| r10.o.lencr.org/ |  23.33.119.27 | | 504 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashc7f43a788b6f159463a3b8b7572b816f d7fd6a725850093f694c73672a69e5ee891991cb 96e1335a5f49d6c112461a07753b29c3e14455c1f9a73c6c69bec65ec0cc4142
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "96E1335A5F49D6C112461A07753B29C3E14455C1F9A73C6C69BEC65EC0CC4142"
Last-Modified: Fri, 20 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8698
Expires: Sat, 21 Sep 2024 19:08:54 GMT
Date: Sat, 21 Sep 2024 16:43:56 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.33.119.27 | | 504 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hashd53da2de4fc4634a067495f858d15c81 be0d08371e49c3ff6bb6eb6760b0142bb5e49181 a4dfb633c3d6c80962fe436220800f7f6fac707a55806bfc1757d4fa49af8cdc
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A4DFB633C3D6C80962FE436220800F7F6FAC707A55806BFC1757D4FA49AF8CDC"
Last-Modified: Fri, 20 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10200
Expires: Sat, 21 Sep 2024 19:33:56 GMT
Date: Sat, 21 Sep 2024 16:43:56 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.33.119.27 | | 504 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash16bea3ffe29b9735fad4571ef8803b94 6f860655a49c7f758f856e75d1a66ecd16399610 1e2d60a034b27bc9479b7c4d22c5549b83de2ee7dc1928436e42361f9b657709
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1E2D60A034B27BC9479B7C4D22C5549B83DE2EE7DC1928436E42361F9B657709"
Last-Modified: Sat, 21 Sep 2024 06:50:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8120
Expires: Sat, 21 Sep 2024 18:59:16 GMT
Date: Sat, 21 Sep 2024 16:43:56 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.33.119.27 | | 504 B |
IP23.33.119.27:0 ASN#20940 Akamai International B.V.
Hash18c18929295da072e565830bef9bc83f 51e2f8f748e303427e08b82b1bd7ec9181fad6a0 d5d38a421b62d5dc17fad4af813d4199dafff91cc7c3574703a991d328763756
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D5D38A421B62D5DC17FAD4AF813D4199DAFFF91CC7C3574703A991D328763756"
Last-Modified: Sat, 21 Sep 2024 03:10:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4790
Expires: Sat, 21 Sep 2024 18:03:46 GMT
Date: Sat, 21 Sep 2024 16:43:56 GMT
Connection: keep-alive
|
|
| matomo.41eak.life/piwik.php?action_name=redgifs%20misty%20silver%20misty%20silver%20aka%20thecutestkittycat%20&idsite=1&rec=1&r=506384&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=be8a7e6b64c35b65&_idn=1&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=4P1Sm6&pf_net=27&pf_srv=87&pf_tfr=1&pf_dm1=57&uadata=%7B%7D |  172.67.138.184 | | 0 B |
URL matomo.41eak.life/piwik.php?action_name=redgifs%20misty%20silver%20misty%20silver%20aka%20thecutestkittycat%20&idsite=1&rec=1&r=506384&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=be8a7e6b64c35b65&_idn=1&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=4P1Sm6&pf_net=27&pf_srv=87&pf_tfr=1&pf_dm1=57&uadata=%7B%7D IP172.67.138.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /piwik.php?action_name=redgifs%20misty%20silver%20misty%20silver%20aka%20thecutestkittycat%20&idsite=1&rec=1&r=506384&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=be8a7e6b64c35b65&_idn=1&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=4P1Sm6&pf_net=27&pf_srv=87&pf_tfr=1&pf_dm1=57&uadata=%7B%7D HTTP/1.1
Host: matomo.41eak.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://of1eak.life
DNT: 1
Connection: keep-alive
Referer: https://of1eak.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 21 Sep 2024 16:43:57 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://of1eak.life
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lj4Bn4h3rhNLsvKzhpafaDvSpLVu5q3WGi%2FR4CuFmpUsbkIeTevNaFwf15%2BNxhfd6ZNrjOM9smFNjAwAhQuO2kjbZ9fMIDutHcJz5gvvdPKBqApWibdhJ3vNKAeDZPshf6ddGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c6b8464ac875696-OSL
X-Firefox-Spdy: h2
|
|
| matomo.41eak.life/piwik.js | 172.67.138.184 | | 22 kB |
URL matomo.41eak.life/piwik.js IP172.67.138.184:0
File typeJavaScript source, ASCII text, with very long lines (1601) Hasha3a7245d6daf7d31d2069c0ba05879dd ec1bf464889e71aec1ced6d8361a26c76e4a1460 d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693
GET /piwik.js HTTP/1.1
Host: matomo.41eak.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://of1eak.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:57 GMT
content-type: application/javascript
last-modified: Sat, 08 Jul 2023 19:37:26 GMT
etag: W/"64a9baf6-10132"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 4655232
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oih74eJ5aOPwn9GSTkt4A9MDkglM52I5NSlNyAR5NpFyLE0jfdlY4FpNGuN8GzpGgvn92pRlDaAEVixgZigCvZUgX8smaHZh8447i9Tx6JTG%2BgkOIOlpZqdCOlugn%2BE4CP4J9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c6b84640b325696-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| matomo.41eak.life/piwik.php?idgoal=1&idsite=1003&rec=1&r=021791&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=dfb27c18d55bee78&_idn=0&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=VjL75L&uadata=%7B%7D | 172.67.138.184 | | 0 B |
URL matomo.41eak.life/piwik.php?idgoal=1&idsite=1003&rec=1&r=021791&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=dfb27c18d55bee78&_idn=0&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=VjL75L&uadata=%7B%7D IP172.67.138.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /piwik.php?idgoal=1&idsite=1003&rec=1&r=021791&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=dfb27c18d55bee78&_idn=0&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=VjL75L&uadata=%7B%7D HTTP/1.1
Host: matomo.41eak.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://of1eak.life
DNT: 1
Connection: keep-alive
Referer: https://of1eak.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 21 Sep 2024 16:43:58 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://of1eak.life
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kMCqzooWmHvPygp%2BlHuj7g9QOCZ3TS7ORsMvjX%2FdiMWc0RoVBqau0njMtW5Uc6gI0%2BcKtxHFFN1pkRMgeaqikKEx4lNdj5N%2BTk9wkgwxTue%2BOOyonkMj6YcOkxvsorUIR2uxLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c6b84699da35696-OSL
X-Firefox-Spdy: h2
|
|
| r11.o.lencr.org/ | 23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hashe004fdf95a45676551f61ab6d8790e30 d56dfd42075d67d323f93ad3ff535e553f46756d 5139af7b8d8c8c3be44daa5a5f5a23481938fdf88d165ad83b3a42c6f055f81a
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5139AF7B8D8C8C3BE44DAA5A5F5A23481938FDF88D165AD83B3A42C6F055F81A"
Last-Modified: Fri, 20 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9235
Expires: Sat, 21 Sep 2024 19:17:54 GMT
Date: Sat, 21 Sep 2024 16:43:59 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hashe004fdf95a45676551f61ab6d8790e30 d56dfd42075d67d323f93ad3ff535e553f46756d 5139af7b8d8c8c3be44daa5a5f5a23481938fdf88d165ad83b3a42c6f055f81a
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5139AF7B8D8C8C3BE44DAA5A5F5A23481938FDF88D165AD83B3A42C6F055F81A"
Last-Modified: Fri, 20 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9235
Expires: Sat, 21 Sep 2024 19:17:54 GMT
Date: Sat, 21 Sep 2024 16:43:59 GMT
Connection: keep-alive
|
|
| r11.o.lencr.org/ | 23.33.119.57 | | 504 B |
IP23.33.119.57:0 ASN#20940 Akamai International B.V.
