR4U7gaI8/87a217207c5fb529/468875e46a633c6 HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://alcojoldwograpciw.shop/api4
Content-type: application/x-www-form-urlencoded
CF-Challenge: 468875e46a633c6
Content-Length: 3311
Origin: http://alcojoldwograpciw.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 23:25:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: jw8+i+yiQoK/Uzh1i55vFnkWyHDUERn/brRixIGgEHNZTqBXfEbHBaBOPd5EUbtpObBgXqD5J3C7wrPcweGHjJ5PQ8Ek+Le7DJjmWknB3CBM2EwJi4MMoJtWB73FWoG0$6MlCk9iYicG3S7XCd9lYAA==
set-cookie: cf_chl_rc_i=;Expires=Wed, 24 Apr 2024 23:25:14 GMT;SameSite=Strict
cf-chl-out-s: WB+XcE+GtCNVXKb4ZEvUgQ0CDy4OZQ6bVahUX54YIIghcKLr6Qefq7Th3dEDdD4PtEKiaSNQtv2saku+aWZfQ7JZrJ0cY7CmzBvIRXlkvPMbPJS3+y0GSCFPiFaZxg/knJ4WEye3rBM2r1R0i9sdcvlFzCX151mT0tjGMBHui81DQfcu/YBbzT9/1ShgD+qxJLkX51o7E0KGN+JVxLUFKoQ6dGYSysilvBDlgHjKsIKLGIFom0I43ocPJqQaiPnf46tQwr7c7TyjiDJI2YhiX1cmGv225ZWXIQFmrwDlh+tdx+Rv4nB5RQPWz0axWJvGUUuuT0zc6XMlCkLd3HcInamRhKa6siZhPRzg2O25zwrG/Y/ClmgkJQyc1DhZ5keaOjbXlKL2OOd1cH4/yOiMUeg77T0swmKkY86q5mREat5/kNE5KQBR6B52ypklHfv8nmF0EDf9Sw0S8OBTPUPJ5A==$/rgrSwhx9smpDmwNr1yL9A==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utrWAhMTM9BA89ZT83Es%2Bsceevu9q8OzorESQsFT6deu05wVVqsCLFLee2OrZLnxah3wLHTIdmze0XTZmwptx7noXzRp%2BgjHAJiFYHQMJ98WCAcCRoKVsjQIxHNdOG%2B7wMHD1U29Zw4K"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a217553f7bb4ee-OSL
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/api4

104.21.48.243

200 OK

1.0 kB

URL User Request POST HTTP/1.1
alcojoldwograpciw.shop/api4
IP
104.21.48.243:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (416), with CRLF, LF line terminators
Size
1.0 kB (1018 bytes)
Hash
7918a2bcb5972fb9180547ebfa69bdf0
e903f27fd09e492fd214f1cfc73bea1f6a262c90
797e5cddce578311bdfbc496be17620fb8630210396c8839a3385c8512194450

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

POST /api4 HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://alcojoldwograpciw.shop/api4?__cf_chl_tk=_0lHpU14P6LsfqYGWjcEd5v96wkzNmjFbOcSu0u_dAs-1714087506-0.0.1.1-1301
Content-Type: application/x-www-form-urlencoded
Content-Length: 2480
Origin: http://alcojoldwograpciw.shop
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 23:25:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=MlCfMISsuwWnrDToDm7kFm5iriC78DDyqTmfFnKQdA0-1714087506-1.0.1.1-3AadNlRbzMSn7cpjl0Na2gF12iX6wJuHoA8Gucfs5VFs2v3rDVpzDKPWIj4iZRuq2EAp5nzOH8aU9FJt8td0SQ; path=/; expires=Fri, 25-Apr-25 23:25:14 GMT; domain=.alcojoldwograpciw.shop; HttpOnly; SameSite=None
PHPSESSID=qrb5h1u3iucp8fmeob1rbusffi; expires=Mon, 19-Aug-2024 17:11:53 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xPThMVkD6oT9zJRvclaJ2NGeW5wiDtuZ%2FYIco0BS0Y5jaD2cA571U01pUeeP9ASor23C8veIl%2FXPvKog0jYl5WhYC2L3ra8jcpRhrSZpv9TYIG%2BXybYZIRMMuOpq2jBM%2BCAaiOJbHiBg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a21755ffcbb4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/core/panel/icons/tabler-icons.min.css

