| | 104.21.11.250 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1IP104.21.11.250:80
File typeHTML document, ASCII text, with very long lines (14334), with no line terminators Hash31ef62f3e72f19f5ba4314bd5d24f61d 3db871262e04626741cb553d1fd1f43fa58326e7 9d0db4ef399fa0255663375886ad6a603b7105ed11d58b9c050c450700346d6f
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /y HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: LoHuIXSFi39Y8sbIZO1/pzRqCkYuIbEnDYyLHiS5nvp3uf+XZviyVyNYnyoN2kd6PuzujEK5L6CoTIY9rBmUwYtbPvBvJvt0Xqhw/CYSZ4JVE1zHtHxHLe3HUx0JnqOq/B3QxPEXqAQqj5J7aokOsw==$NRRqGXFu15DltzCJaJPxPQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F9fUAGR%2BeunRHgNqPinKhMZzPg10B709dpVE2QCMjOtpDXZKKQOhudHob5j6r7q5MCbr%2BYa1fZvq41tpvHIeRA7jmis3XlfqQgKJwugfzApAhHaY2kFcVmUIvtZ53100XYmDd59Rh1%2FL"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa6285989b568a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87aa6285989b568a | 172.67.150.207 | | 113 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87aa6285989b568a IP172.67.150.207:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (112869 bytes) Hashc14f5fe2551b526b7c3a423b37fddc82 d1a620cb7366ba40d97aa358fda10075a4ef7e2a 670b25107611e2e2bf0da8cadec53587a4cc8ff7306aebadbe35bb179ba779f7
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87aa6285989b568a HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y?__cf_chl_rt_tk=smMRKf6kynFNByP_6dqSH3ApTzLoUvqhh01lCfHJ6sE-1714174480-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:40 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xe9X66ftLeb%2FPRFk%2F1ytlenU8Q8i0eFWLz68t6%2BwTSEwcGM%2F3hMqFioIiLrfIUm5j5ruqIN9Sf%2BOoPpte%2BHZGQC0Vo7VI%2Fr7HOKZ%2FaDlY5F%2BYFryt%2FaaN9qh%2F7u85s00KWZYWYNXd73o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62872cc156bb-OSL
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 172.67.150.207 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP172.67.150.207:80
Requested byhttp://productivelookewr.shop/y
File typeHTML document, ASCII text, with very long lines (14484), with no line terminators Hash95aab8306e8db2bdb64e02798015f807 c58a146a0c7aea954a151c42036b1e0004a19e60 a8e6124468656696150272728768ac2d030435f74b079d81fbd20846a9f4cdbb
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y?__cf_chl_rt_tk=smMRKf6kynFNByP_6dqSH3ApTzLoUvqhh01lCfHJ6sE-1714174480-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Ut2NwUUYff6p5/pLnu9bkNCPV1dmuqg/ZN4SR7Fd6HPVxlaFqP6SEd9yKSTwzAZbaw+BXnuxV4XKaShPIcFF2UECRTPC3z4X/aaXYS8SLXz76YsyA16CnQ2PMckmiGrUypDiBDmF47dLTF6hZDMpKg==$pEpELTSkThsWsXj/TCxarA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vVqW53W1wmTxF33ad%2Flyi4k4i5M96avqnaNmB7Dgx06byI9QWYdwhuNB9qTS6XLZueyrkcbgW%2ByqJC%2B6ZbWwPpNEYyCa1NyKuxXBE6RtiAEH9P%2FTx5IAPCFg8ErJqth3bTp5X3xcwGMu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62876cf756bb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 172.67.150.207 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP172.67.150.207:80
Requested byhttp://productivelookewr.shop/y
File typeHTML document, ASCII text, with very long lines (14398), with no line terminators Hash5043a6a82f325463e82e8ba775e5987f fe178e0af6b3938673fd1acff4de2777c2c98cfc fdddfc7fa0b2d4219b182bbb0fdd1d4b18dcbe4d8aa056aa359db99fde19c3d0
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: NO26EIfZAOxl9cjUW1L0iFBAgt9yrPTd9M+Ox92WJBGNWUUzpA1WF4uyrkEeALSGfluMv+VUQWi6qYKu+36iNd3AXDEZz6jxaCOk7FBPc8yVgK2f2cnrTwJw/dfYrX7DosFsISKZfgtn1cY00vaSHQ==$rQnAc3Ex7uyqPpUsWBGBFQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tulNR0DfmLbdpS6josyVyoEwzexgGzV0eJs28j3%2FmtMmlyDZ2y%2FZImAVKZXwmxyKkqS8QsALAbP8CexnCAYd6xmz%2BW2SIf0fGaigZzCGfjCTsnl402LSYAlL6SoCvOSrfa78OHHVbY4G"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa6287eb3ab515-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1275858359:1714169544:c0zzFLH4jstQqcWAxz3SOUlTpP6zGXyZUN-eYcProxM/87aa6285989b568a/f9c69b70a5e0990 | 172.67.150.207 | | 13 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1275858359:1714169544:c0zzFLH4jstQqcWAxz3SOUlTpP6zGXyZUN-eYcProxM/87aa6285989b568a/f9c69b70a5e0990 IP172.67.150.207:0
File typeASCII text, with very long lines (16668), with no line terminators Hash674846c5bd7a33118a801386329635a1 78782edd5fe896ff8d1ec7d2ab90dba4741d0a7d 420b86c330e0e2fcc6f2e03b2cb8cab19cecb56ca39b3ca1bc79c8913d487d7d
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1275858359:1714169544:c0zzFLH4jstQqcWAxz3SOUlTpP6zGXyZUN-eYcProxM/87aa6285989b568a/f9c69b70a5e0990 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
Content-type: application/x-www-form-urlencoded
CF-Challenge: f9c69b70a5e0990
Content-Length: 1857
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:40 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: NtvFmT3P1OmGa/obbRLaFl/XiT8GN8vzzrpDT70Dzz4Vn6GGLHMq9Pfo3YBKDEF8$my4kk0c78Zo2vZ0f+DbErw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ypctXS6gqji6r4clmXft9mkmynwyoFCh6DQq%2BVTfqPjlL1VtJqX7D9Jr73abXC%2BR0B3PN1EtET5rnf967uVsgn8IBcprFbyIPy3qAKcMA1OkMGXfRxM%2FFhqs0elYKrnsl81zRFksklah"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa6288c837712a-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/66ev0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/66ev0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash2263ad3f271dcc11ea0c4bab3679bfdc eedee05db8812ae76c6db0bc178d1ba881bb0301 744b5c7e6b517a14558440658419ced2b700ca0fc2cf54e84fee8fde4a7bec05
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/66ev0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:40 GMT
content-type: text/html; charset=UTF-8
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
document-policy: js-profiling
origin-agent-cluster: ?1
vary: accept-encoding
server: cloudflare
cf-ray: 87aa6289dd9b5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit | 104.17.2.184 | | 15 kB |
URL challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (42565) Hash65b0a652c40c95d12c4ddb3b4567c1ea c654efa19d01d6553ed4e0f500d350011e023ad1 c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7
GET /turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:34:40 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa62880d16569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2022015401:1714169784:gePCLhZHsUeTS4Hm20J7VE7OQPYvRnuPVGnSLfPcbGc/87aa6289dd9b5694/773d4611a689300 | 104.17.2.184 | | 112 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2022015401:1714169784:gePCLhZHsUeTS4Hm20J7VE7OQPYvRnuPVGnSLfPcbGc/87aa6289dd9b5694/773d4611a689300 IP104.17.2.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size112 kB (111649 bytes) Hasha5487c735e9e28f45e06fe170449df37 b50d996e5697c1953aa766bc9eb6c45da48f5f21 52731f6893c59d3ff72b9066b8814f3f1c7b27d10b54e55b06d14daa6d4cb725
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2022015401:1714169784:gePCLhZHsUeTS4Hm20J7VE7OQPYvRnuPVGnSLfPcbGc/87aa6289dd9b5694/773d4611a689300 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/66ev0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 773d4611a689300
Content-Length: 3717
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:41 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: P8Yw77PaBdvV/us25u5qp1ZvqpkGtqn/B58dZauEk8icqGntL0pTDXt1fbt5HY8RoJBuR6AkYlXQb2Pv2FjouV7LGRZRpMtzeeb6YvsF2+olQ3VA0fI3wN9ULAw5+Ggo79J+rOUIeDDFIJYtD9YI7q18QR4Ro5IXSAmmwa8r4Wvg6p8teQOoAnlamWjBCtfiVMlt5M9v+sNN4HMgPsehXWrI72rOzeIqsin1OVHcfYhi7hhpRyhxUWP8GE/J5GQQep3XNgcdK8oVUZhYLXJH3T5Q0eq8CctTn1+f8k9X6J0U3EHNgnFNRmJ0YTEUh8ciV3X0iNlSWFB3KnSWxPZsLetX68axQ3ioRwaWPpCshdK1V/Njjz4Ph7OBYBaCn7XadVM48/JFDjvGU+W77pWE1jeV244dgQikW1x4uWOlNI4=$H+6lE+6LHpu08P8148VXiA==
vary: accept-encoding
server: cloudflare
