Report - demonstationfukewko.shop/apiu

Report Overview

Submitted URL
demonstationfukewko.shop/apiu
IP
104.21.33.174
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 20:18:11
Access
public
Website Title
Just a moment...
Final URL
demonstationfukewko.shop/apiu
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
3
Threat Detection Systems
66

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
demonstationfukewko.shop	unknown	2024-04-12	2024-04-13	2024-04-14	5.3 kB	300 kB	172.67.147.169
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-25	5.5 kB	849 kB	104.17.2.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 20:17:44	high	Client IP	172.67.147.169	ET MALWARE Observed Lumma Stealer Related Domain (demonstationfukewko .shop in TLS SNI)
2024-04-25 20:17:45	high	Client IP	172.67.147.169	ThreatFox botnet C2 traffic (url - confidence level: 100%)
2024-04-25 20:17:55	high	Client IP	172.67.147.169	ThreatFox botnet C2 traffic (url - confidence level: 100%)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed
2024-04-25	medium	demonstationfukewko.shop	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer
2024-04-20	medium	demonstationfukewko.shop	Lumma Stealer

JavaScript (83)

	URL	Size	First Seen	Last Seen
	demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523	389 kB	2024-04-25	2024-04-25
Pretty URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523 IP 172.67.147.169 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:18:12 Last Seen2024-04-25 22:18:16 Times Seen2 Hash 5a88188cec6538e781a7bc15a7a58e9d 4552dbfc140e4c52d2e4aec039d28e3599d265ca 56e6f94ed38fdd4f82043397deb9c112231ac2154f6e33b28b9a59e03cb94dc3 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521	441 kB	2024-04-25	2024-04-25
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521 IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:18:12 Last Seen2024-04-25 22:18:17 Times Seen2 Hash 33e9243545ccd24b203a7f0c441af02c e59707d1b80fcc22a1d8b24aade9a9122f331fd0 8a44f9e79647f3f2caa5ad534b4d618ee697ec93d32a31bd39d221e29f421a7d Loading...

	demonstationfukewko.shop/apiu	4.6 kB	2024-04-25	2024-04-25
Pretty URL demonstationfukewko.shop/apiu IP 172.67.147.169 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash aecc2b33b5ff38aaa96d470473f0fead 6853b8ea201222112ead1c15a30b9e2893d5eb14 1f6b33c778a43326e0a32300175a3a517e6bbfc80fd7f5b7603a714f5f86c4af Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	3.5 kB	2024-04-25	2024-04-25
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash c5c41f2a5aae9a4794716ba353c8edab 62903da4d9fad43a282a3b7feef39c43ba854162 6df3b11385e50b98275c9e87eb06affba0f43e386fc240d17aa747c8bfc3ecd9 Loading...

	challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit	43 kB	2024-04-25	2024-05-05
Pretty URL challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit IP 104.17.2.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 19:17:04 Last Seen2024-05-05 17:03:24 Times Seen2253 Hash 65b0a652c40c95d12c4ddb3b4567c1ea c654efa19d01d6553ed4e0f500d350011e023ad1 c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b04992505079d13012ebb9fc05b89ba2	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash b04992505079d13012ebb9fc05b89ba2 b4eed0d45ec89ab2380d0b367d13aed94c166d1a 11ecee0212047f903146a475c1177169bf4015b19e45d2ca48dde9a9a64b0677 Loading...

	#2 Eval - 289e4504bfbcb46698a92f5da63e0a2d	62 B	2024-04-25	2024-05-05
Pretty Observations First Seen2024-04-25 19:17:05 Last Seen2024-05-05 17:05:03 Times Seen1048 Hash 289e4504bfbcb46698a92f5da63e0a2d a6dcf5b386a04b545d7e94c553c5947d8e95ec2b 3c82ba90261822f61f18c06c5f5efe8f16d31b2486e7dcf16e8c5be62809b917 Loading...

	#3 Eval - 513d04c3c6378d765fef15462e2ea836	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 513d04c3c6378d765fef15462e2ea836 37fc755c5a7fdd9f1f26f84d7a90c0c2a131c7eb 962f773eac88f9d91bdb28c84a9e1537e0833f33a93888695fbf39fe90931e84 Loading...

	#4 Eval - ce81163b8ddab24df6c17de4ae23b257	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash ce81163b8ddab24df6c17de4ae23b257 19ac0b5096e4400f77c6dd602ff11e03b621e071 922006e8d868c4a8520f38113e0c3d64a61a5e77c0c4d30177dbad8837584f16 Loading...

	#5 Eval - feaea8cd13d14482d69dd9f849737789	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash feaea8cd13d14482d69dd9f849737789 f6dd3679c4105289de2af57b179dbccd4f45f3d7 486d34d5e2474cff4c6df12a8d747a937cd72be849121f263ad9193bd6364233 Loading...

	#6 Eval - 131929479f4313141e3e3b21de1af8f5	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 131929479f4313141e3e3b21de1af8f5 cf0f45c7dbe3f9d1587e3570ff99dc0ff7a294df 06e63fe0804d632d449bf727ee46efec28e21b7a929c851a702df3f850e958d4 Loading...

	#7 Eval - 0550ab936b83f4d7bd6b5db151943dd7	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 0550ab936b83f4d7bd6b5db151943dd7 95ae89871271c9e54b174cf3e72d5b0007c75133 d2eb349f9a515673ceb1d7089e2e21bfa224187ab932cac5b48996d9e6cffec8 Loading...

	#8 Eval - b51cf18d37dc5d80984b80a0cd558bb5	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash b51cf18d37dc5d80984b80a0cd558bb5 bedbb9d5e6c302455fc20fc87c72b566adf7c269 f14fac7cf5a802f30c2c8d775b156b1a19b0c37a2e7185aaaa70a0c829593732 Loading...

	#9 Eval - 607b71c121bcee9337c40d3a84142c54	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 607b71c121bcee9337c40d3a84142c54 161b18b8146bbfd97e6d05e1be3e4ff8b48a56d0 d8a073383387f22986cd382a188b1c53056819eb7a3b12716aedcb0ded703666 Loading...

