| demonstationfukewko.shop/apiu | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1demonstationfukewko.shop/apiu IP172.67.147.169:80
File typeHTML document, ASCII text, with very long lines (14393), with no line terminators Hash983e007641886eba5bce105dc18005a0 0a688e0e88ece00b778e3ca9bc49e13ce6c3db4f 3727714959d7952e032fb93a4db2757b7e4d2ce4c9db02e7f8f59b28504b635f
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
NIDS | Severity | Alert | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) |
GET /apiu HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: CQ5svtpgZ7XyrU1MygGP7Umniz9yzX1CRijed7xxyZnYNUxlyAu0gy9BJRF4B0cLSJiFNXW4xXACoFyQYmffJeAy/spsqO0nMse9WsSqSj2Q2IgpzOrp1D+LU7Miz4+EfPjsAJ8MLMskWA48yKQwfA==$XLk1+5rv9UZPGmHxvD4Gtw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GiId3BPRt2iKdA7mZkx0%2BVulPXkcFyA8%2F3Hp44ihliPR3%2FwkNCGPK1mzyGdgirBzNcPUTFY%2BWd1k33e328toh3RJglmkRdfIKfHT40g1FXrB9lK1ZFhwHrJlPP921uE85GiUFZBRIrelELs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104b09b28b51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a104b09b28b51d | 172.67.147.169 | | 113 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a104b09b28b51d IP172.67.147.169:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (112630 bytes) Hash0f20e8fc266b3f176abdf37349daac27 987d1100ed07db4c4db95286996e7b5cc4f8c6be 2a9c252bd6cd6a3c525be2035c11a764925eda02d1b2e0de7bc9ce4359e764dd
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87a104b09b28b51d HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=MMdDg2UF2LZr9GOdI8AV6BKAFKmZcPkKPjvoOcTWSD0-1714076265-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRc6lftA7UmstwxckdV4Hd0k2IoFZZugBHy6iJXNeJnEWsEuEnZVunUAsbJM%2FaaXc6pyH2u%2FQz1l6KyPImSS2S5wiOo4%2FTnMioeXDD%2BFo7yx8IdUQ10Rnw9xetFD05aiFlftU5juLi9n7SE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104b20da2b515-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/apiu
File typeHTML document, ASCII text, with very long lines (14511), with no line terminators Hash8a827c4938afc4d5c5388e4356b3648e 00a42581d8068a985f8b304c8bb401f1d366e569 19bd5c86c3f6101f233d7fbf2cccd43f9ece9fee682e5ac4086cede5b2e5f2bc
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=MMdDg2UF2LZr9GOdI8AV6BKAFKmZcPkKPjvoOcTWSD0-1714076265-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: YgiULYD0drwNfQ2zboRzrOyV6Gkq6p2lcglzXIrR9kiEAssZXJhJ8TGOjZmv5pU/fSCc5b3JfQ60ZYo/jepI8PlIAcu6fGv6RmxngGvZtCCwjAPwZysaIF9Wncmx3x5pcEwhjwjDx3Fb/65/Uuk5Fw==$kbcq9weU4Dqby9JTZB0Q+A==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lu7HaV0hLYooP%2BHeYW%2FCersPK0jXFCR4tp8rgD0qT%2Fwvh%2FVm0JlC3s9rREOWzgR9RLMpHvYRtdHX0bkd2tsin2eig6qPtDIM7Y%2B14zzvdMQM%2F2%2BaOSGAhpb38C6kXMKLDlSaOF4f%2BUiunk0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104b25ddab515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/apiu
File typeHTML document, ASCII text, with very long lines (14425), with no line terminators Hash96985fc80e614afa3c6eac4def4fac66 d8cd6deb38f4df1eb2f39bd4345695293f3d7bee be2ad00a218a4d7098242ffc36c55570ad0a98e0bbdafd39f0eb561fc6947fbe
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 0CHG7M9sfS6jAWfLVev8OU7ZEIGXpRIai6iuhMEJVr2jnBqtZVQUinT11QMrMZPM4bDTrnykxAszYX6QGKm3GMXMCD2fw4vqorvN0MM25w12oZejvg6Xf8/Po17iutuyevkstymWHaQWEzuVsjGn6g==$3hgehDuKqX9VpQLoVU52bw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ybvl3y8mXVrzDWq3QRdT2ZJK50OG1VD2PVCrPsEwaDTEUgIMxL9gSfNiXNN6kZ0KyTyEgDmOFRzHE8r6kQLqTJgW3XAEfMQt9COu6qxuK%2BSCQNrLpU0EbW1Q4c8hj8dAhdES8fblQ9KpAf0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104b29df0b4ee-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 | 172.67.147.169 | | 12 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 IP172.67.147.169:0