cf-ray: 87aa628c6f475694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87aa6289dd9b5694 | 104.17.2.184 | | 177 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87aa6289dd9b5694 IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size177 kB (176646 bytes) Hashc91ab5683ad5e7a9f18d6b7e69fd4cfb 2fe3dbac9f274d6ff6c80fb66ce7e360761b966d f6df92a378f6d0c9d2fdef93038b4a6a6bf38b69d2e633f3454944112df05dcc
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87aa6289dd9b5694 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/66ev0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:41 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87aa628a6de75694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87aa6289dd9b5694/1714174481361/kXDPv_nrP3CI2kf | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87aa6289dd9b5694/1714174481361/kXDPv_nrP3CI2kf IP104.17.2.184:0
File typePNG image data, 10 x 65, 8-bit/color RGB, non-interlaced Hashbb80bff41900930791a5c9fb235d4067 a79b762d6dbf33a0a51c21a559530441fc2e42f3 2c8ebadd0beff1bb92c6cb0cbed7da4e5d0e19935691344e45486a10c5ced9d0
GET /cdn-cgi/challenge-platform/h/g/i/87aa6289dd9b5694/1714174481361/kXDPv_nrP3CI2kf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/66ev0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:42 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87aa62932b645694-OSL
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1275858359:1714169544:c0zzFLH4jstQqcWAxz3SOUlTpP6zGXyZUN-eYcProxM/87aa6285989b568a/f9c69b70a5e0990 | 172.67.150.207 | | 1.8 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/g/flow/ov1/1275858359:1714169544:c0zzFLH4jstQqcWAxz3SOUlTpP6zGXyZUN-eYcProxM/87aa6285989b568a/f9c69b70a5e0990 IP172.67.150.207:0
File typeASCII text, with very long lines (2328), with no line terminators Hash5199073096b798528d5f7edeef8f9e7f 8c2b01218f9f5b92246f9116e960db34eb4a3566 083c4299ef01453d73a5196ede0d5c0ac9101387eca7b37146297f6df7f09f34
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1275858359:1714169544:c0zzFLH4jstQqcWAxz3SOUlTpP6zGXyZUN-eYcProxM/87aa6285989b568a/f9c69b70a5e0990 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
Content-type: application/x-www-form-urlencoded
CF-Challenge: f9c69b70a5e0990
Content-Length: 2499
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: ep5wW2ehB7YDPIP92uUMnQ==$yYM0nrK8VgBujlWAHcxlcw==
cf-chl-out: Mz5At2N4BobpmbydINEpZE+btBnAk2D3v7cJRx9CpOUplASpH5EBo3crkKDUqRgACcFHFEMU0dYJRK6JXZIqWYcx3b90VRUJEMWqiZ1pl8A=$WiwN5oDLyAHmmMCglveXng==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xTs6mUwj0FxYcHDWLDHbbxylzfK4roWou1tkgjKOt7xbMN8nkrOLFSOWvWgkNfLjIoDSN70uciyCur%2FGCrAId3CHxMqIvHNhzPDh6e55New79diljINez6kRbfsN3J3XISrEZ1nPq%2BnY"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62bf6af5712a-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2022015401:1714169784:gePCLhZHsUeTS4Hm20J7VE7OQPYvRnuPVGnSLfPcbGc/87aa6289dd9b5694/773d4611a689300 | 104.17.2.184 | | 7.7 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2022015401:1714169784:gePCLhZHsUeTS4Hm20J7VE7OQPYvRnuPVGnSLfPcbGc/87aa6289dd9b5694/773d4611a689300 IP104.17.2.184:0
File typeASCII text, with very long lines (960), with no line terminators Hashb3b4eec7a1a6ce9fc02689954985a587 0707f2e13a6721dc4b0ff688f2172aef7a4166b2 1c20dfa154911fa58de5a16b9dc9ec58b24ed748e125dcaa1c665ab03796b998
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/2022015401:1714169784:gePCLhZHsUeTS4Hm20J7VE7OQPYvRnuPVGnSLfPcbGc/87aa6289dd9b5694/773d4611a689300 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/66ev0/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 773d4611a689300
Content-Length: 40534
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:49 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: KW1IUoKqu9UmoeEhCLuvErtqLFqP1iaz1PlEW0C0x8kkVnvhdDM6GusMZ/EdNAuA08Ewl7Q4ijKyHnXIn6UzwW8xBqUQ3J/TRTx87kqRHMQ=$xvw38T8oEbBtYKwcajhcIw==