	#10 Eval - 3736d90120b13759e6a8cdea8cb71a20	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 3736d90120b13759e6a8cdea8cb71a20 d0ecf7ccd3bc45cd89ab8b0284b6e126cac23d2b 4611826b8f4e4b30eca96dedfb808d44b4d3c290ae5e93bba562b4d0b506e85e Loading...

	#11 Eval - 52d27b1f420dde3d01b4df56dbcabd70	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 52d27b1f420dde3d01b4df56dbcabd70 afc46dbe04258daf9f21ed5ac12d84f943e5e9fe 9520ec15e090b62c238131fc6e6857cbf4d55171d9e5ece11b9a49e221ead4f8 Loading...

	#12 Eval - 82e2f96758855bff38406d980c22ca73	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 82e2f96758855bff38406d980c22ca73 ed93cc902bd42fd3ad212e0eb70d65d1e710a39a 3a11c14b2a179cc93aa3a9d66c816eb6fb27878ce89266b517805ac4dbec248f Loading...

	#13 Eval - 935a41d48e3bc81394d583618756c329	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 935a41d48e3bc81394d583618756c329 2ca05376c68bfbc914077b45a226debe47c41fa0 9de1dfc7a7e8c7fb35cbb4b7b3a6859ab6a36a67e8b452e4eb05aa8bf7e30ce1 Loading...

	#14 Eval - 97161188cd9560b5184b802ab51355c8	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 97161188cd9560b5184b802ab51355c8 170c912e8d43032c072be74bc9b6e1ac13bd92ad ca3198ced728929438e542a82c17e0bf28ef036d8cbced20ab3cb0805efc0496 Loading...

	#15 Eval - cba85d7d9c3b4ba59807769ffd6ca3ba	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash cba85d7d9c3b4ba59807769ffd6ca3ba 19ebd24461f9e0a95c53eb49874ec668db3c47c3 3d285853b6a5b4b46d35fe2604c2b5329c80e7bc274d0f27a9ffbc800feec53a Loading...

	#16 Eval - f3891f2bd52a6dfad7cca3e4007e03a2	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash f3891f2bd52a6dfad7cca3e4007e03a2 118a8cc45ca46cbc7a49c2af7de33ab92bb1268d a2c9d91455ff17c8d76cff311ffd186409d9312ddf2aa119c385f754d5948156 Loading...

	#17 Eval - 1df30b9f683f08356bed89a6515393f1	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 1df30b9f683f08356bed89a6515393f1 13e4e9dcb6b77f56e0a463450617d3574e056042 658097b544c95bb5cdb736252844659a258b4aaa3bd68aaddfe2e7da9582574b Loading...

	#18 Eval - 86a9144dbf00afbfee17140c6d74fa10	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:13 Times Seen1 Hash 86a9144dbf00afbfee17140c6d74fa10 fe29cdf03156f8f9e5e4a15fa133e351f0715b0c dd55e4391f52b3096a9ffe113265fdd58375815c5cffc517ac7408efff405d34 Loading...

	#19 Eval - 12e8396754b443f168363fa7d1ad0f10	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:13 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 12e8396754b443f168363fa7d1ad0f10 a651fcab2026ca10dab1edb89d5164a5c720dc3d 0962a7c4c006408659856afd4b7a5f4b6338779d7e7f4e4082a40f7d6e38d144 Loading...

	#20 Eval - 905d6e14947b69cd119ea20528eeb204	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 905d6e14947b69cd119ea20528eeb204 e140fc968a034f5165eb0814680ce023fcaf97a0 e0d6b7c85fda740a125cf5427fbca0ccf299bb1de338e86bc2e24781f8b3f45a Loading...

	#21 Eval - 49eca73fe455eae612e9843c0ae94080	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 49eca73fe455eae612e9843c0ae94080 98b05759fe7e0a3d03610f137d57e65b93499eaf 074c666557e3a9d7fd7511f8944f8cfbf8e17505403c35f7352882da5f8b0143 Loading...

	#22 Eval - b7e583252de4553c8be10b58a8ca1d66	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash b7e583252de4553c8be10b58a8ca1d66 38cc368bba8ed7ac6e5ab77d833f5a2a69d3f286 f0b8d53e9628b41df7b53d3fd1383bbdcbd25ab57e9308dde59130556b3d5dcb Loading...

	#23 Eval - 7a119ddf9c68d4a9e88a7d5eda02e165	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 7a119ddf9c68d4a9e88a7d5eda02e165 9628716ade49edfc524fbecbfeda366085e3ecd0 f5eda5746cb950a3bd43975cda645b35e6ecdae5273cd08ee866d2e597eb17f3 Loading...

	#24 Eval - 2b4c4040bae566956fb26d36c8748810	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 2b4c4040bae566956fb26d36c8748810 63252ede69ebeecc28486f4df3d8e34951e3a7c4 ec861e6799d04269324dbcc9673f2029ef49aea887112725bc15992fcecd0ca8 Loading...

	#25 Eval - 195e888de06672aa79360e4a53346098	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 195e888de06672aa79360e4a53346098 f5c459c12d65def3dce310c1faf4775e4a195928 dd26bd2a01e28c0af123d23a26d993b28249ef6d5f28c964b9c3decc283ac513 Loading...

	#26 Eval - 2d71802a5078bd85cb3a2da3137c785d	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 2d71802a5078bd85cb3a2da3137c785d 6539e757c790407a8ab797c9fbe8e1fde216634a cb9000f47b8da481e59033835fa38feb14868fec0170da699cfc8f9058f87804 Loading...

	#27 Eval - 737b3b3f9c657528c74fd0406bec804c	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 737b3b3f9c657528c74fd0406bec804c 0429b26353e783a12c0344f35a28fcd9b2f62ff6 aad6f261e7a30b32ba96c0fa9bf67ced288d8bae0e462c2906214945c73a4b58 Loading...