File typeASCII text, with very long lines (15976), with no line terminators Hash7bd47461ebe56fbaafd9abc116568fef 0a2500d11411b960b8d9287a869ae746dd69ad32 61ff6bfe0060463863e1011e39731a7e541a93e557e08764572a28af8914b23c
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
Content-type: application/x-www-form-urlencoded
CF-Challenge: e0ab39e787d8e77
Content-Length: 1877
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:45 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: B23YvITM36geIf2Yn9udQaDvWwrg2YQYMs2jWYrGCil4KX0iFasLrpPbcM1yMuJm$Tw43Ah9J0X1Un4SwhWFIfg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3OGQ1avY1OwEKdhuh1VSMGvzLVLIFbKIjfGLgiHG463WzK9oXMCSg4TYWX5Pqi%2FQlRk%2Fu1Yhkn9ZTdiqkWFMa16VFV%2BOSbEX3jG0uprQNd6Z36NdWQx77mnqVffrMsCUrO7HNPrCGJwp9U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104b36a53b523-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash007e6773f6123c00a81edf8902511e25 aee5fc1c46972b51fc5ac90c8847cbb9688d2117 79ee3be0a901068a19a8cae18f50de308bf4bd86b256e7ffde69ef5d1a104ed5
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:45 GMT
content-type: text/html; charset=UTF-8
referrer-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 87a104b42ddeb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a104b42ddeb521 | 104.17.2.184 | | 175 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a104b42ddeb521 IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size175 kB (174682 bytes) Hash66512dc19adc6ea42eca6a890b6844eb b1d2a954db42d8bd54a2ea42294813abca267407 02b457f432566db1eead8dc766019194fb2e0a3abf1dbb443bc8bee18ac844db
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a104b42ddeb521 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:45 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87a104b4be7ab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a104b42ddeb521/1714076266026/1Xa3nT736-deOnf | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a104b42ddeb521/1714076266026/1Xa3nT736-deOnf IP104.17.2.184:0
File typePNG image data, 57 x 28, 8-bit/color RGB, non-interlaced Hashfacd0ccf87256f20657708b7efc46dc6 d9d581baed0c3d174fd2af566a8893a20d3b6e65 ef616abc63e6de0365e7f4034632305ea066e2811d936da8030c3fb569c412a5
GET /cdn-cgi/challenge-platform/h/b/i/87a104b42ddeb521/1714076266026/1Xa3nT736-deOnf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/zjv94/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:47 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a104bd0821b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 | 172.67.147.169 | | 1.8 kB |
URL demonstationfukewko.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 IP172.67.147.169:0
File typeASCII text, with very long lines (2332), with no line terminators Hashb5663232e7ff04eae487772d06d8fcab ed7403b327619a14cc10134e864859476c2b0574 990dc391ae5b56d97aba39340d89a176b6e3db2739306972d9481d35c197cd9a
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/412841546:1714073085:QzHq3wf6Y7tYRWbpHxBOrviiZmFrOKO__fEzpWhr29Y/87a104b09b28b51d/e0ab39e787d8e77 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