104.21.48.243

403 Forbidden

6.0 kB

URL GET HTTP/1.1
alcojoldwograpciw.shop/core/panel/icons/tabler-icons.min.css
IP
104.21.48.243:80
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4

File type
HTML document, ASCII text, with very long lines (14649), with no line terminators
Size
6.0 kB (6005 bytes)
Hash
3cfafc78483a62de1666c56269cfbd35
53f8ec8a02790ffd3d243cdc14444b51d3b5bb77
469cc76797a3805895baf726f85f754febb7b72bb428dfda94c37808b8d02e1c

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core/panel/icons/tabler-icons.min.css HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/api4
Cookie: PHPSESSID=qrb5h1u3iucp8fmeob1rbusffi
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 23:25:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: tsjF+T1NHsvn875ls1/rjDjQNEucyD864AIApNkESyI6EMXHOG7CpzYQQ9tAIroMXvnYnRs1bSSm1PQPboChcr7ZMnyJ4qHYFMtGR7Lge2Ukx3dAM84WefhZuyXQGPcrD1NTkfxqEto8Wv1d/15cHw==$/ZqP8Q1fgwWunP77qeGcsg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XklUAKWoAySQHamLv2ziQxz4aPvEPTXcrPVPB4FszoXnMmnGfEqrH0VSrQarvq%2F05zL581KLH89nX24jhvecOdVfkOjqyZTuSbaUpNzMDxE53geiIAzt47ibT5B2cwfwRdzNIZTtft0G"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a21756c873b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/core/panel/css/dober.css

104.21.48.243

403 Forbidden

6.0 kB

URL GET HTTP/1.1
alcojoldwograpciw.shop/core/panel/css/dober.css
IP
104.21.48.243:80
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4

File type
HTML document, ASCII text, with very long lines (14547), with no line terminators
Size
6.0 kB (5953 bytes)
Hash
b84c5d71040c1966369d5a3a57a89a99
d11e4e0b3f2cb2141ba21214d0f9e935e1276dd0
4155d925e5331caf7820122856549d85c3aedc2c1a0b61c6e051c28680b3de1f

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core/panel/css/dober.css HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/api4
Cookie: PHPSESSID=qrb5h1u3iucp8fmeob1rbusffi
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 23:25:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Fv0n+NABcE01KPuU3aPPtB2E+FYKmeCFWhkC3jkWVf8nRmk+a/m9oJ84TIqWL9/eebQRmBGsD5AIxVzX/lBSL5+iKOCG3+jjUVdrHjMPiTyUO0iFlSr9Djym/HZg8cjT5QIO7Qkz6He6rZQyonNgmQ==$+AkMhuBVxdFC3iXzpgIVbA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MYLTth6yGD9mDjp5tRsCAV5Hzzc37184NIJMzEXyjuiSewP2hIL9EpxAbWPlJNUwaXn4MiCnycTQEUa1aVnP39nj1%2BOJ34VpQsYHWak7wPVFJQ4dGT6XQvN8RsZ85jYdEGwZCJyAcVtM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a21756db88b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

alcojoldwograpciw.shop/core/panel/js/doberman.min.js?2

104.21.48.243

403 Forbidden

6.0 kB

URL GET HTTP/1.1
alcojoldwograpciw.shop/core/panel/js/doberman.min.js?2
IP
104.21.48.243:80
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4

File type
HTML document, ASCII text, with very long lines (14602), with no line terminators
Size
6.0 kB (5985 bytes)
Hash
8ba534519b2f6f8fa2f0de7a029ad563
1c44de54f96fee77602d6a56b38816d05ecf1679
1b52a8f619cfc76cb902cd1de592608a23dafe04782ada503012920eabe59f15

