| productivelookewr.shop/apidJ | 172.67.150.207 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1productivelookewr.shop/apidJ IP172.67.150.207:80
File typeHTML document, ASCII text, with very long lines (14394), with no line terminators Hash0ed2fb5f6bcb3ee7a95a3ccf9e20a148 0d5c3804ff0ca3dc75730be42c6eb8071936b725 53acce281484d0fb2bdec797b7af1dd5aa4581c3d58b47498000d8b352fe5659
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /apidJ HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 16:20:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: TUc3/La8oBetqV42CuNTPrHO9TCW2egQ2XFYgInx4lYAi/34UchjUyuoWXDDpFZIO+crXWw8O1cMDkhT+guo6MmLTqKphoma+dembu7/ICEvxssVLWHcOoMH6ogeOIehsdOgGfIxLvCLIX/Z79MfEA==$qvid9OeyglrBWUS1I675yQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jerTcv64L7UOAS%2FcS1C4W2ZfF7yZ9Rdg4ce%2Fsy%2BeTWSVDgN1xAeugniU5gYJzc9yeR0mxMuIEdCzVTZi%2FmrC1I%2FNmhrYYqneTjWwOg%2FoIIMYogmvL0JA1yW23aV6csi8JCmX56XqRvqd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87976c72acac56aa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87976c72acac56aa | 104.21.11.250 | | 115 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87976c72acac56aa IP104.21.11.250:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size115 kB (114738 bytes) Hashcac141a9019e6262168ffc2fd1d1f629 1e4b839a6bc3aa7e255f14c654a150c60c7bd2af c8a416a33fd64e8c24bb44fb201542db96341999c6bf8eae1772a7cdf3bb69b2
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87976c72acac56aa HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ?__cf_chl_rt_tk=dbwr3NoMl57F1soj5fSF47kaSi2ZNbmF23KzxLcoceA-1713975657-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 16:20:57 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zGMjB2Eb6C0L%2F8Ftz7QhNjN2rkfiK%2F1p%2BeEEOVyrPWFka8gUtHZj0AoH3uaee9nRoyYOTUF6cvsYH1iT%2BRdi5k8fOXv41lX5PpU4qiQjkbVK2mi1ebMrRzt%2BI0UwtlTpyqyf2266XPRt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87976c74794cb4fd-OSL
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/apidJ
File typeHTML document, ASCII text, with very long lines (14484), with no line terminators Hash5a25a35c8958107f6c2ce430bfd52842 deb0737469dbf3738af5c7b2ad9a186eb32edb8e 47cac19de36c0640e27877760022c033d3727fa2a151b5f5900ffbe4ecd13b3f
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ?__cf_chl_rt_tk=dbwr3NoMl57F1soj5fSF47kaSi2ZNbmF23KzxLcoceA-1713975657-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 16:20:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: O2/2dDd2G7hEzvrqpomRKz1joreJzyvFsX+1xzZxy8jL3N9ExtFaxq6ZaXBXzJEGYV1ChIe+Z5dV0mO33D6axTwVfJZvAldAiknZt3Z552X7YW8XXhnaq6aAz4RIXihCV9yxsMsSW3AftaO8KXebPg==$LmI58THe9daJTjh7BA7CZA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3aQiQZ781OjRv%2FOwxKzy50D0csQHVchGzXaLzqTus6uK6XSPuKPHdSLOwfm6lxgJJOWlVnk0A3%2F1ugL2ob5YHUS4XnMhUTYIeFA8lO8ZRy0uErIFSKK4V8aC2VYGb9%2FgYm2T%2B2E0Hbd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87976c74c98cb4fd-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.8 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/apidJ
File typeHTML document, ASCII text, with very long lines (14398), with no line terminators Hasha946b6ce37dc0ca355033cc85425c173 aacfd6faa581a9ed3bf78d208f5c5ac07ffc5d75 671618ae51ddcff7069993ade8aa5b9357d98345980e53c070505242c82617e2
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 16:20:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 9FzbQRvKIzkfcQng9xh5yPXm/S5TZ9ijsWZybeetLv4EM0yHZoyq5SzIfrz5k/Ai7FTlun2qXjgwpDqDZ75l6ZkzZR34bRGguMaMjeqIcTlJpcUgarg35IfmLCYd6fzSTZpalh/Se20/IAT9m5Lw4Q==$NvplnvB5G67n+J6El6ddGA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8O3h4hR3E7KD%2FurPUyw1XsUZGNAZTKnlhxvrNa4WbA2fS7vuU9O8wUSxECDYxZDY%2B31vOSjRNhhNTWEuK7QhtL2vsZMpo4gtI6jvyOMkRD3u%2F9CLipgcfI8Fw39ras49Xbq6SfrbcTiQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87976c751868568b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1815634333:1713972337:-9QITEmvGZklq1rVGzepNho34OTZeWnfmpNP7UgcUCk/87976c72acac56aa/0b031e4c4e00014 | 104.21.11.250 | | 12 kB |
URL productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1815634333:1713972337:-9QITEmvGZklq1rVGzepNho34OTZeWnfmpNP7UgcUCk/87976c72acac56aa/0b031e4c4e00014 IP104.21.11.250:0
File typeASCII text, with very long lines (15992), with no line terminators Hashdc25c4b8f08388549ba14bbf322562f2 382f0380d6def39f44daf646aec54e212208af8f dc1bf157c5ae9148da42f940ae2e32363367e375772e1af262fc794a50e33a6d
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1815634333:1713972337:-9QITEmvGZklq1rVGzepNho34OTZeWnfmpNP7UgcUCk/87976c72acac56aa/0b031e4c4e00014 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 0b031e4c4e00014
Content-Length: 1850
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 16:20:57 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: tadqCLRwaG3/qqsqIWz5GMn0Cgd1QxfUKovEb0ApGnHQvweLaOUgtnzujMs8HdAM$Vx8W1+oSIYzFgHO90BFqJg==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wHeofz7u2qnvEpRi82ynnYd1LjgLJHQhOcHAnFVkg7DCYmwXBZOnXNjg8461RcTXqoRq1NiUYFckPDghynFNwG1AmcripLGrXXwFVIYf1PSAS3DHudezdo6t9mmYqPZegWOgsb7z1GcA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87976c761bf0b4eb-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:20:58 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87976c778c511c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | | 32 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash20d4a390d6f368b3d12c0013e86988e8 e014c6cfc6e6608c5eaacab3f041a0c4619cec0a 19d0506af99f39b22c0404e8287d992c58ab660e23a238c973aeea9976b3e4db
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:20:58 GMT
content-type: text/html; charset=UTF-8
referrer-policy: same-origin
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
vary: accept-encoding
server: cloudflare
cf-ray: 87976c76dbe61c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 | 104.17.3.184 | | 132 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size132 kB (132013 bytes) Hash13e74b99c40972b36e4917e81b1d5f6c 7862156582ba1db12d50ed0d44ba385566c29e68 9f5e376d737b4b3596cadfbe9fa20bcb52147a09cba065aa7bd5f72236c9172f
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: aef758271a3ae50
Content-Length: 3292
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:20:58 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 22epgNTzhSCOUxP5HyeKdBrlzw4TKG/F1HSFyyd1ZKlLStcDSw91M6zvSfZz51F6KBEZJ9tDWQ0mmRetlCLdUI4ND7AyrqapoommFRQsI8Dj5tmI+3ThUKYyco79jcjTsFwgN2Lcw8x8YKWgt4YjugDl5ONh8742Wd94f3fkQLM6HoQ9EfoQTUgqXg8h2TXglaWjb25YhJjq5Hpka+OqVRwLOs6TVy62fi6Xqra9oVzRvMA2w1VFeynChvj9GOPW/vpFNOybOT4q/xLN7XVXs37bjWJC3j3+aYEqqmpeKOqCN84dglBoHOm+5kxQd2MPm0hRelZsbXgjz+PKRt9przmbrsn5Uozon8rPGLAc78spl3Zx2dfoGPWscpHUumTgftfaSMrW6rGAVbzL54wmNy7ZCGOt+yK8mkALBbo0flgnlzJsMrEutTVB2tq2XOUl$GFtVMFjCoHPiomQyeRdxcw==
vary: accept-encoding
server: cloudflare
cf-ray: 87976c798dcd1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87976c76dbe61c0e/1713975658500/tQElDLN9kOI_wSu | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87976c76dbe61c0e/1713975658500/tQElDLN9kOI_wSu IP104.17.3.184:0
File typePNG image data, 2 x 93, 8-bit/color RGB, non-interlaced Hash42f747e47ec35d5a3650e96bae17e4da 897e049c5fff98778d16e54b93eab6f4dc0003db 3275ca0170bf1880833fa731b5183cf1f788f14c35612d23fa687d605f34bb43
GET /cdn-cgi/challenge-platform/h/b/i/87976c76dbe61c0e/1713975658500/tQElDLN9kOI_wSu HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:21:00 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87976c86cd991c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 | 104.17.3.184 | | 23 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 IP104.17.3.184:0
File typeASCII text, with very long lines (22552), with no line terminators Hash8fb96d9d7cdfb751d5f7a14f2f57b047 abbba202776e9cee41aaa1f09fb4ca75850a2a6b c2661a84293ab1c826b5dfee0cc4b0e0691ed868ac5d5293cc1887689bcfe9d7
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: aef758271a3ae50
Content-Length: 26009
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:21:00 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: Szy5NkXq8L1TCmEoUTfQ1qm5RqBnqRdYPCDf12P1purbHmNj7akLeHl26Dfp6KQa$raFJW217oFwpbny5IDM53g==
vary: accept-encoding
server: cloudflare
cf-ray: 87976c885ec61c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/apidJ | 104.21.11.250 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1productivelookewr.shop/apidJ IP104.21.11.250:80
File typeHTML document, ASCII text, with very long lines (14415), with no line terminators Hash42b90522ac4222b12021ba5d123d610c e014227636833af855cfedd2237ebe5313929060 57e54a503185123c2d340af862f3f24a224ff957953d95c57effd4bee187fe42
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /apidJ HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 16:21:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: yZ0vCqU/aQWzQq1t83ZWCTZGuRqISfQQc3CEW2oTagkE9V7YiCIQTVhZ99TuEUwHFr+RDflc/N6Eqi5WhKHLtex9TYGUpBIbu29U8qFxL8KMocJqleEr5vAZfD2mmFTIbc+fTxcFYWqOXI9GLDTHzQ==$8QnINLbItjOZE71bQsnMhg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x5cVJDA60CZ5%2FW%2BZyXWZbTNo6sEPOgbs3TCs9wNVhRJ2jUX112bAw%2FmuPj0WMImg5B5BroDuLml%2B3EqtWBIwqmBuGxtr3kfz5uLmzFnw7l%2FKWZNTwHA%2FPI0YSBMVuz36cQNZ4d8SPDwI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87976cb1ee8bb4eb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 | 104.17.3.184 | | 114 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 IP104.17.3.184:0
File typeASCII text, with very long lines (968), with no line terminators Size114 kB (114389 bytes) Hash72e1e63f4f58f702a0bd90be3d6c09be e8928e4f14ba8892881f521d9c03691bad3c641f 6e4b5d4310d5f6816e6a33b953998a7663013cbf9f48d52c003f14b966dd37f4
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1068293541:1713972597:JtN90fc-KP14rkiUU1xY74dYtRNGIl--IV-itljsrcw/87976c76dbe61c0e/aef758271a3ae50 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/bf4lp/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: aef758271a3ae50
Content-Length: 39083
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:21:05 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: ruwgwCjMHNaIWd0YO09DVFmAAMxMAo0Cv6JcwXVp3Q6vcbMB8LVjWeBTgsM07eEMTVtpQhxqfZoFIjE9SlNsYVKFMja+GhcGmlq3kNAs4Wk=$VsWxPoYiQHSQ9rNgmsgyPQ==
cf-chl-out-s: ClmLYP7kruELZ/3ot5m08mw69qR6xrvk2JetAtWVwlOIJRl10vtCSKNQH5+HUmZukrw037Hy0AFX8WU/C06MF0w2UwurTzfgO6L0uucePhmUw7G29FASa/5xyp1A17DRqOYcRgYFoaezub6+NpoAEw==$C8gzYc9HXLBsXTCxX0gB5w==
vary: accept-encoding
server: cloudflare
cf-ray: 87976ca499501c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/apidJ
File typeHTML document, ASCII text, with very long lines (14505), with no line terminators Hashb8e2553ac44773b5541ffb1bdadf8c10 71ba47c7a356b6db578e13a286a97df50b1a727e 9f289357a9701e101b033d574ff287cda65343b2df117cd7a7322dc31b644493
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ?__cf_chl_rt_tk=A_.YXSsLrtlc8s7c4r5CnCSlq0rjn3b4emtnXrpW47w-1713975667-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 16:21:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: CFp3xwRmC0mRMdtd7pKfkgDInfud/oMgM08pSl/VNoaJcAmXOst9jlPJeKjfQYsFtrWYHXdTaaEsv3SIhYP1/bJhJVmwoSoQJMznPQ7PMVfrNbaIm+nzxUoOKJmwJLU3FaMl7bw63iLe1AlQvWK1dg==$3iIV7VyNUhEuL2l/HL+e4Q==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cad%2BOGMTH%2FRa64yUi54g9h93jvK0bIALTrIEXnHitEDeGIaOQCTy2dXA7bVaFEGJntDP8wg%2BZuHHZbBCWzPCWrLg%2BXRQAMkqolH1F0QS5kYVjG8pliorF8s4CLAXla9RELiOiQev3%2BhI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87976cb298b656a5-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/favicon.ico | 104.21.11.250 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1productivelookewr.shop/favicon.ico IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/apidJ
File typeHTML document, ASCII text, with very long lines (14419), with no line terminators Hash17934aeecf39c70ac58a195451a27174 2de7bef5c2933bc08d72ae8f8c7758b861b56f11 9593d5e0f591e98429b8011039459dfb32f8f19cdf14de310efad4874458f44a
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 24 Apr 2024 16:21:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: s1zkSKFz95K36U+hFl53T8Umuc1ARefoqk93zdSu7RCMKiv0fXtcw9doHcHCqkt2nSdwXlc3FsPqeqHil6Y/QMAyJa3yRtURDfaqdWN754+Y2H1NBm+sXmDVbUIUyFiUa3Upl8Mk1Wx/rmN/f2Gy0A==$KwQ7g/yb6SLXnbg18enV4w==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AcWdq%2BRwTyCGum10BwfjiWyICNajAC3cLKQ1TNUecNBiwjtRXsXXKvxOBqD6UO8%2BkGwcZg66uRbnx0K2Wglovra0ny1jsavDytmwocw2%2BKXe0pmZP%2BUi0ldw65uYRvHCoG%2F8QzSyYjvy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87976cb2fd92712f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/310479165:1713972469:cUMvLWIwA25yye6c-hXZjqjRo5Db2_Ed2HaUY4zeJnU/87976cb1ee8bb4eb/95f62e2b732be62 | 104.21.11.250 | 200 OK | 12 kB |
URL POST HTTP/1.1productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/310479165:1713972469:cUMvLWIwA25yye6c-hXZjqjRo5Db2_Ed2HaUY4zeJnU/87976cb1ee8bb4eb/95f62e2b732be62 IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/apidJ
File typeASCII text, with very long lines (15984), with no line terminators Hash0eeded69cc09ad7effd2fd8277118ba6 14e9ef23464d9ae33b4a14e65025d569416aefbb 36d3118394af75ac6f97c5386893067f45c157b46b24d29132a5f49a3ddf1b34
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/310479165:1713972469:cUMvLWIwA25yye6c-hXZjqjRo5Db2_Ed2HaUY4zeJnU/87976cb1ee8bb4eb/95f62e2b732be62 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 95f62e2b732be62
Content-Length: 1870
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 16:21:07 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: Sxhp80dOFn0xVWS1zJc8esiDtapt32LQI0iCbBCluLx69JYogcPuPjYaYqG7yv4b$6+imsBLW33Zq3cbC2Ho5UA==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vo4i60iSymH386tucYlpLivSxxGUK94HSD2PhmRYWQdmwOwCMPX6J7xEsn40qR3TmTbWGM5hEyWVBUodPkxHnL%2BN3dxT7kgdt2ro2XRHXvdiKxGHvc9GJ9P%2BPUs0AnQ4%2F1gyNez0o7qH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87976cb3cbdf56a8-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gwh4t/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 26 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gwh4t/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://productivelookewr.shop/apidJ CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash588f64c56d895fc0e25035d5f243c81d 1fe0222adb1e7facc9fb712699c362d5fc96dbc4 3b037db9621c866f5bb4ec05ade3482745072ddded6c2bdb05ee0077ac50872c
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gwh4t/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:21:08 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
document-policy: js-profiling
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87976cb51bf41c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87976cb51bf41c0e/1713975668476/u16H-KzZ8ZnFLxk | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87976cb51bf41c0e/1713975668476/u16H-KzZ8ZnFLxk IP104.17.3.184:0
File typePNG image data, 44 x 55, 8-bit/color RGB, non-interlaced Hash844acdc404c8780c5448dff61841eaee 6e3575b5566ab7886526dd79a1c7d9c1843148dc 3d31aa677ad27e8c6b214c518894525c4714d83a3503c68137d151af1f9a99b0
GET /cdn-cgi/challenge-platform/h/b/i/87976cb51bf41c0e/1713975668476/u16H-KzZ8ZnFLxk HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/gwh4t/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:21:10 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87976cc758ca1c0e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/310479165:1713972469:cUMvLWIwA25yye6c-hXZjqjRo5Db2_Ed2HaUY4zeJnU/87976cb1ee8bb4eb/95f62e2b732be62 | 104.21.11.250 | 200 OK | 1.8 kB |
URL POST HTTP/1.1productivelookewr.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/310479165:1713972469:cUMvLWIwA25yye6c-hXZjqjRo5Db2_Ed2HaUY4zeJnU/87976cb1ee8bb4eb/95f62e2b732be62 IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/apidJ
File typeASCII text, with very long lines (2332), with no line terminators Hasheff34f03c90a7c6f9929af2dd1b9fb8d b5e8e5d6eeb41122e22e0470898011ac31673cdf 8b0c4a7dbd97c6242603bfbbffbddb4caad9e64858414df37a8d27876c7aa17d
Analyzer | Verdict | Alert | ThreatFox | malicious | Lumma Stealer | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/310479165:1713972469:cUMvLWIwA25yye6c-hXZjqjRo5Db2_Ed2HaUY4zeJnU/87976cb1ee8bb4eb/95f62e2b732be62 HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 95f62e2b732be62
Content-Length: 2509
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 16:21:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: onbi0+z4YJZGBYgbZ+A/V8GgxrR+ZVkuWsM2CsnNAjLjQXUlVNOj5BoJWGzqeAayCCreyG5Cn3Z4u/1Pinos+nLTe31jPZAopWW7oi8haBI=$gVzfZclbFELq6HkaiEXVfg==
cf-chl-out-s: zTxapRkrkZgaJZwmbU5Y0H2EBpkeXkr3TPTge4AncFoZ/Gy64ju8YB41dT0eIMareQCyBHMwAuZ0kvdFVU4q8ehvwJGe3MaIw3DsvzViDGc=$ZOlZzwdFtTG/w2dPdcArEw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SQ2aB%2BIzZXyRX5yjH2YopN8iOKxzOuBr1vF%2FoWihoQt4ADrbOXGQ1bjGJA9qt8rf5426w2J7T%2Fo%2F5uHC2lKrBjK6y5XPa0Uk1xs0fz%2Buj%2F%2FGmUk2tw7w2%2B%2B6YmlRM5ZxqWunsBQHAWTT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87976ced5b9156a8-OSL
alt-svc: h2=":443"; ma=60
|
|
| productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87976cb1ee8bb4eb | 104.21.11.250 | 200 OK | 398 kB |
URL GET HTTP/1.1productivelookewr.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87976cb1ee8bb4eb IP104.21.11.250:80
Requested byhttp://productivelookewr.shop/apidJ
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size398 kB (397809 bytes) Hashff14aa9b0218ab41eaf280a47cafb11e 52aa0a8c3d467391dc850ecedfb861be14c56a8d 4ac330dcd281bce75ca65903c6dc28e4707e41f9a0a4658adf7fb7cee2082f22
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=87976cb1ee8bb4eb HTTP/1.1
Host: productivelookewr.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://productivelookewr.shop/apidJ?__cf_chl_rt_tk=A_.YXSsLrtlc8s7c4r5CnCSlq0rjn3b4emtnXrpW47w-1713975667-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 16:21:07 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6a%2FdNPJUuFsPFFIOTvtA84F3aGglsvNlPrtjZyUPTQrRtyfpAZQpU49K6oMYPkI2E6nLQIhXY4x1QE6vOofAwbG7k%2Br2tgGKx2V20WW619Iu4Dmk9N3JkDuupGeqEHzfy1x0ZdBTFsi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87976cb2484956a5-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit | 104.17.3.184 | 200 OK | 42 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit IP104.17.3.184:443
Requested byhttp://productivelookewr.shop/apidJ CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42414) Hashf94a2211ce789a95a7c67e8c660d63e8 f1fc19b6bcb96d0a905bf3192aaff0885ff9f36f 926dc3302f99ec05e4206e965ddeb7250f5910a8c38e82c7beafb724bbaaf37b
GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://productivelookewr.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 16:21:07 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87976cb2fa4f1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|