Content-type: application/x-www-form-urlencoded
CF-Challenge: e0ab39e787d8e77
Content-Length: 2534
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: i3jjx3Ayj7/kREnI/+PfLAwKdT/j57UtpemCMtcXT4AXkwyYBz6vkOrztiRdrT4Yr/cHyamgvTG1VSOiGu4Sviz9LXMBdU0mLMRQRc7KhS0=$9tklsKAisjKCQ2dzIy3MFg==
cf-chl-out: xqfEveiHOV3bJzMZ9WkdVo6Ar4HZW0GI9i92c1TVHZvaXaMRSVGOHIFj6NyljCfpRAFNY7HXdzelqekiK+7HWIux+vPDGOlbVUN4GgdQXyg=$wrVTexOc9ifCP3bFLdZTSQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OP%2B6bClHMbDLx8Ew%2BJfrfAzAuH8vBYoIPWJxc6jHsn8Z3WVYH6UCRYVeyd%2B%2FbbNDVApww5cWi2o7GGgRWfu8tVzD%2BvoJ6tJacRRXYM8TWZghMP2Bdjq3laF3c%2Bls6IKsrPW3g6MsAYTEUpY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104e4bfd0b523-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/apiu | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1demonstationfukewko.shop/apiu IP172.67.147.169:80
File typeHTML document, ASCII text, with very long lines (14413), with no line terminators Hashd58d961041dba9bd6d6ad3bdfaeeb76c 1b1a42c5517fe1a0cc4e01a99188642ffae53f09 0b5e94586be553a7f32bc8583442725a347454388f01b1ddc549cfaee2de5332
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
NIDS | Severity | Alert | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) |
GET /apiu HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: HMtoAMSIoHyRhPd0f4DcLZabYlcquLlc3V968S9WnR9U6f3wrniXhkZSbUNzkk0gzJCnxAdwm8jWhhxpkJAziWbeIbtv2zlIdSl5+CyCrDa7bQjDum/l/Ou8IDO2TG3GFEZ2vBHPxSbUbepIDJhI5w==$ou/tZi/i5InuJ+KOYFwNGw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DAbJQqgBZC7rpdS%2F65aeSnhG4na6dGrmHpGjHTXJua5e2kA62%2Bh2Y4oBm1nOuYS4R9nETd0Hf7mxH81j03x8%2FPbZ94pNmcLmsEXVfOkp%2BDLtqq4LuIOdLPeS%2FQ0PwUrWtvL%2FS0cQYVmB8sY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104f198ccb523-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523 | 172.67.147.169 | 200 OK | 111 kB |
URL GET HTTP/1.1demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523 IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/apiu
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size111 kB (110898 bytes) Hash5a88188cec6538e781a7bc15a7a58e9d 4552dbfc140e4c52d2e4aec039d28e3599d265ca 56e6f94ed38fdd4f82043397deb9c112231ac2154f6e33b28b9a59e03cb94dc3
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a104f198ccb523 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=gPOhVe4SRvN.pq3dwHn_FF1HveqYNjCe7u0j2wDXsoc-1714076275-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6R%2FJCkg4Lr3xj64bE1gdJuDHjYtxUMn37chmAdH1OBS4Wi0qfP3HX9EyEaIwMlWT2ewVerTxeRx9x70twMdqln4t%2FqHfuMra2uvXYiUuG9UlG37%2F49sgh%2BlOqQWkdh5%2B1hmOiVJqORczj0k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104f20b5156ba-OSL
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 6.0 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/apiu
File typeHTML document, ASCII text, with very long lines (14532), with no line terminators Hashcb1b387cff0af9f90fcc80708ec7a232 3f3335f3379caa87c8210ed8a18e0fd406dbdf97 45110e273c3092386e0c81af8061c57fe572d602acdc7a962c1e7d25f4cc8e96
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu?__cf_chl_rt_tk=gPOhVe4SRvN.pq3dwHn_FF1HveqYNjCe7u0j2wDXsoc-1714076275-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: UYL1SS35U51jTXOWpcI4Ko6qFBAr40et2iKirHFcfuvOEducvb+ZIDlYanBBqDY+ePezcK/GNDMPSKSgZGM4zxvQoYJe3PUoDsZE7IsGBamKvvp/Eu1klSKCc9qj7ICgiGqixmJiLLHkPP05gsclUg==$DunFustnRbcCA3mqbFikIg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xy%2FLFIrXzj9rF9ORutLWGY40lvPKcBYhWR7ShrEe3j7AG7BRuKOdheeYYQs6HPojUosu93q%2FqCGp3E26quqstdYk7sQ5EEXOy5qw3JT%2FOCgqZE4RlnuSO4ZxcRljZ%2Fbd9kLCtlpLVz%2FvJ1Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104f25bda56ba-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/favicon.ico | 172.67.147.169 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1demonstationfukewko.shop/favicon.ico IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/apiu
File typeHTML document, ASCII text, with very long lines (14447), with no line terminators Hash1eb1a191511a701cc97bdf7630b8a9ea 4c630ba33770ad1e10841c706e93eb12dc20a6e9 923037b63300593ec8f13e025140bda9d7d10278aa715d24af3b7f2013431a03
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: z1sMlGYyrED416P9BRQCkgNujgTAMlSptHPgnvPzuo7hdpRG/xf2/WsfRhjo3B7fd2764USPdgaePWl/L7JHuqP1WDNJEys00mugsxxHcy7EksHMfgt9mkAo3i59QjtTY5eLz9IdO7dbErYR4jJRzQ==$LOc8ORiztCGtuesi6uPEfQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z7O0X53rrKHtBzHixke%2FzHJ%2Be0AI5PFbTxIb1%2FogVTlVB%2B6fcWguRTg%2FpXIEFTGht8JivD2VzHkAjp0KmjpKVZEhQkdgt2xowRdnoogu2FODoWB9DJj%2B31YUzn2apghcN3dwAS8irGtbRjQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87a104f2b8685699-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/192171137:1714072494:s-C_pulXBI37S9a0C0S3jRyizfsY62kV3BJNqvVvdDI/87a104f198ccb523/07022420168a183 | 172.67.147.169 | 200 OK | 12 kB |
URL POST HTTP/1.1demonstationfukewko.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/192171137:1714072494:s-C_pulXBI37S9a0C0S3jRyizfsY62kV3BJNqvVvdDI/87a104f198ccb523/07022420168a183 IP172.67.147.169:80
Requested byhttp://demonstationfukewko.shop/apiu
File typeASCII text, with very long lines (16396), with no line terminators Hashce6a424ed57770533ba96d5b7fedb05c 9758c22f7b604ac37812b1bcc6d8aea57382e188 a391c624ee5fae2e3198b03c74432a294cc4d6f44193d42d1f2b491bf72b5d12
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/192171137:1714072494:s-C_pulXBI37S9a0C0S3jRyizfsY62kV3BJNqvVvdDI/87a104f198ccb523/07022420168a183 HTTP/1.1
Host: demonstationfukewko.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demonstationfukewko.shop/apiu
Content-type: application/x-www-form-urlencoded
CF-Challenge: 07022420168a183
Content-Length: 1852
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 20:17:55 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: oyNuw7wVAuaZVnqzdxZMwlIVr7J17KYsCoCsA3RDjRJzf8ym4vEBkk3w87n5l5G7$i6EWqIuCsVF/WXYte2Ousg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fab90YDTEVVPp5F1Mo1Mr5F1h%2Bt3fT872%2BB2StGjPTeEdrsP1Zn61axewTR8zTg7MfnfQ3qF%2FKKUOO3%2BLLowweiygKLHOR5NuCnin0hJgB3lzMu1X7JRU9%2BKwplqMdV5WF%2Bhx%2BUAxqs1peU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87a104f38c1cb523-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:443
Requested byhttp://demonstationfukewko.shop/apiu CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash0e6881d5aef9098e741c1db08efbc785 39e0244e9d87f6c76dd5ca2d88fc07cc57bc2ef4 55aff78f0d42f7e0a1800adcd2cb2dbb235986b47a9c7a940f518bd86421416d
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:55 GMT
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
vary: accept-encoding
server: cloudflare