cf-chl-out-s: tk30dad3HnwhBXzQra8inA==$Y+GM1R4l1nPIaqdju5cXRA==
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62bede095694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 172.67.150.207 | 403 Forbidden | 5.8 kB |
URL User Request GET HTTP/1.1IP172.67.150.207:80
File typeHTML document, ASCII text, with very long lines (14377), with no line terminators Hash7c77429c06409af0a55cb45f402a3f51 2766be89cdaa46291e44d15f54bf357abdea6f73 728760a99abf4a6f3ceb3559f50b8934b39b71bafa4f2525492993920ba5d940
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /y HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: SCscKP0CAiUgjt8Mmlo43whcHen1sL7yralM/0GhB6npeg4rU60aKMm3+xQ6qoZXrD4qUQAbxJM8fsJ5HoWLdINpnd0Vb3Jjx5Pe7idWQMiqq+PkPIs9YT3urFIEpF4LkapvjCLL+FBKx4CHiiPrfg==$0XpsefQgehIgykFqmZnMsQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s8Z3A4PIz5XJf7L5iBLmLODAh%2FlKTVseK9XeW1O0wiIq5HAuVDvQci%2FdR3Lf73c2hn7wAaYqYSA6W7KvOy4nGawqJMerkAjK7J30jGEpPYoxdFeJ8ERgnIMOxEhSH1cznYGo9Ue%2FGlEf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62cc3aeb712a-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62cc3aeb712a | 172.67.150.207 | | 113 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62cc3aeb712a IP172.67.150.207:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (112729 bytes) Hashd75cb751dc7934bbbe16fd34a3d31aeb 23fbdbc15bc13c3dc8622bd8bc8d12dfdfa392f5 fe4ee5cbc33feaa4dc374bd76dad778da510f3efc4038a6a6f8137582dd90e04
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa62cc3aeb712a HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y?__cf_chl_rt_tk=1w71RfGT.9zvfYTWlAOC0usrbYyfwYFeyztrUDMmsp0-1714174491-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:51 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TO882Dp%2FHCG9oKwGoIqhQmbZF%2FpnJC5Vy%2Fy2EJoeqJKwIlDme4YRsynpebt4%2BgFJAPPQt543PwJS8xQEGlaIdEii%2FyV95YBVyohsjiTyOEpYhMJ%2B3FlNFTQp10b4HxDh1xOlnz57%2Fzij"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62cc88511c06-OSL
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 172.67.150.207 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP172.67.150.207:80
Requested byhttp://productivelookewr.shop/y
File typeHTML document, ASCII text, with very long lines (14505), with no line terminators Hash642f16e8cab865a69973571a0ea031fb 8ef567f3d65e6827a4541478d2f7f93f5ee7140c 1fbcb88cc59ae479d3b75f8a37a0c1d4d62e64adf68c6e381c3f7a02ce5ff765
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y?__cf_chl_rt_tk=1w71RfGT.9zvfYTWlAOC0usrbYyfwYFeyztrUDMmsp0-1714174491-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: u3aU35/H1nuedb7I9PpgBImmVAUuOk69cmy0te1J/weG4wuHo7VRTcqGdgeFE6Y/G82tOF7XoUoJG/KymNKnq/Oge8UdnoI8B0w9CETxAEqZtmw28df5/GSy7oTDsOk1CjMvVFg2bjhLbzgzbGnjqA==$a88UQE5jE4CSXw3mgkgfrA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C1LV66co%2FNojHHOme4UIQdEqz08xgdkJFIv994h1HsgjS2jqreYNwwIbcxbXJW91DSHxptqcdRmK%2FNGcXbgrlJIhOHyUxyCLGn5BzinEFQcQNJh%2FU%2BpjWzfwD9hrIH3BlB6k8aL%2FryvZ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62ccd86c1c06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 172.67.150.207 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP172.67.150.207:80
Requested byhttp://productivelookewr.shop/y
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hash78663ba23f761e1bd1bce9f4ad30e930 fd2b4a437016a8a30f67237311b5ae11802b2345 8f67d8a300d7a47e575eb42bdb2a50166e5bf155b920aa002367d611cf5c9845
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:34:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: DvJ8khwqP0AmQybYDLWYK409oyNTJ9qyeJnJB4cEVeg2TMyBJ8QAdoxrr+86wPqCMyQ6jcG0/+RK4fCXg3uWrnbh+tVWx/0i9WkSKhJvlW/Q84DLtxj40+cJ83RQ+kLptOWclf7wJM6Ia8l9hSQPcw==$HqRuAK9s896mhKtaJa5Mpw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SP%2FOnMARbZBaaxPFWM2luzbG0FE0P%2BMdPUGQArzjXl2Jl3NcPPYyEpoDhpZkdiAe1b7ahcmmVN9cqFzX9RhJ7Pga%2B6ukJWuXS5N0zWHDOUvUbLcrAt4NxOlZ1Iggrsy8M%2BzzGCOQc3V6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa62cd4e4a5694-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit | 104.17.2.184 | 200 OK | 23 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit IP104.17.2.184:443
Requested byhttp://productivelookewr.shop/y CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:51 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa62cd4e505694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa62cc3aeb712a/d5de37191d5a35d | 172.67.150.207 | | 12 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa62cc3aeb712a/d5de37191d5a35d IP172.67.150.207:0
File typeASCII text, with very long lines (15992), with no line terminators Hashcceccd5fccaa33e983fdd83ccd81c37c 961953928e8aed5b27343172fbfff619a3ae3e9a 8b563859bd5ca119d81bbea36a951c2320c905691ffd308d8b4d535129daed0a
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa62cc3aeb712a/d5de37191d5a35d HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
Content-type: application/x-www-form-urlencoded
CF-Challenge: d5de37191d5a35d
Content-Length: 1864
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:51 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 7Ja9Mj3KS7+yA/DK20EK4nosbFuN/IUt8rBTUya8QAScbscs2vrrH/S/ZKKzbkP7$xAwIkyFt11smdhQEn7x6jg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZKkM5Y3Apq005G1jbAIScW2BTNL7zDB7tfCfTvTD1grax3IeMme7He5tacEv3Rdvesn8RTslG56YnwAXLz8ML%2Fe%2BLXCMDxpONbFB318lT%2BBQeu0IhaI767kHHHI9bFOjr1CrJKc6m2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62ce1a9456ae-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lmsdh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:52 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87aa62cf7f7f5694-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa62ceef3d5694 | 104.17.2.184 | | 176 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa62ceef3d5694 IP104.17.2.184:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size176 kB (175785 bytes) Hash149fb26496d6a3fc5493455088ee13e6 66036cb4bf52afb3e07c49bcd4c60199cf9f8819 9050945d8fa5d5fb5eadf96521189c8028aa06e9f31d5fdecabb2f96720da183
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa62ceef3d5694 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lmsdh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62cf7f805694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa62ceef3d5694/1714174492412/N-JK2g7okJKHTwj | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa62ceef3d5694/1714174492412/N-JK2g7okJKHTwj IP104.17.2.184:0
File typePNG image data, 84 x 11, 8-bit/color RGB, non-interlaced Hash49896c55b55dc8a00ddb460a99ef0368 8bb794039000012c0b19c6c91928ba77a3e8b34d 1d67381dc152fd531db4a12c5a41f1d1b5bb20394d8d398c12f02f0ce0866af1
GET /cdn-cgi/challenge-platform/h/b/i/87aa62ceef3d5694/1714174492412/N-JK2g7okJKHTwj HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lmsdh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:53 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87aa62d7db785694-OSL
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa62cc3aeb712a/d5de37191d5a35d | 172.67.150.207 | | 1.8 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa62cc3aeb712a/d5de37191d5a35d IP172.67.150.207:0
File typeASCII text, with very long lines (2332), with no line terminators Hashd77d2490684b6adaeebc61385359fe7e ec0b2f2a8e6ef9009feb5fa960366c76e81b9b33 d25ef66f8820b55e76f5e4e02e8f622d2fff72d5bb7f2e3a4df088a54e2d28c1
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa62cc3aeb712a/d5de37191d5a35d HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
Content-type: application/x-www-form-urlencoded
CF-Challenge: d5de37191d5a35d
Content-Length: 2511