	#28 Eval - 010cc921e019aea8ba3f68a639326efc	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 010cc921e019aea8ba3f68a639326efc 10df0a55b3d06ae831fab4dc1e4b7b9a1785661a b53ef946fde713f33ca7f4aa4d0449fa5b2e4fcb46ff586fdf306a29fc44745a Loading...

	#29 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#30 Eval - 72f2e0823fde847068db114e02f8cfe3	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 72f2e0823fde847068db114e02f8cfe3 9d623fb4c2cf6d15a6ad28fa1ea747e2ca7aa12a ecfdf74a48f5536784a02fa959086daa454fd3ec90164e4783b57e088d5760f8 Loading...

	#31 Eval - 0ce2e5d03691a90df5887d45366cde35	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 0ce2e5d03691a90df5887d45366cde35 61c91f37168997ccd467fd2b88ff15757e4ddee5 274b0260de61114e9ec71d13660f112fc11383d56a6ad4a7d5b3d22361e61c66 Loading...

	#32 Eval - ceec35a5a0196ab280732ebe698c804f	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash ceec35a5a0196ab280732ebe698c804f 4dc88af5b58e9318967f0294e740c388cd87da69 034ac8bd09a3ed65db1d56f2ff404d335c6c878364bf3fdbc7c5fe274cd4712d Loading...

	#33 Eval - b0c23431dea112ff1cfc6543b0bb19e0	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash b0c23431dea112ff1cfc6543b0bb19e0 91c2ee6d8b734ad0aaa9857013cf753887699c46 4a46da60437a1efddcf9bb71ef9801e14a6cd8201b3be81b75b18676840b8fdc Loading...

	#34 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-05
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-05 17:05:03 Times Seen351503 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#35 Eval - 3832b5f0350ba410b5902d851fc7ac6b	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 3832b5f0350ba410b5902d851fc7ac6b 3bb5c39151f728f92c747628fe339421ad4821ff b4512ed58d359b872f0d422994529047f1868575614f1ca8fa2c2350d4209996 Loading...

	#36 Eval - 3461abdbd27fcc7394939d775bd90583	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 3461abdbd27fcc7394939d775bd90583 5f51d421666bceae00cfe89b40b7d3418126891a 67d3b123a81ef8bb8b2b10185dc5cff6ffded947b34fa4da894ea555ff894804 Loading...

	#37 Eval - 027d0c923adb9cf0d7d94500a78a266c	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 027d0c923adb9cf0d7d94500a78a266c 38ae457a128adf9722cd682e8e01b5c98a449722 af17e9c50e7d67b74e7cb2ace422057cae9a86307d1238b65afc49f0674701a3 Loading...

	#38 Eval - 340ddabc153b2c6d39d1292a662b8141	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 340ddabc153b2c6d39d1292a662b8141 5aa2f48c5a0c99f0249c6084bf96b44171e541f7 94e40886577a0f9324a3df5d9a54a90c96354f6c08d9058fcc8459734b8fdd1c Loading...

	#39 Eval - 61fc41790a5f534820ded8e30e9dd4f4	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 61fc41790a5f534820ded8e30e9dd4f4 071d6ed5b84a866884ee1d8966b751b7723cf64e 8a0d0bdaeecdd8762297baaa60fb30e14d858abd9e61d419e351b270c1378c91 Loading...

	#40 Eval - ddc9618191775ceb51748e18f4961a59	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash ddc9618191775ceb51748e18f4961a59 9e46f41d2af62145a4ae26f262cfbf325fada807 83b3811930d8be2d1b36b43cc7872522dd4cd965fe0fac07559db433f5918824 Loading...

	#41 Eval - f6570ca9f6eaa64c5e8319e126718595	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash f6570ca9f6eaa64c5e8319e126718595 f6365d4993ca5e5c1531b5d836a6556e8ced9838 597c9aae3f9b9257a49437920aec070151d1c643f6460780f5af0de5e1750d1d Loading...

	#42 Eval - 411db85543170fce272c719cd88ee5f6	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 411db85543170fce272c719cd88ee5f6 17cab79657220eeb8cdf182fe9961a7d36638cb9 ce8581c52d12abf16cedfd7b43b5aa2567e588db29f5d4d489533ef46b35b5f4 Loading...

	#43 Eval - 01f22521eca0c2a45faf45c5a3495a47	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 01f22521eca0c2a45faf45c5a3495a47 efa862f2edfff109fe48369d5811c62c6cda409c 36bcb96bc5a7186d31f3ccf86879192d39e2835a0b9fca873822ae691613a688 Loading...

	#44 Eval - 65fe4f02dfcde20a8e4dd209d2df5996	2.8 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash 65fe4f02dfcde20a8e4dd209d2df5996 5bf3296f228bcdd3797979ab1ed603ff0a9cef1a d3aa0d1e569d0b3a576c62aa856a944365579d836d34fe9cba48ff8bc6ca3f2c Loading...

	#45 Eval - a82c514fb64c2425a1616e4448cd1717	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:14 Last Seen2024-04-25 22:18:14 Times Seen1 Hash a82c514fb64c2425a1616e4448cd1717 49df28859e026ebb7cdaa16edc40976acc676bbf de54d94a41acdc0bcdf2515b9775ede25c78140f8f4bdfde742807f2b75be95e Loading...

	#46 Eval - 172509b8778445769ab21daa568085ed	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 172509b8778445769ab21daa568085ed de7adf88f1fc095581007b4cdaa9daf6871c7acb a884ff84428a499cb4a445ed63eb10efc60450eddb9681024c92a36bf6dc8bb9 Loading...

	#47 Eval - 19114d53896d6e47d719ff807db53bad	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 19114d53896d6e47d719ff807db53bad 55a4730c97cb60fc763079cdf09f3be4ac5bd8df d5afe70b886b0b4d6e21f34920928ca26e871fcd98d526231f3664d99add925b Loading...

	#48 Eval - 24be63030de9cb3dd864d89122f4aca5	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 24be63030de9cb3dd864d89122f4aca5 a57d58323be47a41fca66b4936f643d15f8d9e71 24f9e1a0db20b6ccd25ac214ab10d3f71522d5bd30167e18f593dca3c80c57db Loading...