cf-ray: 87a104f49ed4b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1525957568:1714072456:WpYJLUzNt7RS0ZiY8jUaqP3Q5Xgv7DfZdsonVgB4on8/87a104f49ed4b521/0b55b31bdd7ead5 | 104.17.2.184 | 200 OK | 134 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1525957568:1714072456:WpYJLUzNt7RS0ZiY8jUaqP3Q5Xgv7DfZdsonVgB4on8/87a104f49ed4b521/0b55b31bdd7ead5 IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size134 kB (134248 bytes) Hashcbf9ed026d132c4d8606440e6774bc82 906aa1a18fec9c42c86c3ac50cfeac8a6c3b60ee 54520882ef246372f8c8feab969e3306c2579c00b07116b733e2a61a7eb8bc29
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1525957568:1714072456:WpYJLUzNt7RS0ZiY8jUaqP3Q5Xgv7DfZdsonVgB4on8/87a104f49ed4b521/0b55b31bdd7ead5 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 0b55b31bdd7ead5
Content-Length: 3511
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:56 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: C0ezSAyo8dSBv7jC66E9Q8yFyRAtrm/+YdfKkRYW3Qq0/M6yrAyT30Rc/UqJpBnFm78osgbyuvB+JTxZq4XgOnrh4mzTpCigwez/xtg8FxdJGuKJKpsT58rw8aF9t620XvaCkC7O6Xj1jkL6yDvaGzAp9QRuoMzXHBdidPPWJN483LSg8wUCxPZITt/kL+BCOq7xsczOI/9b42t8hKHKs5e99E7e0pCpg+eDvG3iaB+0Lg3IjwMPFW2MMnJx/flG7aYdt7j4juVtXIOu7/F+wS16D5h7oQw4bXSBgRvo/I8bnAUti85OYQl09HvqPkn3nEHnos338ikKPR/eMMDlb/Gh4dGnizq3QLmxTiOmOJZCvaAY1E75tHQt3SY0hp8KNl2aXWGvos+LQaj3A2ximLREZ0zO9iirU6mjs+K8iJ/l8g4bJWMtCk+H+qqfaK3Da2iYhhZpxzYFGdm4HOs3Pw==$HEC7jSE+20gEQVWVOms5aA==
vary: accept-encoding
server: cloudflare
cf-ray: 87a104f7ba00b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87a104f49ed4b521/1714076276461/dYC2iJ8ffQgRCge | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87a104f49ed4b521/1714076276461/dYC2iJ8ffQgRCge IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 24 x 55, 8-bit/color RGB, non-interlaced Hash3acb0639e2bfd4edc813579bd5dac4c1 433c1f5b93d12b2a28384f09cb50701633f8b8ab 7df91115069d79e0b2026db934c3772c7ed11bcba33fd0dd7bae74d17f72f2ac
GET /cdn-cgi/challenge-platform/h/g/i/87a104f49ed4b521/1714076276461/dYC2iJ8ffQgRCge HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:58 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a105049ac9b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit | 104.17.2.184 | 200 OK | 43 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit IP104.17.2.184:443
Requested byhttp://demonstationfukewko.shop/apiu CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42565) Hash65b0a652c40c95d12c4ddb3b4567c1ea c654efa19d01d6553ed4e0f500d350011e023ad1 c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7
GET /turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://demonstationfukewko.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:55 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a104f2bcafb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:56 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87a104f58fb5b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521 | 104.17.2.184 | 200 OK | 441 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521 IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size441 kB (440649 bytes) Hash33e9243545ccd24b203a7f0c441af02c e59707d1b80fcc22a1d8b24aade9a9122f331fd0 8a44f9e79647f3f2caa5ad534b4d618ee697ec93d32a31bd39d221e29f421a7d
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a104f49ed4b521 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/gln2b/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 20:17:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87a104f58fc4b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|