Hashe004fdf95a45676551f61ab6d8790e30 d56dfd42075d67d323f93ad3ff535e553f46756d 5139af7b8d8c8c3be44daa5a5f5a23481938fdf88d165ad83b3a42c6f055f81a
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5139AF7B8D8C8C3BE44DAA5A5F5A23481938FDF88D165AD83B3A42C6F055F81A"
Last-Modified: Fri, 20 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9235
Expires: Sat, 21 Sep 2024 19:17:54 GMT
Date: Sat, 21 Sep 2024 16:43:59 GMT
Connection: keep-alive
|
|
| sowhyatdngthwlkthdo.life/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c6b846c5add0b41 |  188.114.96.1 | 200 OK | 65 kB |
URL GET HTTP/2sowhyatdngthwlkthdo.life/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c6b846c5add0b41 IP188.114.96.1:443
Requested byhttps://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003 CertificateIssuerGoogle Trust Services Subjectsowhyatdngthwlkthdo.life Fingerprint45:88:9F:BF:42:48:C7:42:2E:F5:5B:A4:DB:47:A5:BB:2D:0B:96:EE ValidityWed, 14 Aug 2024 18:12:05 GMT - Tue, 12 Nov 2024 18:12:04 GMT
File typeHTML document, ASCII text, with very long lines (65536), with no line terminators Hash2e2c9357d0fa686aec6db0dbf52444e2 e105ea83a05f644d02a1654a7d6f2d62fa11e3a5 0b1c03a366d2491ec6e63e579872b48b0e862bb07454d52e6f15ccec43857ec1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8c6b846c5add0b41 HTTP/1.1
Host: sowhyatdngthwlkthdo.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003&__cf_chl_rt_tk=LefGOcEoHA6GUbRH3DoNW1vHq5.m.ApRFoVPxKsGAxE-1726937038-0.0.1.1-5396
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:58 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2TMqSCQFCeeVUcMJCgoIWfzEZNfAdgpyIyhOMYs9NNQw9wJL8YjpNAmYQ4pjaq0xMJLzqf6rmcSnF7YzSKTGMgz3JbR4BlmadP2p01JJ%2BDXBDiN9z4bxW1IPQk0X3uCW0pyd8Tb5bhNFWIw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c6b846d3bc80b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| matomo.41eak.life/piwik.php?idgoal=1&idsite=1&rec=1&r=464829&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=be8a7e6b64c35b65&_idn=0&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=4P1Sm6&uadata=%7B%7D | 172.67.138.184 | | 13 kB |
URL matomo.41eak.life/piwik.php?idgoal=1&idsite=1&rec=1&r=464829&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=be8a7e6b64c35b65&_idn=0&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=4P1Sm6&uadata=%7B%7D IP172.67.138.184:0
Hash9d532c5c9295607d14fed017ca2a5eb6 fa124f43a762e99ef5664d6cf55484e0dec37232 36f3598cb04c2d82f11778135228628ddbcf439ae9f48a3e23d559b83e3add29
POST /piwik.php?idgoal=1&idsite=1&rec=1&r=464829&h=16&m=43&s=57&url=https%3A%2F%2Fimgur.com&urlref=https%3A%2F%2Fimgur.com&_id=be8a7e6b64c35b65&_idn=0&send_image=0&_refts=1726937038&_ref=https%3A%2F%2Fimgur.com&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=4P1Sm6&uadata=%7B%7D HTTP/1.1
Host: matomo.41eak.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: https://of1eak.life
DNT: 1
Connection: keep-alive
Referer: https://of1eak.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 400 Bad Request
date: Sat, 21 Sep 2024 16:43:58 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://of1eak.life
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhI6tYJCql3kU64WIAVnekwnwIrVkXoJnH51t%2B26v63p51Vy1ians%2FNwsoh6mCSwEIvjsOQvGTCvq%2BaKtcEDQUhixPO%2FLIEdiLv6xRZeXCyvdFXwt2tzeNVeXiAS2jwzPc%2Fflw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c6b8469adb15696-OSL
X-Firefox-Spdy: h2
|
|
| sowhyatdngthwlkthdo.life/favicon.ico | 188.114.96.1 | 403 Forbidden | 13 kB |
URL GET HTTP/2sowhyatdngthwlkthdo.life/favicon.ico IP188.114.96.1:443
Requested byhttps://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003 CertificateIssuerGoogle Trust Services Subjectsowhyatdngthwlkthdo.life Fingerprint45:88:9F:BF:42:48:C7:42:2E:F5:5B:A4:DB:47:A5:BB:2D:0B:96:EE ValidityWed, 14 Aug 2024 18:12:05 GMT - Tue, 12 Nov 2024 18:12:04 GMT
File typeHTML document, ASCII text, with very long lines (8922), with no line terminators Hashaf185270b51b341ca739f472e7a358f1 b240c985002ed02d2aa8c4ef109511b5421e6068 8ad34c587883179dffa27f0cf45def4666a8a89dcec1b429da81c7147d180f61
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: sowhyatdngthwlkthdo.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003&__cf_chl_rt_tk=LefGOcEoHA6GUbRH3DoNW1vHq5.m.ApRFoVPxKsGAxE-1726937038-0.0.1.1-5396
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 403 Forbidden
date: Sat, 21 Sep 2024 16:43:58 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ZP8xOXBQl1DPBMrj/eUrGo6kEmldvvOq/QVJsl0EDitr+BhvuMTcelYirtnULFVjKfhxzqj4Rbrjtg2s922RCt3KnY/h23JjYTLU3/ZALeq7jdoG+z0CfIBVLo6HLpsauPbHU4EJPIrt7FVj1uxjkw==$JTKUOmuRY72CgCfQyCbQAg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A4FCDrm3FNTDBt%2BmUoC66YBnimZSZHm8lFjDfegsK9HZr6jchNjBC%2B3W9OFtKBXncvz0PQodWf2Ztga43I3jC%2BP%2BblgcoBYFaxVZsrZ2Hng%2BAU8mswHUZM2b7%2BOflGVh8%2FYIIEWsFzrecb4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8c6b846d6bf40b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003 | 188.114.96.1 | 403 Forbidden | 14 kB |
URL User Request GET HTTP/2sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003 IP188.114.96.1:443
CertificateIssuerGoogle Trust Services Subjectsowhyatdngthwlkthdo.life Fingerprint45:88:9F:BF:42:48:C7:42:2E:F5:5B:A4:DB:47:A5:BB:2D:0B:96:EE ValidityWed, 14 Aug 2024 18:12:05 GMT - Tue, 12 Nov 2024 18:12:04 GMT
File typeHTML document, ASCII text, with very long lines (9858), with no line terminators Hash1de984f24a48d80e1f73548a5cf08094 4b942f1922cfff75d6841b1b22fc3d52f0597405 253078793227d7e6544dfeaade75c10ec9ee3884fa34565ebf5459b9504f280e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?s=157&t1=895&t2=&t4=1003 HTTP/1.1
Host: sowhyatdngthwlkthdo.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Sat, 21 Sep 2024 16:43:58 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: wxWy7zEOoxazeQsH7ZGxHo+hV42skeJe40qa66l2IpYMvvzE+XBDdFWK6+UlBXZyi7lppUhr68zqQvI4Eh+OTMET10Gc3yOq8Jis3AzcHXT5DwtPEmWxj/MvzilMI0TftOQfZ5Gp9ZcU6ckKrFgp0Q==$fukuvZIRUjdvGf/BoewV3w==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPXnKIOgpxFgprHgCslWL8WP9jeyLze%2FBjL5VZVwrkJoIkoM%2BLQGswZnb%2B5Uz65P40wvz%2BnmE%2FvRB6AdjPjVTxXblJkigYpLaincThWOiQwJUy01QsR%2F9eOkKHw2xJlBbnC9I%2BggJfARMbM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8c6b846c5add0b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| 4396.41eak.life/leak-id-SVhUUWVCM0lXUGpQSW11WGJTWmRad1l5bWkxTVRDVU5tV2hvVkdIcm0yTk50Q0tCWU9OdWhDQUgxNDRqRmFBdC9ZOWZDT0dRYWY4VXNGaGh5Q3pUZEVPVW9ONkR6T2EwbHVld1hXQitlUkVBL2V5bjFpaWhLT0I1MGNyKzZrZzA= |  104.21.78.240 | 302 Found | 9.9 kB |
URL User Request GET HTTP/24396.41eak.life/leak-id-SVhUUWVCM0lXUGpQSW11WGJTWmRad1l5bWkxTVRDVU5tV2hvVkdIcm0yTk50Q0tCWU9OdWhDQUgxNDRqRmFBdC9ZOWZDT0dRYWY4VXNGaGh5Q3pUZEVPVW9ONkR6T2EwbHVld1hXQitlUkVBL2V5bjFpaWhLT0I1MGNyKzZrZzA= IP104.21.78.240:443
CertificateIssuerGoogle Trust Services Subject41eak.life Fingerprint91:0B:53:C0:7F:FB:E2:61:61:10:A1:30:D0:84:19:FF:11:26:5E:17 ValidityMon, 29 Jul 2024 03:19:13 GMT - Sun, 27 Oct 2024 03:19:12 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 Hashe1bb8a16a185b998c70939297a02519a fee7888fbae01baf92989758d443617500882706 473066b9bc71fd9b5cb64e13bea29759cb0bdc6e1335e949af6d370ed1548c5c
GET /leak-id-SVhUUWVCM0lXUGpQSW11WGJTWmRad1l5bWkxTVRDVU5tV2hvVkdIcm0yTk50Q0tCWU9OdWhDQUgxNDRqRmFBdC9ZOWZDT0dRYWY4VXNGaGh5Q3pUZEVPVW9ONkR6T2EwbHVld1hXQitlUkVBL2V5bjFpaWhLT0I1MGNyKzZrZzA= HTTP/1.1