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core/panel/js/doberman.min.js?2 HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/api4
Cookie: PHPSESSID=qrb5h1u3iucp8fmeob1rbusffi
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 23:25:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: PyMfIneSL6x6lHBov9EIzBy3Do5uavu5nZoZ7d89gZWo7I6juTYKuPaE0BjguJjHe7FqtH9gD/mR1V3RhRL74bPMNov7TyNSe/0SKiWktOpyUfOEJCm2OVnfHrXzniC9ZTaQGN9rsjACud+TxajSDA==$T/h8FoW55JOAICGspVP9eA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcYMfhvt2i5s2%2F2VW4fGpw0mpnjRw6S2cC4GCubFkFkDJ03yD3Ssf1HN0yPz0m%2Fi8PzIRLV9BE4yPZrA0Lhyul2K3l8oUO5AZsePbpRcFik4tQ9%2BjzkAWe6JrTqKrJf3ROnt%2FFaU1g8O"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a21756df0d5693-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://alcojoldwograpciw.shop
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: "28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 23:25:14 GMT
age: 133994
x-served-by: cache-lga21931-LGA, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 222, 62323
x-timer: S1714087515.738030,VS0,VE0
vary: Accept-Encoding
content-length: 89501
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/css/tom-select.css

151.101.193.229

200 OK

2.7 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/css/tom-select.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
2.7 kB (2714 bytes)
Hash
c95b0bc73baee2d4aa8a5d31819916c7
5c6101d999331d9dd4f6902ec76fa484cc0e6150
c8168f6b45f8cf03ee444c7a0d2d61850899fd10dd13e2e523ca15e24fb1340c

HTTP Headers

GET /npm/tom-select@2.3.1/dist/css/tom-select.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"2618-XGEB2ZkzHZ3U9pAux2+khMwOYVA"
content-encoding: br
accept-ranges: bytes
date: Thu, 25 Apr 2024 23:25:14 GMT
age: 1964454
x-served-by: cache-fra-eddf8230097-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2714
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js

151.101.193.229

200 OK

18 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1002)
Size
18 kB (18451 bytes)
Hash
cb0a959ac3d7a23dd8271f8438671211
8bc8a58a48d6f529e6b58e235b47d92dc61a0e2d
28d785eb15b9a3fb56d6869ee57952e0908d003a0cf911eaae7a14a8bea9bc76

HTTP Headers

GET /npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"c620-i8ilikjW9SnmtY4jW0fZLcYaDi0"
content-encoding: br
accept-ranges: bytes
age: 3783765
date: Thu, 25 Apr 2024 23:25:14 GMT
x-served-by: cache-fra-etou8220055-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18451
X-Firefox-Spdy: h2

unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-payments.min.css

104.17.247.203

200 OK

7.7 kB

URL GET HTTP/2
unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-payments.min.css
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
Unicode text, UTF-8 text, with very long lines (9982)
Size
7.7 kB (7709 bytes)
Hash
04784b92504b4b5c7787accb86e38c6d
923286260ab882266d1ef2af9e606db0ff9afe35
c5b29d4a7e41bf14b47dce1bd9cb077a7a6520dfec0fcb2629c36e96a38a48a4

HTTP Headers

GET /@tabler/core@1.0.0-beta10/dist/css/tabler-payments.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:25:14 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "2806-kjKGJgq4giZtHvKvnmBtsP+a/jU"
via: 1.1 fly.io
fly-request-id: 01HVQC04QEKYM6WZZD8PEH21NY-arn
cf-cache-status: HIT
age: 684964
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a21756fa83568e-OSL
X-Firefox-Spdy: h2

unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler.min.css

104.17.247.203

200 OK

68 kB

URL GET HTTP/2
unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler.min.css
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
Unicode text, UTF-8 text, with very long lines (65269)
Size
68 kB (68325 bytes)
Hash
c1a163c866ae54279f84008e755e3943
9d69518b336274d30081c8d2bf87f7bad54da876
5457d83fb3420513da1ae29fbbd2eb04304a75b589de7cbca76b29dd2239278d

HTTP Headers

GET /@tabler/core@1.0.0-beta10/dist/css/tabler.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:25:14 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "49599-nWlRizNidNMAgcjSv4f3utVNqHY"
via: 1.1 fly.io
fly-request-id: 01HTZRWFWVX5PFVQX8X8E63WZY-arn
cf-cache-status: HIT
age: 1476760
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a21756ea7a568e-OSL
X-Firefox-Spdy: h2

alcojoldwograpciw.shop/core/panel/js/doberman.min.js?2

104.21.48.243

403 Forbidden

6.0 kB

URL GET HTTP/1.1
alcojoldwograpciw.shop/core/panel/js/doberman.min.js?2
IP
104.21.48.243:80
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4