	#49 Eval - 797caab8a7e7e9ac3d97bcaf4b31aacb	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 797caab8a7e7e9ac3d97bcaf4b31aacb 839d03fb82324d78c26021e6abd946791ca6e01f 8350c31bd86dede439211279605a17d5841a9b63d7ddedc29c6c9515f8f34cc9 Loading...

	#50 Eval - 4ef3cce791690a0f91bb925b2d988fda	2.8 kB	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 4ef3cce791690a0f91bb925b2d988fda 42aad5376f2c056d982e3bb70da856e9a40280df 7ceb5be6fc494452ff47514c37ddbf56461bb8ad202a33c882a84ee5a5509643 Loading...

	#51 Eval - 124fa84cd4de9f9a68de15b8450ca571	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 124fa84cd4de9f9a68de15b8450ca571 41643bada829ba526ae3557bff238f7bf5ae76e3 3ecc5a0db3daf798275372752abe9ed365a14ed233e980d10c42cf7181d88179 Loading...

	#52 Eval - 54f7295766587390f3b4045965b891af	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 54f7295766587390f3b4045965b891af 36ac0cea55d8d5a3bee55c0854b57fad440dfef3 f7a6d2448cfdc775d07f65e497096eb7a0a0b57b80c8b4a26f6c4db5f3cb2477 Loading...

	#53 Eval - 2abcedc7f6a238ce452655e1c9f7e62b	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 2abcedc7f6a238ce452655e1c9f7e62b cf5f96b649ef0c4292f739d31b85422d2f994153 3285f7f0d8aa412f3b78c5cb3f6c8f5edcfa5a409bcb25ea44247ad2acc786ee Loading...

	#54 Eval - e038f17cd9e56ec512a19e7467eb1e59	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash e038f17cd9e56ec512a19e7467eb1e59 53402f214d006bb229c3e03870758183bb51c774 23baa73742f076b6e5376477c737d3f0f1b52a732e0b58f8c9a6440c9328af35 Loading...

	#55 Eval - 9a02ff7dcc1956407fa5937967d5f164	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 9a02ff7dcc1956407fa5937967d5f164 4f55768b0bcaa36fe99bf36c356a5c09efa19560 f65aaa10849f27b3f2a3dc26f6676e511c8ff9d8e77d4c0ae2b1ccb191167a6e Loading...

	#56 Eval - 5057ba92da333619aa0d91243f76ba17	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 5057ba92da333619aa0d91243f76ba17 5ec2f0e0b35d73127f3a3cc6ebb207bcf0abfb45 575aea4f4417e25d64011fe5889ef7bbe9d8d7d68cc669e64de22209e0bdc7d1 Loading...

	#57 Eval - aa73aa3d7723da97ada5096c236a394f	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash aa73aa3d7723da97ada5096c236a394f fa7bbdb24bd60412dabac65428d1f3dce8d9753b 4500c08e28893e18bf6a8599e140bafb9c9ce969168e3c36c5be11be1546cc40 Loading...

	#58 Eval - 08fb6b655cf02a119aefcf88ae81f90a	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 08fb6b655cf02a119aefcf88ae81f90a cbd33eebeb128bbe3fb1aff6f33b0da9957aabaf dfee4bcb0ac57df67392f0ca521e193ba65a1435720c72c25658ade8ee3bc033 Loading...

	#59 Eval - 4e972f157d55b3bea4d2c64751a3e3d1	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 4e972f157d55b3bea4d2c64751a3e3d1 ccf3f412bb1f9e181e2b6ccb3a7075b83a42e7e4 b91d80d74f103c11bf264c8d60af4a6ee975cad2a0f9aadced23022847425673 Loading...

	#60 Eval - 5c6ecd7243d3dde99aaea776eaf7dabc	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 5c6ecd7243d3dde99aaea776eaf7dabc 52a8ad56cad7dab4bffd03bf7bb38fea47895595 ca719e6fe70f88d13f7a3ba3b3cf10de7c069a462a4c494ec873694836f8cdcb Loading...

	#61 Eval - 72b5dcfd4703b3070f73bf871b4057e1	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 72b5dcfd4703b3070f73bf871b4057e1 1198629a0e897b9ab67bcf2cedf42a49bb965622 de471b90f55f80a77c363f8243eb153755ee5dbe8073971195741e65011e088d Loading...

	#62 Eval - 4dc5710e61738ab236cf2e766a89920e	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 4dc5710e61738ab236cf2e766a89920e c306d6f59817a7b525fee91bf3258107cbbd3bf3 e0379e5af4c90b61711eaad94742f69101b8b72585c63a60823e2a4be799cada Loading...

	#63 Eval - f318396c98c952c9a4ca2af943f945dd	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash f318396c98c952c9a4ca2af943f945dd 316d659dd5e46ac77870b282c93243d955d7dd2a 666223de332d39ccadf9955bf01204092235fec560abf31294ba017eafc8e5b2 Loading...

	#64 Eval - 08be12dd0cfa13aed549aaf7bc0078ce	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 08be12dd0cfa13aed549aaf7bc0078ce 2b6ce05712e5331ea6b4efa71cd85aff601e1d83 1ae020a95e3718dba836fa39ca541da8ca76c3ecd62e07dc22dcccc4bf71abd7 Loading...

	#65 Eval - 640ece10b4ec34faa31d8d6e29ee0a6f	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash 640ece10b4ec34faa31d8d6e29ee0a6f de314263ef3cdf97c77493b27149eb4cda52cdc7 a50b284dcf70b56b5cac6703f15c8856701bd40f2b5d34d5c2e40273a84dc1d2 Loading...

	#66 Eval - e85ad91ed86816ca76373febf58f0a53	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:15 Times Seen1 Hash e85ad91ed86816ca76373febf58f0a53 2eab6e963f65db0377b1b01697c6c6a8336b587f 3718f89292445d529a19853e1a7a253e2e7adca9398d46b41a38db5d567c3c95 Loading...