Host: 4396.41eak.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 21 Sep 2024 16:43:58 GMT
content-type: text/html; charset=UTF-8
location: https://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FsWNPgoD6eVX5eYP6z8lr7HAkux16yNQLLpYlKb%2BDAkqCPcOEF%2FyCwxsx%2B2OSrtn4tv1dksy9NMsaa28XMYgkN4IZin7uT4%2BNOHUOiQXihL0hov7MDr5ptiP8wJoRj593Is%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8c6b846b293c0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.18.94.41 | 200 OK | 61 B |
URL GET HTTP/2challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:59 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8c6b847009120b06-OSL
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c6b846f886a0b06/1726937039652/5AzrUcTBNLx3-zF | 104.18.94.41 | 200 OK | 61 B |
URL GET HTTP/2challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8c6b846f886a0b06/1726937039652/5AzrUcTBNLx3-zF IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typePNG image data, 41 x 40, 8-bit/color RGB, non-interlaced Hashe66e1c50f4b3c8e553110fac3720da1d 21e95f9e6f25facb703475c761189c87bf18df30 001754fd1031b85c45dd51a8b6eb85c6771db87c0ffb0932f58bc2a44f914936
GET /cdn-cgi/challenge-platform/h/g/i/8c6b846f886a0b06/1726937039652/5AzrUcTBNLx3-zF HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:44:00 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8c6b847649420b06-OSL
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c6b846f886a0b06/1726937039658/3cf42af49cec44bf14aec56c69acbe224449f33276e799d24db8b9e3e23e98a3/-mCzBqF8HN8F6t7 | 104.18.94.41 | 401 Unauthorized | 1 B |
URL GET HTTP/2challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8c6b846f886a0b06/1726937039658/3cf42af49cec44bf14aec56c69acbe224449f33276e799d24db8b9e3e23e98a3/-mCzBqF8HN8F6t7 IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/8c6b846f886a0b06/1726937039658/3cf42af49cec44bf14aec56c69acbe224449f33276e799d24db8b9e3e23e98a3/-mCzBqF8HN8F6t7 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 401 Unauthorized
date: Sat, 21 Sep 2024 16:44:01 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gPPQq9JzsRL8UrsVsaay-IkRJ8zJ255nSTbi54-I-mKMAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIDz0KvSc7ES_FK7FbGmsviJESfMydueZ0k24uePiPpijABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIDz0KvSc7ES_FK7FbGmsviJESfMydueZ0k24uePiPpijABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAuJroJOc-tyeoeQjFgfJ8GZidY1pYZ3E6vnRPKA0M4VuvYINC4ZmqLOQzac3aJzNuRrxrQ8vCXrvu97kqdHJSuD7c4F3hVN6pS2ay8sAL7u7jJt6lacsQHuSPC9EIde0igAXxPC2mDw7WVmKBnW1L8eX49fv385hVn2lkvVbn6g2RCo-8cr_vCaywLT1Y4m5m_6XjP6Oekt71A2a9NKotkb81Y8DjanuZ8fdTQWt6O8NqyhDobyHRcF9-9o8acjcIRT5cfkSGzFdMpznnIFdDtr33BOQv2usHcnClM6om78iaqVMykh3JylHkrYXv9gOBIy3r8i0wOr_0t9XKtgxipQIDAQAB", max-age=20
server: cloudflare
cf-ray: 8c6b847d4a6e0b06-OSL
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit | 104.18.94.41 | 200 OK | 47 kB |
URL GET HTTP/2challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit IP104.18.94.41:443
Requested byhttps://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003 CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typeJavaScript source, ASCII text, with very long lines (47261) Hashe07e7ed6f75a7d48b3df3c153eb687eb 4601d83c67cc128d1e75d3e035fb8a3bdfa1ee34 96bd1c81d59d6ac2ec9f8ebe4937a315e85443667c5728a7cd9053848dd8d3d7
GET /turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sowhyatdngthwlkthdo.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:59 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 17 Sep 2024 16:06:37 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c6b846e0e96568e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c6b846f886a0b06&lang=auto | 104.18.94.41 | 200 OK | 124 kB |