File type
HTML document, ASCII text, with very long lines (14602), with no line terminators
Size
6.0 kB (5991 bytes)
Hash
17905c630e9e49922e41dd4919a7ab9b
69568043d05c66737399a331c7a0e7fbaf505a7b
e6252b00c5468e370388cb85e354eb28a0ae699414c9837ed597776fae0eb74e

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /core/panel/js/doberman.min.js?2 HTTP/1.1
Host: alcojoldwograpciw.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/api4
Cookie: PHPSESSID=qrb5h1u3iucp8fmeob1rbusffi
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 23:25:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: wBGYlSzgjSXgCgxL9ed6uIimhcXlMvSN34dFWXNOB7z4Y2p+mUdAZFq71TLIXb0IHBG8qD1AvGggAnap9xevueV8uuimlVHeLCcmJ9lw5iy4wQo1mHgTuKpIpVValWzFpi87HlcuKrWI9zdJXzDK5w==$SzHUNNIhJ+s04YMaLmW6Pg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EUPDwwVfHy%2BcpXWAHMM6iYpnq7Frbz0rO25liud35WhFH4RYyTDn7k%2BH3ddyljMQ3FaVLe60V4NR3zJWpcnoyEl2Q4OJNQsoV2er8YRIW7QlFnrqWkCa8mUtpy7zl1edCReLt9DyD0G4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a217588b681c12-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-flags.min.css

104.17.247.203

200 OK

8.1 kB

URL GET HTTP/2
unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-flags.min.css
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type
Unicode text, UTF-8 text, with very long lines (15590)
Size
8.1 kB (8050 bytes)
Hash
4da7fd3ed48fe1baa01533ad3f8c7e8b
9ca00f59389e43fb6909d8bb94a7c9a9574386ef
abb57f483849cfdf6a71551903e8fbf9cb21b09f8f88561dafc5cc4421e8ab9d

HTTP Headers

GET /@tabler/core@1.0.0-beta10/dist/css/tabler-flags.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:25:14 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "3dee-nKAPWTieQ/tpCdi7lKfJqVdDhu8"
via: 1.1 fly.io
fly-request-id: 01HTZRWFX8EDWD4PRNMVPS590C-arn
cf-cache-status: HIT
age: 1476759
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a21756fa84568e-OSL
X-Firefox-Spdy: h2

unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-vendors.min.css

104.17.247.203

200 OK

20 kB

URL GET HTTP/2
unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-vendors.min.css
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
20 kB (20509 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /@tabler/core@1.0.0-beta10/dist/css/tabler-vendors.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:25:14 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "501d-KzRlg0kTrqxbPtPfiexL7OQBp7U"
via: 1.1 fly.io
fly-request-id: 01HTZRWFX86R9GKP834HBYFXMJ-arn
cf-cache-status: HIT
age: 1476759
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a21756fa82568e-OSL
X-Firefox-Spdy: h2

unpkg.com/@tabler/core@1.0.0-beta10/dist/js/tabler.min.js

104.17.247.203

200 OK

143 kB

URL GET HTTP/2
unpkg.com/@tabler/core@1.0.0-beta10/dist/js/tabler.min.js
IP
104.17.247.203:443
ASN
#13335 CLOUDFLARENET

Requested by
http://alcojoldwograpciw.shop/api4
Certificate
IssuerGoogle Trust Services LLC
Subjectunpkg.com
Fingerprint2E:F1:F6:31:28:EC:29:20:41:F4:58:4B:B1:CF:51:16:77:7E:BF:E3
ValidityMon, 01 Apr 2024 02:40:24 GMT - Sun, 30 Jun 2024 02:40:23 GMT

File type

Size
143 kB (143157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /@tabler/core@1.0.0-beta10/dist/js/tabler.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://alcojoldwograpciw.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:25:14 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "22f35-n38SF7G8IIAzpB/oRMejvoNjWT0"
via: 1.1 fly.io
fly-request-id: 01HTZRWFWYCSY1GTYPYYR77RS1-arn
cf-cache-status: HIT
age: 1476759
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a21756ea78568e-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations