| productivelookewr.shop/api~F |  172.67.150.207 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1productivelookewr.shop/api~F IP172.67.150.207:80
File typeHTML document, ASCII text, with very long lines (14146), with no line terminators Hash6c553c918042e00f15d2995967480ab4 7dea2a04ade82a1ae1aaf2ce747d0e0afdc2ef8f 468832b3f87e911f344ffef11ce605387aef17e32e6fb22cb1fe1bed0e03c831
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) |
GET /api~F HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 17:24:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: UzxqHnsoDHw9JVP0U53HagNDsJAvGJOB/xl+3zNBf/l1vpICTapV1PU318wAGV+G/asX3kPNlXahyVggOAk9NkcMhKNssZlj8bi65zYO+WSACRQxLit0jNXzBW6hWKmbVZaswdkhLIpyxea/P7ap+Q==$8TOZ2tETTHTiILvuXZ5oig==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KaVIx8TslxWJW1vT2U%2BeWt4cysz5kub8FTPl8Ds2vXP6PUbqn1pYta%2FGJ1Q9DVhV5KUP9SA0%2For%2BQMTuGoEAYa9NDdWtSl90PcP4ahH7ZzHQyKg7rTHf3XNKcPtC41gSGznN5jRld1Fu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881b9f9e2980569a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881b9f9e2980569a |  104.21.11.250 | | 111 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881b9f9e2980569a IP104.21.11.250:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size111 kB (111039 bytes) Hash882deb745e07e8d8e75dfc0352be648d 084649422672dd9bc04a0ac16563ae4ff5bae0d2 e28953c27d23cdaebe01fcb00f987a04784aefe3d27ac9b2c8eb04b6433474d4
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881b9f9e2980569a HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F?__cf_chl_rt_tk=NK7VcX8LgETmpRUATtYBMVWWfsVkEodiUvsFferm58U-1715361873-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:24:33 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8uwdzjFM4E9EyGPx%2FfXYV%2BzjoayIMWwlRwX9uCK7edtScFYqesk5OP2zfBK8q393DsUd0CvsNwUv%2FTErwvNdjLVi%2B5Mu5xwoiTi2o1JtQpxzjQaNVyvjXFSUOjGqKX021%2FqGfOi1Z36t"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881b9f9fec37b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/api~F
File typeHTML document, ASCII text, with very long lines (14258), with no line terminators Hash57648d0301890fcc2c1765a0a047e40d 82c961f7bed1604a2071ad5fbf98177b265cb1b7 0523659e1c8de85faf42e404d7e3fdf72935c173ba59b719b7e0d28b93ea98fb
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F?__cf_chl_rt_tk=NK7VcX8LgETmpRUATtYBMVWWfsVkEodiUvsFferm58U-1715361873-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 17:24:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: nPpJN7arf4X4lJxho6b050238qU78Qkj1rAoxwAe1xm36NcLOwJ3FBBjSg1U87Rtc54TFH3uVn2tSlWNXFaVGoFRPR566eDCvuJopIuOhNRfZaITfRheSf8Zg3xPMyfZPNUhRU3dZsXuEJGm2/I/1w==$3zBUvhIwPT4GV1dX3ReSVg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95h1PeMf3a8QRnbxp%2BoQF9vF8VgjkaIf%2B78eaPT%2BYNAGXK8yP9niJmZgZOy4Uu5hsWq0pXOHg4rbrrcnfEZsri5%2FOlWN50V%2BOIjF6C458vY5ATagXbuWkw9I73JwSfKrx%2F3fRGIkTbLO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881b9fa04ca5b515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/api~F
File typeHTML document, ASCII text, with very long lines (14172), with no line terminators Hashc3601bb5e8b38915410aacd8b69c85bd c6fc925c53f91a5d3eb468f80cd0190902ef55cd 6eccc90a5f146fa3bdc10acfe20529d59689dd443063b103b743c037666d3dfd
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 17:24:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Yqm6fA00dg9GjtMm9xUZerLCXss11UZMWJoPkVi+v+eyrs/B0jAfQkAmgYwX7ETfOeffHtO4K7SnRYE0CiPvIWd7UmL8EKxHajKPFiDlOBVJ/y29vjTz3cES1k1kkPkJtGApe65PYtWJl4vQLc6RbA==$mRF/NE1nu0WXAB1ioddhSg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5TE9vI%2FAFPQlGaZKqnYnMx3HczEX%2FdB5CggNYHGfJUSA1wyoMdCGF7hckSNnaV6nZnr7BMoU4xa2z%2BOMEo91%2BXp1eRyXPG0XZOBhZV8G1VoWACY3rAmjCbiPDJoYzm2okGmpWIhET7dZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881b9fa09a311c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2036321532:1715357544:MoavdABsLAVx-6YU0fOfdbSrYOBngKyqNq5Cheqwvdo/881b9f9e2980569a/c3dbff943138749 | 104.21.11.250 | | 12 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2036321532:1715357544:MoavdABsLAVx-6YU0fOfdbSrYOBngKyqNq5Cheqwvdo/881b9f9e2980569a/c3dbff943138749 IP104.21.11.250:0