URL GET HTTP/2challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c6b846f886a0b06&lang=auto IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size124 kB (124016 bytes) Hashd385b8aee86b590b1f3bcd2b72a59947 6726f3273ff43d57586ad0a8b947fe1363fcbe70 4901782aae93733534110b84fe03dbb5ee10af4181722ba355412caaf9a4f707
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8c6b846f886a0b06&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8c6b847009190b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/126398267:1726935203:eyAgC40Vdp152OSMptv5HtxzcjIcz7oL9xBEa99_2l8/8c6b846f886a0b06/3a9e838e52ac055 | 104.18.94.41 | 200 OK | 139 kB |
URL POST HTTP/2challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/126398267:1726935203:eyAgC40Vdp152OSMptv5HtxzcjIcz7oL9xBEa99_2l8/8c6b846f886a0b06/3a9e838e52ac055 IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size139 kB (139052 bytes) Hash42722764195a0d66bd3c4835d92df793 8853b8508ef1c6a5f85b7f2b91367429cf7e03e5 626ed3e0b6e12b4c4cd7f621518c052f9e94977bd13c906138e774057704306f
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/126398267:1726935203:eyAgC40Vdp152OSMptv5HtxzcjIcz7oL9xBEa99_2l8/8c6b846f886a0b06/3a9e838e52ac055 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3a9e838e52ac055
Content-Length: 3648
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:59 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: TIuIHBQGxCWlvFOewXM1oHiyzuRYjNclItBnzO6+ZdQQyhIbk8fzVkQLKC5RSo44Er1NPbp1XP18FSdjU5vVd9cjjmW3Q3GEv5V+A8ucJM/5k7mSBueXDctL1ot/E6filpAE9qsFZFM1uVMa6N/pjtkXrHuhdcD97hjW3k8K304+7JUWsWl2Sx/NDbavjboVdJHAm/fUTxJBgy9H8pue9uPnjYsbgzP82H8mSe88PC1/Yl7eP4JFkp9m9fFCVj9I35kssRc7BNnhDDS8jf4sxhIN10CO7RNrcxVZJthK9YfLg+0ccsYB9iBKJNd/XhvqPqqzsNW5RjsgFK1yf7EeJyL2ZSIcGittghczlIMeNZeTdnjvw8NwN0o8vrGpyFD+/jzA5RwrzyqPbxZpL9u43tHUrE/2dJ1p8edBxP7m/LZbW6IGDnGU2dbGv8+LPcdzPIJGymcF6fQ8P3WI7g==$DXHlSbwz/QlEHn6G
server: cloudflare
cf-ray: 8c6b8471bb630b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ | 104.18.94.41 | 200 OK | 165 kB |
URL GET HTTP/2challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ IP104.18.94.41:443
Requested byhttps://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003 CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typeHTML document, ASCII text, with very long lines (42605) Size165 kB (164708 bytes) Hash6611e89d2afb0b2c62c26caff4e57b5d f16902c0a80b2137109958ebe4dd7d764642d7b9 e4896e7643ea8854e13ca685f9ff6895cde0945bdb4a071f60900af68420059a
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:59 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
referrer-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
server: cloudflare
cf-ray: 8c6b846f886a0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| sowhyatdngthwlkthdo.life/cdn-cgi/challenge-platform/h/g/flow/ov1/1609759192:1726935102:0s0q2ImgE2IMy0tWv9x81RBKIoCpRsp29dI9e9MMATA/8c6b846c5add0b41/e9a8ecf918b73e4 | 188.114.96.1 | 200 OK | 17 kB |
URL POST HTTP/2sowhyatdngthwlkthdo.life/cdn-cgi/challenge-platform/h/g/flow/ov1/1609759192:1726935102:0s0q2ImgE2IMy0tWv9x81RBKIoCpRsp29dI9e9MMATA/8c6b846c5add0b41/e9a8ecf918b73e4 IP188.114.96.1:443
Requested byhttps://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003 CertificateIssuerGoogle Trust Services Subjectsowhyatdngthwlkthdo.life Fingerprint45:88:9F:BF:42:48:C7:42:2E:F5:5B:A4:DB:47:A5:BB:2D:0B:96:EE ValidityWed, 14 Aug 2024 18:12:05 GMT - Tue, 12 Nov 2024 18:12:04 GMT
File typeASCII text, with very long lines (16860), with no line terminators Hashbb8373b88812ab9a60053b7a655b9bef 5b84ef6448d98490e9c31883aa1c95436403abe7 2573ea688902a71437601572a5fd29e552456e030230823696432206b4c61aad
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1609759192:1726935102:0s0q2ImgE2IMy0tWv9x81RBKIoCpRsp29dI9e9MMATA/8c6b846c5add0b41/e9a8ecf918b73e4 HTTP/1.1
Host: sowhyatdngthwlkthdo.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sowhyatdngthwlkthdo.life/?s=157&t1=895&t2=&t4=1003
Content-type: application/x-www-form-urlencoded
CF-Challenge: e9a8ecf918b73e4
Content-Length: 1946
Origin: https://sowhyatdngthwlkthdo.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:59 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: kaiizZuS4BXv3vDixCH9X7xqPX85H1GECzR4cbiVcXfCRzcOMSmKcjnwQFn1QzXirx7IIqyOXg==$/3ArI9nrrHUJYtW7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8UhVj94ugKuwmJAtQiCd%2BXfqyMY3BSNHeowk39nMEGRq5o4pt%2FV1lqVt%2BEvboOh9DHQPuORYBgzSrWphQyWSxqPc2JcRkMEPLTy8gvrWaczed5A%2FUUuNHZ8Ksi7i653iNKZr6BuitaP2o7g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c6b846e9d550b41-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| of1eak.life/redgifs-misty-silver-misty-silver-aka-thecutestkittycat- | 188.114.97.1 | 200 OK | 1.4 kB |
URL User Request GET HTTP/2of1eak.life/redgifs-misty-silver-misty-silver-aka-thecutestkittycat- IP188.114.97.1:443
CertificateIssuerGoogle Trust Services Subjectof1eak.life Fingerprint65:DE:B5:A9:94:7A:30:93:CB:10:C5:4C:08:C3:8A:E9:C8:A2:31:C4 ValidityMon, 12 Aug 2024 12:41:52 GMT - Sun, 10 Nov 2024 12:41:51 GMT
File typeHTML document, ASCII text, with very long lines (1456), with no line terminators Hash27fa0cb75694b93a23aa19f909e6da92 6a25e4a7fb0f3328f9653d74d4114a9af40e9b04 724331fa404325b0460692decc3c006e16747a5b21ccc30b237ec00b6898f27b
GET /redgifs-misty-silver-misty-silver-aka-thecutestkittycat- HTTP/1.1
Host: of1eak.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:43:57 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W7hkvVXjyXz1k6Lx%2BUOz8%2F5zhtgJsB9gu0cHGSg8yBnDSUdC70bHHQ28UGfeSq49QrZND0Cv6dw4ophifX9d7CugVmIP1PRsNx2arTCPEbXj78Ijbc2hqs2uS73f9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8c6b8460ea30568b-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/126398267:1726935203:eyAgC40Vdp152OSMptv5HtxzcjIcz7oL9xBEa99_2l8/8c6b846f886a0b06/3a9e838e52ac055 | 104.18.94.41 | 200 OK | 27 kB |
URL POST HTTP/2challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/126398267:1726935203:eyAgC40Vdp152OSMptv5HtxzcjIcz7oL9xBEa99_2l8/8c6b846f886a0b06/3a9e838e52ac055 IP104.18.94.41:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/ CertificateIssuerGoogle Trust Services Subjectchallenges.cloudflare.com Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4 ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT
File typeASCII text, with very long lines (26796), with no line terminators Hash18aa762a5a79b0ecab7129337522197f 4dfae2c06b641d68739f02a7f7153f27294ba30d 54250621c214b13ea3f4b8eebbe04920875ba760a295a603d521a864e26f1097
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/126398267:1726935203:eyAgC40Vdp152OSMptv5HtxzcjIcz7oL9xBEa99_2l8/8c6b846f886a0b06/3a9e838e52ac055 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/rhjl1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 3a9e838e52ac055
Content-Length: 28967
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 21 Sep 2024 16:44:01 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 2HI8YHGDN/uRZX1H+LAeNvqcuKZv3YgajIyWg4L3olOpc17jJD/4BJQRdTjeUsWpn75hmS3bRMdm/g5f$SFumGffeeACoQHyb
server: cloudflare
cf-ray: 8c6b847eac000b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|