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:34:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: plGPTLqiC65a3I8bPsmK8zSnUgAV/9HfEi5tFhktuT7TrP6BB9juYaADtvMj0LGLHIfE6o9I2Y9marKQhe7PdVwj8SJzKob1DpGoVhBpMwA=$uyiTmLdN2DWTnOP9ml3PKA==
cf-chl-out-s: Hk4ZjhUDlGCqsEYLGSifuiZ1lTsR91cLIDF3QkTtQEruB3k4G/UAe8bTQ/3xhfn8ZCxHAX0pviQz1zYCpU7sTOonpiWtrslIi+4E+qOiWJs=$TOINywf1azvHQhsBfuMCmg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2BU3cCi4Z8InIdkwd9EUGDu%2BbOaMq4q3SI7zwBIS8xtmEFwggGIv6NxI4pf7AI%2BpEvyrXKYhkc0QXjFsZiEEzHzvHCSgek6%2BEU1vv%2FfBHzmctOn46%2BAhFCJsnJUHEO5p7YgkcSkYECUM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa62f46cf156ae-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lmsdh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | | 31 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lmsdh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hashf31a8b70d34d24f3d1cf2707433e2ae7 88425201246c9c1984323873c83753ed2ebf9777 3de0a8cc737045b2016e3b99c4d34e044a2279aa77e1d37df77d86fe74cf407c
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lmsdh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:52 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
origin-agent-cluster: ?1
cross-origin-opener-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62ceef3d5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa630dcc3556ae | 172.67.150.207 | 200 OK | 113 kB |
URL GET HTTP/1.1productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa630dcc3556ae IP172.67.150.207:80
Requested byhttp://productivelookewr.shop/y
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size113 kB (112729 bytes) Hashd75cb751dc7934bbbe16fd34a3d31aeb 23fbdbc15bc13c3dc8622bd8bc8d12dfdfa392f5 fe4ee5cbc33feaa4dc374bd76dad778da510f3efc4038a6a6f8137582dd90e04
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87aa630dcc3556ae HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y?__cf_chl_rt_tk=5Y6OIOsVgpDKB9Y.T7PcMF1aorpGUfndQGFrQyMCc6k-1714174502-0.0.1.1-1279
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:35:02 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QocLtuSJBNZhdYxpIAj2Ux1IpSePP%2BjIIYYWTBr3mANQN5OZVYaZH%2F7eY4Q9cqjBKjxLkZmCLPB%2FmyuZHbJfDi8k98lPrXGxQDwzbYWnHiw%2F33fUKe1meh5cdorpsNzEk03X8T0Gnaaw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa630e0add0afe-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/971661240:1714170596:Yy7KlMHOT6PWuE0t0TLZYlFSTdhMQm_SRTeIVuZ77t4/87aa62ceef3d5694/ef4d02f714cae56 | 104.17.2.184 | | 28 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/971661240:1714170596:Yy7KlMHOT6PWuE0t0TLZYlFSTdhMQm_SRTeIVuZ77t4/87aa62ceef3d5694/ef4d02f714cae56 IP104.17.2.184:0
File typeASCII text, with very long lines (22560), with no line terminators Hash6ab8e2ec5485d6aea86195c1b7227562 6ba4bddce229853cbf7ebf70a770965ae1f573f5 d63a1f565a69c45842854079209c01104ed9000489e93d9bb882edeb52899c6b
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/971661240:1714170596:Yy7KlMHOT6PWuE0t0TLZYlFSTdhMQm_SRTeIVuZ77t4/87aa62ceef3d5694/ef4d02f714cae56 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/lmsdh/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: ef4d02f714cae56
Content-Length: 25344
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:34:54 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 4mgx/QJd6ZZ99anyGyRsaMlyvNkI+N/1Kx7b5fmQ5lLo+2JbfNCdmI0m60ntwwXa$2aFfDxsOLSuIrzeF/Ln/WQ==
vary: accept-encoding
server: cloudflare
cf-ray: 87aa62dc9e5d5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/favicon.ico | 172.67.150.207 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP172.67.150.207:80
Requested byhttp://productivelookewr.shop/y
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hashb1dd6613b7376a17e9fae9d79a3f5c34 1610d40d92188022475ffb9039fccd8a391eae3a b2f1bec1d17ee77355415bf41a63faef5b987f5f760fa15ba03a2e4a12f771f1
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 Apr 2024 23:35:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 1Lm7ocziH6jsoAl1CcXYbwg0wJP2ncU6XkZdLy3xLH/PcWsmUI70VHxjlWXrGulI88wqMauY93afza5IQP9fjCMSfI9RDxB8eXq/WRZGTdyjSzc9/Q1lomFfPg/0ot6W8ClRJXT63xGolBm7YRN75g==$KNKdc3WTnIINbFQvtKZIrA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2FzyEfx%2BvklqWlp0%2BNbPyS3D1muYSRBPc%2F6HIkPaSjjsWq2%2B2rBJ183G85PYwyLHgAZB7xu79OYNQEdn1uVOmvzZY0QoVzQql6ZBSSDHI8Dukw%2Fm6dlTj6yKoULQe%2FmIOSl1d4GgFVP1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87aa630ea93b568d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa630dcc3556ae/1d35850d8730355 | 172.67.150.207 | 200 OK | 12 kB |
URL POST HTTP/1.1productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa630dcc3556ae/1d35850d8730355 IP172.67.150.207:80
Requested byhttp://productivelookewr.shop/y
File typeASCII text, with very long lines (15992), with no line terminators Hash264e529fb44155dbb0f26675cb3ca632 6a9b07467336aac91173ec34f0adcdc7e43331b1 d370afaaa6024384dfcc7b5f95d27277c820c901426d240aa5772e0c6840c728
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1458453619:1714170359:2PJa9igPnT-roX12X9SiU-eQ7Ue6d2q8iE_4Y6XgMLw/87aa630dcc3556ae/1d35850d8730355 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/y
Content-type: application/x-www-form-urlencoded
CF-Challenge: 1d35850d8730355
Content-Length: 1861
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 Apr 2024 23:35:02 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: D1yweXaJPYDFCDUnbYjF7ilQGTAUCst8+/pNfPN6WzUa1LF2o4wAjSDSYCkRh0EN$1h9pg1iVAidzG2LNwa752w==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D5%2Fzql8a61Aiqg3jJpQKuXRgNGamXKQVSLjYtv3pEuXSrKjdZUot1DH9OpctFR5AvFw0zcTQn31QvYKT5RcoGjxmsFXeUkkidr%2B7q%2FQYUAemHU3KUjHsqXiTulFBepwrjMK1twDZq1Yz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87aa630f7c8556ca-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.2.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.2.184:443
Requested byhttp://productivelookewr.shop/y CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash6f0fed34ecf042397bc8c4a43f49579f 2662a1dc26550f2c3754e75c9d5fd7c3be01235c f11bd66fa5ee3a8bf7476fb0f4eb681cf0dd55167fe66ff4ece3cd700ba6c92e
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:35:02 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
document-policy: js-profiling
vary: accept-encoding
server: cloudflare
cf-ray: 87aa63104bc05694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa63104bc05694/1714174502806/o07cZX2CJ47xD99 | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87aa63104bc05694/1714174502806/o07cZX2CJ47xD99 IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 29 x 40, 8-bit/color RGB, non-interlaced Hash757e132ccdad5e0dbe9c5515cc7595ad f29c204226212a25b90bb32ff2077fa2d911afc8 ff9c33673375c6959833d15524ffbf4b02a983ba05207f17c03a6bbb18f594a0
GET /cdn-cgi/challenge-platform/h/b/i/87aa63104bc05694/1714174502806/o07cZX2CJ47xD99 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:35:03 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87aa6314de935694-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa63104bc05694 | 104.17.2.184 | 200 OK | 433 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa63104bc05694 IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size433 kB (432654 bytes) Hash9711ee0484cfb007f14ebe4866a6dcb9 8f119af288e49b5f162fceac53e838d5e7f1c163 eb71f1307dc9788a9bc5bebd4175432ad10436aad1641e1116b2c1f0b6a52869
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87aa63104bc05694 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ealiu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:35:02 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87aa6310cc185694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|