File typeASCII text, with very long lines (16460), with no line terminators Hashf081dfd8df9e0d4d954636dc006be09e 448f2a924acbf5c1f6fa0cb3295b1792bf385ddc 3883d8ac45c998ac480e77f7d56851945856317c4f226e520c33e194e2763502
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2036321532:1715357544:MoavdABsLAVx-6YU0fOfdbSrYOBngKyqNq5Cheqwvdo/881b9f9e2980569a/c3dbff943138749 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F
Content-type: application/x-www-form-urlencoded
CF-Challenge: c3dbff943138749
Content-Length: 1859
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:24:34 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: ytrhwygkkAsSTkJMVxINTA2nmpzKY6FQry5KuSIb9aGpupasKCK/SEM6lBaEjggN$GCOyUkhNoIcJhq4kQKQM5w==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yb%2FXkzG8kbFB6P0WuW%2Bb%2Bxii9sE1iSMoErvpf%2FqimvqxkFSXJYHXG9qLRQmRtwVaunyIKT%2FFVb6buQvwuohujeKz8ebt3sga3RIjGjTC%2FyzqlXn0vgnTiIF0uoQKU9YW0IunptkG%2FHop"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881b9fa17a4eb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit | 104.17.3.184 | 200 OK | 33 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit IP104.17.3.184:443
Requested byhttp://productivelookewr.shop/api~F CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42616) Hash86183dd14ee10d1dee92b37b5069d716 9ec32d650ece484bbe624ca734a0a65e22d35dd6 ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4
GET /turnstile/v0/g/1b3559406bc8/api.js?onload=KtsCKf7&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:24:34 GMT
content-type: application/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=604800, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 881b9fa0db8fb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881b9fa28a6156c0/1715361874709/TX6Og8e6zCTP4Ym | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881b9fa28a6156c0/1715361874709/TX6Og8e6zCTP4Ym IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 76 x 83, 8-bit/color RGB, non-interlaced Hash73643bb5f7e2981ccd652e013e9d536d 90debf3f07217cfaa83b0e966cb92164421a9f44 d534f30acce801447f91ffb3655708a8fa5891f3b225be1d23d32f1ccdbb71cd
GET /cdn-cgi/challenge-platform/h/g/i/881b9fa28a6156c0/1715361874709/TX6Og8e6zCTP4Ym HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/o044t/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:24:36 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881b9faf3d1c56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/630634664:1715357898:f8Ixu24P1AUvtGAvWwIIsianWzFgXvZoz6izaJUP1ic/881b9fa28a6156c0/ee72c00c57fca91 | 104.17.3.184 | | 25 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/630634664:1715357898:f8Ixu24P1AUvtGAvWwIIsianWzFgXvZoz6izaJUP1ic/881b9fa28a6156c0/ee72c00c57fca91 IP104.17.3.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22348), with no line terminators Hashe029797e78496484c2801ca095596e42 eae7c692b87edcc93088451b8ea1dd77a29cba2d acee80b1466ebc1b9fcc059272ec3e1ecb6c524a0272e3c624bbb3f1e23a9b77
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/630634664:1715357898:f8Ixu24P1AUvtGAvWwIIsianWzFgXvZoz6izaJUP1ic/881b9fa28a6156c0/ee72c00c57fca91 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/o044t/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: ee72c00c57fca91
Content-Length: 28212
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:24:40 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: VcFEiwEwdURYfIDg0I6cQKK3KBTRqSTlILC7Tl2eev2NAWEkVdRPhz3D/aNlZPpv$J0zAdxsXDp9gnRekkmfuXA==
server: cloudflare
cf-ray: 881b9fc8fdf656c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2036321532:1715357544:MoavdABsLAVx-6YU0fOfdbSrYOBngKyqNq5Cheqwvdo/881b9f9e2980569a/c3dbff943138749 | 104.21.11.250 | | 2.4 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/2036321532:1715357544:MoavdABsLAVx-6YU0fOfdbSrYOBngKyqNq5Cheqwvdo/881b9f9e2980569a/c3dbff943138749 IP104.21.11.250:0
File typeASCII text, with very long lines (3048), with no line terminators Hash1ac1b32da0ce278a6c50248c4db4f117 58a2f0521f61ea4294d72681af3dbb0737ad56df 1e0b19300c4d9f3887ca4ff0914d8708a94e22e40a2cd5b8229910b2484ced6a
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2036321532:1715357544:MoavdABsLAVx-6YU0fOfdbSrYOBngKyqNq5Cheqwvdo/881b9f9e2980569a/c3dbff943138749 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F
Content-type: application/x-www-form-urlencoded
CF-Challenge: c3dbff943138749
Content-Length: 2546
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:24:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: rkYiXXUNXEOi1ZA7d5Kq8S5AV4kvFiBNdF7+twOajCWzEjKvFSEdu34mhhPmerxHFI+X6/SZFJfiEST0BlKRGDNYk/WGENCYmSzxAvY21l0=$fgAC4OgE7IXSczPD3V220w==
cf-chl-out-s: WGYewi+zfJeDR0eLodUMWA==$3eO3NLyDWXbRXufYaR8Ffg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FDr5miK7QqseP2FL9XJkvoa4%2B2QrUQDo0IcvusYHooy%2Bbgeo778vy09GEpxRMH8K2XeElBK3NEskEroCPsaaaFSleKD%2Bio3zRxjWZXdPow4RdT3Wh%2BDuEtk%2B0Sak3o2oD8yjjopfakXF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881b9fee0d78b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/api~F | 104.21.11.250 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1productivelookewr.shop/api~F IP104.21.11.250:80
File typeHTML document, ASCII text, with very long lines (14189), with no line terminators Hash7f7bae0be4acad464c2a7b8e9b9a5445 edb0e84a950c8b2d475043d77608c2fbb182b43c 6990ec7453270e6cefe51b6295d44ef02a2bc861f850d90435731ab4784eff87
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) |
GET /api~F HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 17:24:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: MKdBEq++zRfMT+AkzShJYTnEDeIbQkSI5OBzyJhNDFHAZJ4tLno1glSqSA9GDdSrZ6ahOd/c9RkAUCbsQ/NDPYh+XKkCYd4SCSxpapNA+JEtI8WUCjib/Ofvsay7ZkfO4Pn3ysU08iZR+V1p3v8iFA==$wgXSDyMVWcSdU+PPq3LISg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vQu3n0j%2BqSqKEtXHKkI8etAjbIAYpIt7VyvjNjX%2BNssOIOWOmINnnAK%2FjeajAskV2z7avef7hJtRXDRU3%2BfEJH%2BpOgJ471n8l03ayRvtR51RFyhOMQeN1EpraSS85B5pidJVXVy3Ojq8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881b9ffae8d4b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881b9ffae8d4b518 | 104.21.11.250 | 200 OK | 110 kB |
URL GET HTTP/1.1productivelookewr.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881b9ffae8d4b518 IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/api~F
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size110 kB (110497 bytes) Hash457f655653d983edc4de5956d601ddea 6ff24c04d24ff54f20bd15dcbb005fad22c54f44 285bda89efe9c11166e8641c053fa0a9ecd21519a88fe8f929dd734524535cb8
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=881b9ffae8d4b518 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F?__cf_chl_rt_tk=CvQ3JdSjpImv4jw0XyO2HAuBsPFz2DeA5pFw4zEGCZY-1715361888-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:24:48 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JcyaZ4x4SlQgvseQ2EgwlbOZVI1JIBHaIcfMsXbdjAxRi6KjNTGMeSiVPX1yzX7YIB4dNiZcQniM0qZYDnPZOTrLEC4cKq96zvmemB2vg2VlFIc1MUoQJIsm866c%2F4HbRyJV8%2FKbRHgI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881b9ffb58f356af-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/api~F
File typeHTML document, ASCII text, with very long lines (14279), with no line terminators Hash88190afa8dd077a60576882723b42d79 a98537a8c4d6d377bfc5c67d790b644b8d6d61a8 03e91a75fc986a92a5ec37adddb811fcfe4e682faae79233320ce159e0e62850
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F?__cf_chl_rt_tk=CvQ3JdSjpImv4jw0XyO2HAuBsPFz2DeA5pFw4zEGCZY-1715361888-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 17:24:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: jS/HgQ8Gn1McEpaWmaroIL6pWgvPpJQHvgCi1bpZvuuLrbfYM/ThkTJjCNaIx6GpqFcGeddBfgKKq9EWDvxxu0vH3DwPChe5BQcci/cvPau9eEkvTeUX/RbkJKybPVEOge7DOuSwv180W9YpxRmNgA==$UdkrkQ/v5qgbuWMsbtHcew==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=daj8EybsfccE%2BeVrZS4jtm095PviWYpbM19y42stN2hGimrDmbGJhDrwfucqLmRPQI%2BYbt%2Fuaas0JH02uBtVonyjyByJj2Jkla2Hxp7k5LUd1k266LXsOaXeNEX0Yo5Dun%2FtRululWAl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881b9ffba97756af-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/api~F
File typeHTML document, ASCII text, with very long lines (14194), with no line terminators Hash3098dead6daf06bc8918aa54cdabd55f 72f55aacbe3c3a973684e8b27eeb0d92b6d8eb2c e83b963af59e854093e430aecece17107e6c7f3c06b294328265515078d4e1b0
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 10 May 2024 17:24:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: k3k+gvaBVeqsrCUdJNSJ7hPIlkQajETUrMvtNMJltb2WJrxfBkbqqN/b9AT4D29R4fx+aP0I2W/UpFGYmiUutA5UKIkvte3hGuiVbHkqV+CyjQ54whTOyLyGU/wSl+h48TQPDDAkcDk+srh+5M4nVw==$v5iqtd7uGLnN765K5NfeAg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5wb1vgQTaGDd6zt7Ryn1Hgc%2F1yBV4L1HJMFDMQmEPoK8Xur8FRjaxLaoPsEHVZaIfZilmCTR52uNOjgifzbewHfH3LmKOQWo8d6b9rtnzonG6jmhuQWsDptOCLb7dR3%2FtMP91nNsATu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881b9ffc09730b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/534588105:1715357587:2SvpWCSqveVY-gccBtCXg500R9oxdh8It4c03UYXhBU/881b9ffae8d4b518/a48e8397f822938 | 104.21.11.250 | 200 OK | 12 kB |
URL POST HTTP/1.1productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/534588105:1715357587:2SvpWCSqveVY-gccBtCXg500R9oxdh8It4c03UYXhBU/881b9ffae8d4b518/a48e8397f822938 IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/api~F
File typeASCII text, with very long lines (16460), with no line terminators Hash1f555ef53c46ed4a0629e79e95ec6462 d9050e5d2a16101737225336d90b66090890772d 8d763ace016d1e62e63b07c9063a83dcee2dffa9605b42da580056d5f7f262f3
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/534588105:1715357587:2SvpWCSqveVY-gccBtCXg500R9oxdh8It4c03UYXhBU/881b9ffae8d4b518/a48e8397f822938 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F
Content-type: application/x-www-form-urlencoded
CF-Challenge: a48e8397f822938
Content-Length: 1866
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:24:48 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: Xdkqz5t8iWz0Dm45uhYNOBw0Zjz1l5YRD84bAVMFFR+9jtf/qpK1OtJjbGoc5KV8$3/g+ymh8DcG1LuM4COZqrg==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAs3RTQ379sFDzLtqbUmSC8Q8UXN2enjV%2BzDiWrzlVJIM5xcrbXbOnh%2Bc34b%2BmOyEM7HLI24mJUg9cbrBhvuwsNATqDwlow7GCtQDZYpiqB4fMO3A7Dm4IE1Jk9KoCw8eiVsBBtuZzXR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881b9ffcdea1b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 18 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://productivelookewr.shop/api~F CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (42150) Hash108059eb1757f5c60ef8c5e381ee7775 9311a874a7a14097e3ab4c49f364a980c9d6fd9e 1e58900effd01f489d02c9307d971fbb3be6eee9de9fe52b307165ef2d6ad27f
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:24:48 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
origin-agent-cluster: ?1
referrer-policy: same-origin
server: cloudflare
cf-ray: 881b9ffdebc456c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881b9ffdebc456c0/1715361889366/86l0Shyb_BPbi_f | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/881b9ffdebc456c0/1715361889366/86l0Shyb_BPbi_f IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 96 x 71, 8-bit/color RGB, non-interlaced Hashb8acbadc4c1ff61676a01fb4b158d3ad 1e8f64425d26d8fb57a54f9011489978d1542b7d b01eb3be6164b3ad5467692ec72564cb7c4185beb29d05b5b8c2e4328d9dfa15
GET /cdn-cgi/challenge-platform/h/g/i/881b9ffdebc456c0/1715361889366/86l0Shyb_BPbi_f HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:24:51 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 881ba00e2bea56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1344764143:1715361166:reVtwBI_Tuj3jVQcFGv-9ofiwWpsoH2Ysn4KVEZVg-E/881b9ffdebc456c0/ae829baab4d706c | 104.17.3.184 | 200 OK | 5.8 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1344764143:1715361166:reVtwBI_Tuj3jVQcFGv-9ofiwWpsoH2Ysn4KVEZVg-E/881b9ffdebc456c0/ae829baab4d706c IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (3600), with no line terminators Hashba374cb67e7da9b210473dc00e6ebc48 7c7e6b615329f21156742de4cc9b741bb031be14 ecab0c406760c78cc1eff438a144b332d60719ea75dcb822191442adc289d60f
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1344764143:1715361166:reVtwBI_Tuj3jVQcFGv-9ofiwWpsoH2Ysn4KVEZVg-E/881b9ffdebc456c0/ae829baab4d706c HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: ae829baab4d706c
Content-Length: 37813
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 17:24:56 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: KjklO5OA4eZ2x6qxNmq41Q==$7+ZZvQ0Dc5cVxA+wTbtH4w==
cf-chl-out: 7MyNLejxEv3MlLlDTQi14XHlBoUlR4t34Hfc4XqH2vF/PawOkZY7tj6DzS+0PSv6Co4fOCuWH0+HpIgtOQRVmcFu7p+C83LAQQWsI6DFj/rjULE08ylrXk74Lpe5IfwR$euiesPem0iWa4vv1eSM5Hg==
server: cloudflare
cf-ray: 881ba02e289256c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/api~F | 104.21.11.250 | 403 Forbidden | 1.0 kB |
URL User Request GET HTTP/1.1productivelookewr.shop/api~F IP104.21.11.250:80
File typeHTML document, Unicode text, UTF-8 text, with very long lines (416), with CRLF, LF line terminators Hash7918a2bcb5972fb9180547ebfa69bdf0 e903f27fd09e492fd214f1cfc73bea1f6a262c90 797e5cddce578311bdfbc496be17620fb8630210396c8839a3385c8512194450
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
| NIDS | Severity | Alert |
|---|
| suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) | | suricata | high | ThreatFox botnet C2 traffic (url - confidence level: 100%) |
POST /api~F HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/api~F?__cf_chl_tk=CvQ3JdSjpImv4jw0XyO2HAuBsPFz2DeA5pFw4zEGCZY-1715361888-0.0.1.1-1301
Content-Type: application/x-www-form-urlencoded
Content-Length: 2501
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 10 May 2024 17:24:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: cf_clearance=Bj.UcjdCuPuooNEthf5x9ZQaS9N_uLpz3YkXh6CHXgU-1715361888-1.0.1.1-gjRnl8TwVx5L5ySOF4Hzi7dSYFmBwLupQ_495s.48cQh7O.Icjd.kr5.w.g0obv2f1Sno9jM.G62MPsATMPlDw; Path=/; Expires=Sat, 10-May-25 17:24:56 GMT; Domain=.productivelookewr.shop; HttpOnly
PHPSESSID=b0jsu5645hj2ntdl66bhr5to6p; expires=Tue, 03-Sep-2024 11:11:36 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9eOyb1mZ8%2Bqvdv3ZMblcn%2FsWCjuUTfehD3Wx8RrCgSskwktCvaPMKM3pXRVQHDqXI7vR%2B%2FC1mBJ%2F6j%2BgodYRvGy4DcnvduL%2Bq8US%2FANvNjPLqpAWwRZMX%2BDvIyHkWSVNcO5%2FEH5OLHQ5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881ba02fe847b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js | 151.101.65.229 | | 18 kB |
URL cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js IP151.101.65.229:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1002) Hashcb0a959ac3d7a23dd8271f8438671211 8bc8a58a48d6f529e6b58e235b47d92dc61a0e2d 28d785eb15b9a3fb56d6869ee57952e0908d003a0cf911eaae7a14a8bea9bc76
GET /npm/tom-select@2.3.1/dist/js/tom-select.complete.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"c620-i8ilikjW9SnmtY4jW0fZLcYaDi0"
content-encoding: br
accept-ranges: bytes
age: 1411114
date: Fri, 10 May 2024 17:24:57 GMT
x-served-by: cache-fra-etou8220055-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18451
X-Firefox-Spdy: h2
|
|
| productivelookewr.shop/core/panel/icons/tabler-icons.min.css | 104.21.11.250 | | 125 B |
URL productivelookewr.shop/core/panel/icons/tabler-icons.min.css IP104.21.11.250:0
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /core/panel/icons/tabler-icons.min.css HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/api~F
Cookie: cf_clearance=Bj.UcjdCuPuooNEthf5x9ZQaS9N_uLpz3YkXh6CHXgU-1715361888-1.0.1.1-gjRnl8TwVx5L5ySOF4Hzi7dSYFmBwLupQ_495s.48cQh7O.Icjd.kr5.w.g0obv2f1Sno9jM.G62MPsATMPlDw; PHPSESSID=b0jsu5645hj2ntdl66bhr5to6p
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 17:24:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cAhV9vOpVzAmS1T2GXO%2FGB%2FbDcCVnj8fKoWX62HLos6zT7fTvjD3zMOd8NtdVSNHWGBCJioUp0cf1c8mxd8enGCKEAx2ObTTt565N%2BrORNw7vYRiHIX27Mj35UBbEJYHVkpJIT8WKvvf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881ba030e9b1b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/css/tom-select.css | 151.101.65.229 | | 2.7 kB |
URL cdn.jsdelivr.net/npm/tom-select@2.3.1/dist/css/tom-select.css IP151.101.65.229:0
Hashc95b0bc73baee2d4aa8a5d31819916c7 5c6101d999331d9dd4f6902ec76fa484cc0e6150 c8168f6b45f8cf03ee444c7a0d2d61850899fd10dd13e2e523ca15e24fb1340c
GET /npm/tom-select@2.3.1/dist/css/tom-select.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"2618-XGEB2ZkzHZ3U9pAux2+khMwOYVA"
content-encoding: br
accept-ranges: bytes
age: 2888853
date: Fri, 10 May 2024 17:24:57 GMT
x-served-by: cache-fra-eddf8230097-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2714
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.6.0.min.js | 151.101.130.137 | | 31 kB |
URL code.jquery.com/jquery-3.6.0.min.js IP151.101.130.137:0
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 10 May 2024 17:24:57 GMT
age: 1218078
x-served-by: cache-lga21931-LGA, cache-hel1410025-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 261606
x-timer: S1715361897.203958,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
|
|
| productivelookewr.shop/core/panel/css/dober.css | 104.21.11.250 | | 125 B |
URL productivelookewr.shop/core/panel/css/dober.css IP104.21.11.250:0
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /core/panel/css/dober.css HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/api~F
Cookie: cf_clearance=Bj.UcjdCuPuooNEthf5x9ZQaS9N_uLpz3YkXh6CHXgU-1715361888-1.0.1.1-gjRnl8TwVx5L5ySOF4Hzi7dSYFmBwLupQ_495s.48cQh7O.Icjd.kr5.w.g0obv2f1Sno9jM.G62MPsATMPlDw; PHPSESSID=b0jsu5645hj2ntdl66bhr5to6p
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 17:24:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yaj1HenHypXliqIkbyBTmta%2FN23iaQzuW%2Fu8jUQ5XgT%2Bx6rtTn0QY2InxLZDpEC%2B7uiUSVcMaOyZsP68lbUU7mFxa1IaWNIUR7wdAvWI1ytIxlJwBUI7%2BGdYCUFfd4GdVNvEXQ1y2lW4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881ba0310e47b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/core/panel/js/doberman.min.js?2 | 104.21.11.250 | | 125 B |
URL productivelookewr.shop/core/panel/js/doberman.min.js?2 IP104.21.11.250:0
File typeHTML document, ASCII text, with CRLF line terminators Hash1b7c22a214949975556626d7217e9a39 d01c97e2944166ed23e47e4a62ff471ab8fa031f 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
| Analyzer | Verdict | Alert |
|---|
| ThreatFox | malicious | Lumma Stealer | | mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /core/panel/js/doberman.min.js?2 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/api~F
Cookie: cf_clearance=Bj.UcjdCuPuooNEthf5x9ZQaS9N_uLpz3YkXh6CHXgU-1715361888-1.0.1.1-gjRnl8TwVx5L5ySOF4Hzi7dSYFmBwLupQ_495s.48cQh7O.Icjd.kr5.w.g0obv2f1Sno9jM.G62MPsATMPlDw; PHPSESSID=b0jsu5645hj2ntdl66bhr5to6p
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Fri, 10 May 2024 17:24:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Sfyj6Fkc1Xq1vUf0FvWLZSEa0nlOEbxkSo5wPhHVpXoiICZ%2BuYRBhSRxGEwiGusoP%2BzqmYafm6KwnuLmYTShqMvSkVdyU%2FvjWiX%2BkgWn70UEbc7%2BOO20asFe6BmfHSw5aT70XvQC423"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 881ba0311e2956b9-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| unpkg.com/@tabler/core@1.0.0-beta10/dist/js/tabler.min.js | 104.17.247.203 | | 51 kB |
URL unpkg.com/@tabler/core@1.0.0-beta10/dist/js/tabler.min.js IP104.17.247.203:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65272) Hashaa14c90bcf88e4bb677a6652c703d371 9f7f1217b1bc208033a41fe844c7a3be8363593d e69349eaa159cd847e1a3f551d69ca3dc4a291eba2428b38371c68dbe78d5620
GET /@tabler/core@1.0.0-beta10/dist/js/tabler.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:24:57 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "22f35-n38SF7G8IIAzpB/oRMejvoNjWT0"
via: 1.1 fly.io
fly-request-id: 01HXE3SA1YKAZ9XD4REJP31DN4-arn
cf-cache-status: HIT
age: 122467
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881ba0311fbdb500-OSL
X-Firefox-Spdy: h2
|
|
| unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-payments.min.css | 104.17.247.203 | | 3.3 kB |
URL unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler-payments.min.css IP104.17.247.203:0
File typeUnicode text, UTF-8 text, with very long lines (9982) Hash04784b92504b4b5c7787accb86e38c6d 923286260ab882266d1ef2af9e606db0ff9afe35 c5b29d4a7e41bf14b47dce1bd9cb077a7a6520dfec0fcb2629c36e96a38a48a4
GET /@tabler/core@1.0.0-beta10/dist/css/tabler-payments.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:24:57 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "2806-kjKGJgq4giZtHvKvnmBtsP+a/jU"
via: 1.1 fly.io
fly-request-id: 01HWT9Q1MTTN73MFFH569S9PMD-arn
cf-cache-status: HIT
age: 787338
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881ba0312ff2b500-OSL
X-Firefox-Spdy: h2
|
|
| unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler.min.css | 104.17.247.203 | | 62 kB |
URL unpkg.com/@tabler/core@1.0.0-beta10/dist/css/tabler.min.css IP104.17.247.203:0
File typeUnicode text, UTF-8 text, with very long lines (65269) Hashc1a163c866ae54279f84008e755e3943 9d69518b336274d30081c8d2bf87f7bad54da876 5457d83fb3420513da1ae29fbbd2eb04304a75b589de7cbca76b29dd2239278d
GET /@tabler/core@1.0.0-beta10/dist/css/tabler.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://productivelookewr.shop/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 17:24:57 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "49599-nWlRizNidNMAgcjSv4f3utVNqHY"
via: 1.1 fly.io
fly-request-id: 01HTZRWFWVX5PFVQX8X8E63WZY-arn
cf-cache-status: HIT
age: 2751143
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 881ba0312fd0b500-OSL
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:24:49 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 881b9ffe7c8556c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881b9ffdebc456c0 | 104.17.3.184 | 200 OK | 441 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881b9ffdebc456c0 IP104.17.3.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size441 kB (441402 bytes) Hash4cee0f02cd0bb08c613d4c432cf4dccb b00245121d5415fa180a847315fe7dd8af7756b7 d78719aa0a32cfdc7120bd47762403a056bf77c79fcd00656974555ea2a207f3
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=881b9ffdebc456c0 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/qkcg5/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 17:24:49 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 881b9ffe7c8c56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|