	#67 Eval - 9841b735d3bbf0fdfe093a5d6dab4c1d	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:15 Last Seen2024-04-25 22:18:16 Times Seen1 Hash 9841b735d3bbf0fdfe093a5d6dab4c1d fe41f03067bf6087e6586ddb19a030d31e68bb05 be95e84b7af1bd4969d0205f87c2e8cfa33b23873bb708f80fb2c167168b68e5 Loading...

	#68 Eval - a33d87c5d41477ca98fb11a6f84dca79	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash a33d87c5d41477ca98fb11a6f84dca79 afba72d51190c4983866650a92321a7c6ceaf3d9 d8f5c538aa6dfbec8e113afe11960f709d99ed2451a6c15b9b9ec5196ce0d0ca Loading...

	#69 Eval - 6da81acf78c5581b10063520df75ef79	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash 6da81acf78c5581b10063520df75ef79 429b329497d80a2cb2aa7b7313e574a21da4005a 7a7d5222effe4f75ee750dc7c437bc4ad9c7e3edfe1a203fee158e40588b8778 Loading...

	#70 Eval - fefbfbb2ea40ab5097712e1308b586c6	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash fefbfbb2ea40ab5097712e1308b586c6 6df3b6cba01283e036e418f6c9c85951694a8c02 d4569187a73368e2832304fb9d53e19475e180de710013f41114919537c11802 Loading...

	#71 Eval - fedb4212dc691c3637ccd14f54d00c37	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash fedb4212dc691c3637ccd14f54d00c37 703bd88e68d5891dbce5a925f56386117a1728e6 ca9b38f3ff51f3078e69706189064116003cbde36e49a3b5d80c1cd979c5631c Loading...

	#72 Eval - ee25440ed4a590bba48f2fb81619e9d7	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash ee25440ed4a590bba48f2fb81619e9d7 a504e0e4519ddb94af2f8ff86c4fa39dd68cf0cd 634c50bebb08d03f43eceb0e7fe3ff989fc9d3f7a16d1f8837a6f2f6a09e58d7 Loading...

	#73 Eval - 5ec662003b0969360e83ecb3b7b4762a	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash 5ec662003b0969360e83ecb3b7b4762a 278cfb79e7e2d7beaad790fef7ea3dda71272c8a 9058a93bc2fe0517620d76eb19231ad180cbcbec5b36c1ff3d13c95beb44be03 Loading...

	#74 Eval - 239fad956b4f726cad57fae2b7fc5cdb	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash 239fad956b4f726cad57fae2b7fc5cdb 46748ed34897766e84b652c1784afe2018d8bf9f 3b6dec9a1837f1bc9f3b5db0ff3906e6c0c2ea2d52707aef49f04e239657e40c Loading...

	#75 Eval - 2d25ea5955730f666cd98c78c12c4b34	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash 2d25ea5955730f666cd98c78c12c4b34 394043f72ee4df6f663ccc75637e6dca9800ae0f c62bd5bed5416600dc8584618e1fd29b0676159fb8b9922078eeaf82e235c325 Loading...

	#76 Eval - 8ab5179e4a19e0594fffe0b62f37002b	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash 8ab5179e4a19e0594fffe0b62f37002b ea4ebc64da349760b8a7a366323d2408c285c253 9eaca3e76de16627ac02938387355aac1f8598a5282122c5ed534efb2f47aa02 Loading...

	#77 Eval - fbb6c9f78d8e8deced3dbe32bdae8b4c	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 22:18:16 Last Seen2024-04-25 22:18:16 Times Seen1 Hash fbb6c9f78d8e8deced3dbe32bdae8b4c cba7bfe12526cbcd6faac702e946fa81ef6f14ec 4dd0d6fa307f483c9461f38df7b05ff4adc66969331537cd4891d06ecf543a47 Loading...

		Size	First Seen	Last Seen
	#1 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07	2024-05-05
Pretty Observations First Seen2023-03-07 01:03:24 Last Seen2024-05-05 12:40:21 Times Seen44752 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

HTTP Transactions (20)

URL IP Response Size

demonstationfukewko.shop/apiu

172.67.147.169

403 Forbidden

5.9 kB

URL User Request GET HTTP/1.1
demonstationfukewko.shop/apiu
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14393), with no line terminators
Size
5.9 kB (5863 bytes)
Hash
983e007641886eba5bce105dc18005a0
0a688e0e88ece00b778e3ca9bc49e13ce6c3db4f
3727714959d7952e032fb93a4db2757b7e4d2ce4c9db02e7f8f59b28504b635f

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

GET /apiu HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: CQ5svtpgZ7XyrU1MygGP7Umniz9yzX1CRijed7xxyZnYNUxlyAu0gy9BJRF4B0cLSJiFNXW4xXACoFyQYmffJeAy/spsqO0nMse9WsSqSj2Q2IgpzOrp1D+LU7Miz4+EfPjsAJ8MLMskWA48yKQwfA==$XLk1+5rv9UZPGmHxvD4Gtw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GiId3BPRt2iKdA7mZkx0%2BVulPXkcFyA8%2F3Hp44ihliPR3%2FwkNCGPK1mzyGdgirBzNcPUTFY%2BWd1k33e328toh3RJglmkRdfIKfHT40g1FXrB9lK1ZFhwHrJlPP921uE85GiUFZBRIrelELs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104b09b28b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a104b09b28b51d

172.67.147.169

113 kB

URL
demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a104b09b28b51d
IP
172.67.147.169:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
113 kB (112630 bytes)
Hash
0f20e8fc266b3f176abdf37349daac27
987d1100ed07db4c4db95286996e7b5cc4f8c6be
2a9c252bd6cd6a3c525be2035c11a764925eda02d1b2e0de7bc9ce4359e764dd

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a104b09b28b51d HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=MMdDg2UF2LZr9GOdI8AV6BKAFKmZcPkKPjvoOcTWSD0-1714076265-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRc6lftA7UmstwxckdV4Hd0k2IoFZZugBHy6iJXNeJnEWsEuEnZVunUAsbJM%2FaaXc6pyH2u%2FQz1l6KyPImSS2S5wiOo4%2FTnMioeXDD%2BFo7yx8IdUQ10Rnw9xetFD05aiFlftU5juLi9n7SE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104b20da2b515-OSL
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/favicon.ico

172.67.147.169

403 Forbidden

5.9 kB

URL GET HTTP/1.1
demonstationfukewko.shop/favicon.ico
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu

File type
HTML document, ASCII text, with very long lines (14511), with no line terminators
Size
5.9 kB (5938 bytes)
Hash
8a827c4938afc4d5c5388e4356b3648e
00a42581d8068a985f8b304c8bb401f1d366e569
19bd5c86c3f6101f233d7fbf2cccd43f9ece9fee682e5ac4086cede5b2e5f2bc

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=MMdDg2UF2LZr9GOdI8AV6BKAFKmZcPkKPjvoOcTWSD0-1714076265-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: YgiULYD0drwNfQ2zboRzrOyV6Gkq6p2lcglzXIrR9kiEAssZXJhJ8TGOjZmv5pU/fSCc5b3JfQ60ZYo/jepI8PlIAcu6fGv6RmxngGvZtCCwjAPwZysaIF9Wncmx3x5pcEwhjwjDx3Fb/65/Uuk5Fw==$kbcq9weU4Dqby9JTZB0Q+A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lu7HaV0hLYooP%2BHeYW%2FCersPK0jXFCR4tp8rgD0qT%2Fwvh%2FVm0JlC3s9rREOWzgR9RLMpHvYRtdHX0bkd2tsin2eig6qPtDIM7Y%2B14zzvdMQM%2F2%2BaOSGAhpb38C6kXMKLDlSaOF4f%2BUiunk0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104b25ddab515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/favicon.ico

172.67.147.169

403 Forbidden

5.9 kB

URL GET HTTP/1.1
demonstationfukewko.shop/favicon.ico
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu

File type
HTML document, ASCII text, with very long lines (14425), with no line terminators
Size
5.9 kB (5869 bytes)
Hash
96985fc80e614afa3c6eac4def4fac66
d8cd6deb38f4df1eb2f39bd4345695293f3d7bee
be2ad00a218a4d7098242ffc36c55570ad0a98e0bbdafd39f0eb561fc6947fbe

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 0CHG7M9sfS6jAWfLVev8OU7ZEIGXpRIai6iuhMEJVr2jnBqtZVQUinT11QMrMZPM4bDTrnykxAszYX6QGKm3GMXMCD2fw4vqorvN0MM25w12oZejvg6Xf8/Po17iutuyevkstymWHaQWEzuVsjGn6g==$3hgehDuKqX9VpQLoVU52bw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ybvl3y8mXVrzDWq3QRdT2ZJK50OG1VD2PVCrPsEwaDTEUgIMxL9gSfNiXNN6kZ0KyTyEgDmOFRzHE8r6kQLqTJgW3XAEfMQt9COu6qxuK%2BSCQNrLpU0EbW1Q4c8hj8dAhdES8fblQ9KpAf0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104b29df0b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77

172.67.147.169

12 kB

URL
demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77
IP
172.67.147.169:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (15976), with no line terminators
Size
12 kB (12163 bytes)
Hash
7bd47461ebe56fbaafd9abc116568fef
0a2500d11411b960b8d9287a869ae746dd69ad32
61ff6bfe0060463863e1011e39731a7e541a93e557e08764572a28af8914b23c

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
Content-type: application/x-www-form-urlencoded
CF-Challenge: e0ab39e787d8e77
Content-Length: 1877
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: B23YvITM36geIf2Yn9udQaDvWwrg2YQYMs2jWYrGCil4KX0iFasLrpPbcM1yMuJm$Tw43Ah9J0X1Un4SwhWFIfg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3OGQ1avY1OwEKdhuh1VSMGvzLVLIFbKIjfGLgiHG463WzK9oXMCSg4TYWX5Pqi%2FQlRk%2Fu1Yhkn9ZTdiqkWFMa16VFV%2BOSbEX3jG0uprQNd6Z36NdWQx77mnqVffrMsCUrO7HNPrCGJwp9U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104b36a53b523-OSL
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

104.17.2.184

26 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41702)
Size
26 kB (25665 bytes)
Hash
007e6773f6123c00a81edf8902511e25
aee5fc1c46972b51fc5ac90c8847cbb9688d2117
79ee3be0a901068a19a8cae18f50de308bf4bd86b256e7ffde69ef5d1a104ed5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:45 GMT
content-type: text/html; charset=UTF-8
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 87a104b42ddeb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a104b42ddeb521

104.17.2.184

175 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a104b42ddeb521
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
175 kB (174682 bytes)
Hash
66512dc19adc6ea42eca6a890b6844eb
b1d2a954db42d8bd54a2ea42294813abca267407
02b457f432566db1eead8dc766019194fb2e0a3abf1dbb443bc8bee18ac844db

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a104b42ddeb521 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:45 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87a104b4be7ab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a104b42ddeb521/1714076266026/1Xa3nT736-deOnf

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a104b42ddeb521/1714076266026/1Xa3nT736-deOnf
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 57 x 28, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
facd0ccf87256f20657708b7efc46dc6
d9d581baed0c3d174fd2af566a8893a20d3b6e65
ef616abc63e6de0365e7f4034632305ea066e2811d936da8030c3fb569c412a5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/87a104b42ddeb521/1714076266026/1Xa3nT736-deOnf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:47 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a104bd0821b521-OSL
alt-svc: h3=":443"; ma=86400

demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77

172.67.147.169

1.8 kB

URL
demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77
IP
172.67.147.169:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2332), with no line terminators
Size
1.8 kB (1802 bytes)
Hash
b5663232e7ff04eae487772d06d8fcab
ed7403b327619a14cc10134e864859476c2b0574
990dc391ae5b56d97aba39340d89a176b6e3db2739306972d9481d35c197cd9a

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
Content-type: application/x-www-form-urlencoded
CF-Challenge: e0ab39e787d8e77
Content-Length: 2534
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: i3jjx3Ayj7/kREnI/+PfLAwKdT/j57UtpemCMtcXT4AXkwyYBz6vkOrztiRdrT4Yr/cHyamgvTG1VSOiGu4Sviz9LXMBdU0mLMRQRc7KhS0=$9tklsKAisjKCQ2dzIy3MFg==
cf-chl-out: xqfEveiHOV3bJzMZ9WkdVo6Ar4HZW0GI9i92c1TVHZvaXaMRSVGOHIFj6NyljCfpRAFNY7HXdzelqekiK+7HWIux+vPDGOlbVUN4GgdQXyg=$wrVTexOc9ifCP3bFLdZTSQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OP%2B6bClHMbDLx8Ew%2BJfrfAzAuH8vBYoIPWJxc6jHsn8Z3WVYH6UCRYVeyd%2B%2FbbNDVApww5cWi2o7GGgRWfu8tVzD%2BvoJ6tJacRRXYM8TWZghMP2Bdjq3laF3c%2Bls6IKsrPW3g6MsAYTEUpY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104e4bfd0b523-OSL
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/apiu

172.67.147.169

403 Forbidden

5.9 kB

URL User Request GET HTTP/1.1
demonstationfukewko.shop/apiu
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (14413), with no line terminators
Size
5.9 kB (5874 bytes)
Hash
d58d961041dba9bd6d6ad3bdfaeeb76c
1b1a42c5517fe1a0cc4e01a99188642ffae53f09
0b5e94586be553a7f32bc8583442725a347454388f01b1ddc549cfaee2de5332

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)
suricata	high	ThreatFox botnet C2 traffic (url - confidence level: 100%)

HTTP Headers

GET /apiu HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: HMtoAMSIoHyRhPd0f4DcLZabYlcquLlc3V968S9WnR9U6f3wrniXhkZSbUNzkk0gzJCnxAdwm8jWhhxpkJAziWbeIbtv2zlIdSl5+CyCrDa7bQjDum/l/Ou8IDO2TG3GFEZ2vBHPxSbUbepIDJhI5w==$ou/tZi/i5InuJ+KOYFwNGw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DAbJQqgBZC7rpdS%2F65aeSnhG4na6dGrmHpGjHTXJua5e2kA62%2Bh2Y4oBm1nOuYS4R9nETd0Hf7mxH81j03x8%2FPbZ94pNmcLmsEXVfOkp%2BDLtqq4LuIOdLPeS%2FQ0PwUrWtvL%2FS0cQYVmB8sY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104f198ccb523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523

172.67.147.169

200 OK

111 kB

URL GET HTTP/1.1
demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
111 kB (110898 bytes)
Hash
5a88188cec6538e781a7bc15a7a58e9d
4552dbfc140e4c52d2e4aec039d28e3599d265ca
56e6f94ed38fdd4f82043397deb9c112231ac2154f6e33b28b9a59e03cb94dc3

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=gPOhVe4SRvN.pq3dwHn_FF1HveqYNjCe7u0j2wDXsoc-1714076275-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6R%2FJCkg4Lr3xj64bE1gdJuDHjYtxUMn37chmAdH1OBS4Wi0qfP3HX9EyEaIwMlWT2ewVerTxeRx9x70twMdqln4t%2FqHfuMra2uvXYiUuG9UlG37%2F49sgh%2BlOqQWkdh5%2B1hmOiVJqORczj0k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104f20b5156ba-OSL
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/favicon.ico

172.67.147.169

403 Forbidden

6.0 kB

URL GET HTTP/1.1
demonstationfukewko.shop/favicon.ico
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu

File type
HTML document, ASCII text, with very long lines (14532), with no line terminators
Size
6.0 kB (5966 bytes)
Hash
cb1b387cff0af9f90fcc80708ec7a232
3f3335f3379caa87c8210ed8a18e0fd406dbdf97
45110e273c3092386e0c81af8061c57fe572d602acdc7a962c1e7d25f4cc8e96

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=gPOhVe4SRvN.pq3dwHn_FF1HveqYNjCe7u0j2wDXsoc-1714076275-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: UYL1SS35U51jTXOWpcI4Ko6qFBAr40et2iKirHFcfuvOEducvb+ZIDlYanBBqDY+ePezcK/GNDMPSKSgZGM4zxvQoYJe3PUoDsZE7IsGBamKvvp/Eu1klSKCc9qj7ICgiGqixmJiLLHkPP05gsclUg==$DunFustnRbcCA3mqbFikIg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xy%2FLFIrXzj9rF9ORutLWGY40lvPKcBYhWR7ShrEe3j7AG7BRuKOdheeYYQs6HPojUosu93q%2FqCGp3E26quqstdYk7sQ5EEXOy5qw3JT%2FOCgqZE4RlnuSO4ZxcRljZ%2Fbd9kLCtlpLVz%2FvJ1Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104f25bda56ba-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/favicon.ico

172.67.147.169

403 Forbidden

5.9 kB

URL GET HTTP/1.1
demonstationfukewko.shop/favicon.ico
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu

File type
HTML document, ASCII text, with very long lines (14447), with no line terminators
Size
5.9 kB (5884 bytes)
Hash
1eb1a191511a701cc97bdf7630b8a9ea
4c630ba33770ad1e10841c706e93eb12dc20a6e9
923037b63300593ec8f13e025140bda9d7d10278aa715d24af3b7f2013431a03

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: z1sMlGYyrED416P9BRQCkgNujgTAMlSptHPgnvPzuo7hdpRG/xf2/WsfRhjo3B7fd2764USPdgaePWl/L7JHuqP1WDNJEys00mugsxxHcy7EksHMfgt9mkAo3i59QjtTY5eLz9IdO7dbErYR4jJRzQ==$LOc8ORiztCGtuesi6uPEfQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z7O0X53rrKHtBzHixke%2FzHJ%2Be0AI5PFbTxIb1%2FogVTlVB%2B6fcWguRTg%2FpXIEFTGht8JivD2VzHkAjp0KmjpKVZEhQkdgt2xowRdnoogu2FODoWB9DJj%2B31YUzn2apghcN3dwAS8irGtbRjQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104f2b8685699-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/192171137:1714072494:s-C_pulXBI37S9a0C0S3jRyizfsY62kV3BJNqvVvdDI/87a104f198ccb523/07022420168a183

172.67.147.169

200 OK

12 kB

URL POST HTTP/1.1
demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/192171137:1714072494:s-C_pulXBI37S9a0C0S3jRyizfsY62kV3BJNqvVvdDI/87a104f198ccb523/07022420168a183
IP
172.67.147.169:80
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu

File type
ASCII text, with very long lines (16396), with no line terminators
Size
12 kB (12475 bytes)
Hash
ce6a424ed57770533ba96d5b7fedb05c
9758c22f7b604ac37812b1bcc6d8aea57382e188
a391c624ee5fae2e3198b03c74432a294cc4d6f44193d42d1f2b491bf72b5d12

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Lumma Stealer
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/192171137:1714072494:s-C_pulXBI37S9a0C0S3jRyizfsY62kV3BJNqvVvdDI/87a104f198ccb523/07022420168a183 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
Content-type: application/x-www-form-urlencoded
CF-Challenge: 07022420168a183
Content-Length: 1852
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: oyNuw7wVAuaZVnqzdxZMwlIVr7J17KYsCoCsA3RDjRJzf8ym4vEBkk3w87n5l5G7$i6EWqIuCsVF/WXYte2Ousg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fab90YDTEVVPp5F1Mo1Mr5F1h%2Bt3fT872%2BB2StGjPTeEdrsP1Zn61axewTR8zTg7MfnfQ3qF%2FKKUOO3%2BLLowweiygKLHOR5NuCnin0hJgB3lzMu1X7JRU9%2BKwplqMdV5WF%2Bhx%2BUAxqs1peU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104f38c1cb523-OSL
alt-svc: h2=":443"; ma=60

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal

104.17.2.184

200 OK

26 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (41702)
Size
26 kB (25641 bytes)
Hash
0e6881d5aef9098e741c1db08efbc785
39e0244e9d87f6c76dd5ca2d88fc07cc57bc2ef4
55aff78f0d42f7e0a1800adcd2cb2dbb235986b47a9c7a940f518bd86421416d

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:55 GMT
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
vary: accept-encoding
server: cloudflare
cf-ray: 87a104f49ed4b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1525957568:1714072456:WpYJLUzNt7RS0ZiY8jUaqP3Q5Xgv7DfZdsonVgB4on8/87a104f49ed4b521/0b55b31bdd7ead5

104.17.2.184

200 OK

134 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1525957568:1714072456:WpYJLUzNt7RS0ZiY8jUaqP3Q5Xgv7DfZdsonVgB4on8/87a104f49ed4b521/0b55b31bdd7ead5
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
134 kB (134248 bytes)
Hash
cbf9ed026d132c4d8606440e6774bc82
906aa1a18fec9c42c86c3ac50cfeac8a6c3b60ee
54520882ef246372f8c8feab969e3306c2579c00b07116b733e2a61a7eb8bc29

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1525957568:1714072456:WpYJLUzNt7RS0ZiY8jUaqP3Q5Xgv7DfZdsonVgB4on8/87a104f49ed4b521/0b55b31bdd7ead5 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 0b55b31bdd7ead5
Content-Length: 3511
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:56 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: C0ezSAyo8dSBv7jC66E9Q8yFyRAtrm/+YdfKkRYW3Qq0/M6yrAyT30Rc/UqJpBnFm78osgbyuvB+JTxZq4XgOnrh4mzTpCigwez/xtg8FxdJGuKJKpsT58rw8aF9t620XvaCkC7O6Xj1jkL6yDvaGzAp9QRuoMzXHBdidPPWJN483LSg8wUCxPZITt/kL+BCOq7xsczOI/9b42t8hKHKs5e99E7e0pCpg+eDvG3iaB+0Lg3IjwMPFW2MMnJx/flG7aYdt7j4juVtXIOu7/F+wS16D5h7oQw4bXSBgRvo/I8bnAUti85OYQl09HvqPkn3nEHnos338ikKPR/eMMDlb/Gh4dGnizq3QLmxTiOmOJZCvaAY1E75tHQt3SY0hp8KNl2aXWGvos+LQaj3A2ximLREZ0zO9iirU6mjs+K8iJ/l8g4bJWMtCk+H+qqfaK3Da2iYhhZpxzYFGdm4HOs3Pw==$HEC7jSE+20gEQVWVOms5aA==
vary: accept-encoding
server: cloudflare
cf-ray: 87a104f7ba00b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87a104f49ed4b521/1714076276461/dYC2iJ8ffQgRCge

104.17.2.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87a104f49ed4b521/1714076276461/dYC2iJ8ffQgRCge
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 24 x 55, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
3acb0639e2bfd4edc813579bd5dac4c1
433c1f5b93d12b2a28384f09cb50701633f8b8ab
7df91115069d79e0b2026db934c3772c7ed11bcba33fd0dd7bae74d17f72f2ac

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/87a104f49ed4b521/1714076276461/dYC2iJ8ffQgRCge HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:58 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a105049ac9b521-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit

104.17.2.184

200 OK

43 kB

URL GET HTTP/3
challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
http://demonstationfukewko.shop/apiu
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42565)
Size
43 kB (42566 bytes)
Hash
65b0a652c40c95d12c4ddb3b4567c1ea
c654efa19d01d6553ed4e0f500d350011e023ad1
c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7

HTTP Headers

GET /turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:55 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a104f2bcafb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.17.2.184

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:56 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87a104f58fb5b521-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521

104.17.2.184

200 OK

441 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521
IP
104.17.2.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Certificate
IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
441 kB (440649 bytes)
Hash
33e9243545ccd24b203a7f0c441af02c
e59707d1b80fcc22a1d8b24aade9a9122f331fd0
8a44f9e79647f3f2caa5ad534b4d618ee697ec93d32a31bd39d221e29f421a7d

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87a104f58fc4b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (83)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations