| luckypop.shop/BR-GC-Animation/y6p3b.png | 104.21.28.50 | 200 OK | 16 kB |
URL GET HTTP/3luckypop.shop/BR-GC-Animation/y6p3b.png IP104.21.28.50:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
File typePNG image data, 266 x 83, 8-bit/color RGBA, non-interlaced Hash9cffd337981f044ae82f17b77a8da43e a2bae11f5e519d687280a825941f1e7fca953609 3c370bcbf2fae782d777527f4c533a3a4a6bd71b29e06c15991212ad479bc6bd
GET /BR-GC-Animation/y6p3b.png HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:05:45 GMT
content-type: image/png
content-length: 15508
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "e8abcb6198e997f59eeba264a9e50c28"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S04XxioiBUyzypcs57I22oVCvJrALo%2FswZGO%2FaA1%2BxPnDEckFzB%2BqIdoat9qViOaaSXQDyZ3TYemtsCDCwDY2gHDipQNu9qwChIkBG7oFM5SpXyBsB3vvoqE9%2Flvfbii"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 876486605aa2569c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| luckypop.shop/BR-GC-Animation/t8i1r.gif | 104.21.28.50 | 200 OK | 636 kB |
URL GET HTTP/3luckypop.shop/BR-GC-Animation/t8i1r.gif IP104.21.28.50:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
File typeGIF image data, version 89a, 800 x 600 Size636 kB (636270 bytes) Hashe9c2b911f7146d835ac0020b436d34e9 8a5e8a2275c780ffc650615325b6213d6e35d8f0 a79832a29a4c866c3f7830f60abfa91a89367ab6af66786104d92d85a9ff50ad
GET /BR-GC-Animation/t8i1r.gif HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:05:45 GMT
content-type: image/gif
content-length: 636270
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "a03a322254bdfdcbfdf76b5aad19e846"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fGhEf3o4R7TAv1QRO63OG0z3gTkgfPH%2BFrQTJ2nN5lotjQRbbt4ZtbMbIFiz8Ur0N7cb0Q7OojZhCd7yVcWz7CPufViXyM1VnLOlQcsVYivI2%2FSkElg24gX7yHFNJH4e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 876486605aa7569c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| luckypop.shop/BR-GC-Animation/1d2bf.png | 104.21.28.50 | 200 OK | 48 kB |
URL GET HTTP/3luckypop.shop/BR-GC-Animation/1d2bf.png IP104.21.28.50:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
File typePNG image data, 414 x 736, 8-bit colormap, non-interlaced Hasha66a7278909b71cde6a87ae400e2de8b 1d936c9181a86fc7d77dc67ad3a3f2d194557253 52e9e7f992721ed81bdb6146fe578eb67437eeb378d7c87a46928996ff219b1c
GET /BR-GC-Animation/1d2bf.png HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/BR-GC-Animation/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: image/png
content-length: 47495
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "5266bfb1df8f28aee80335f15eacbac0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SxggH9S%2BJSiluHL1LNZz1cCvfgDW%2BHI9putU%2FLsSPRBnx8kv4nHc9uZz%2FLMbUioIaCHTGhnCkQCqW0%2BA8Tx4UqSF4aZE5nIwj9B%2Fo6nej5a6ftWoeFuEDNZy8oG1nXKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 876486619d0d569c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| luckypop.shop/BR-GC-Animation/style.css | 104.21.28.50 | 200 OK | 9.4 kB |
URL GET HTTP/3luckypop.shop/BR-GC-Animation/style.css IP104.21.28.50:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
Hash516badbcb0b6d397d9b03336e1967e2d 6649c213a6cd30e17b907a7d2488355cb30d0972 ca37bcbd680777bd90aac73c19db7dbe5c8201d80e1d50cf215a05fd514e9a23
GET /BR-GC-Animation/style.css HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:05:45 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"f361f59d29247e549cb83e3f3c2e540d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yFVS32W0cWUe8hjXYEl0W1uwNRR8udssi6JyDdfVNGgj2QqG9CWTq14t7H4A6iulN9eTV3hve3wzkNk39tTgaFTNVBKnjXOGsEv7XnpLf9hEjGS1Vd5w%2F0EHhI7KB90v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 876486605a9a569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| poavoabe.net/zone?&pub=0&zone_id=5542487&is_mobile=false&domain=luckypop.shop&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=eeb0c23c-1e83-470f-92a5-fc5467e7a5fc&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2poavoabe.net/zone?&pub=0&zone_id=5542487&is_mobile=false&domain=luckypop.shop&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=eeb0c23c-1e83-470f-92a5-fc5467e7a5fc&action=prerequest IP139.45.197.251:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectpoavoabe.net FingerprintEA:0B:FC:6A:9F:F2:C8:BB:63:B0:A9:3E:B1:A6:7B:52:34:86:5B:A4 ValidityMon, 15 Apr 2024 05:23:56 GMT - Sun, 14 Jul 2024 05:23:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=5542487&is_mobile=false&domain=luckypop.shop&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.500&trace_id=eeb0c23c-1e83-470f-92a5-fc5467e7a5fc&action=prerequest HTTP/1.1
Host: poavoabe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/
Origin: https://luckypop.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-length: 0
x-trace-id: 04161c5392d4befd4449c6cb474d37e5
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://luckypop.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/
Content-Type: text/plain;charset=UTF-8
Content-Length: 727
Origin: https://luckypop.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3a9777cae172da0e4b84441cd7aa6339
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://luckypop.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/
Content-Type: text/plain;charset=UTF-8
Content-Length: 726
Origin: https://luckypop.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ec91fcf8645028ae3be04c2c50b242cc
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://luckypop.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/
Content-Type: text/plain;charset=UTF-8
Content-Length: 724
Origin: https://luckypop.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7dec688f933ac8cddd0d633ea4a3bc87
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://luckypop.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://luckypop.shop/
Origin: https://luckypop.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://luckypop.shop
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hash1b291f569ff5fb3538809a1392e5035c ec2232b106600fa3ac3df8710239a1eb3cdc49a6 bf0f29d181a114ebea88fd52bd6889a0647e761f533d04506e988412c40bcc21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/
Content-Type: application/json
Content-Length: 1349
Origin: https://luckypop.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://luckypop.shop
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| luckypop.shop/BR-GC-Animation/w2e8i.png | 104.21.28.50 | 200 OK | 96 B |
URL GET HTTP/3luckypop.shop/BR-GC-Animation/w2e8i.png IP104.21.28.50:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
File typePNG image data, 16 x 16, 1-bit colormap, non-interlaced Hash35b9ee99fe32d3d68f7807c43d768092 99e01d3e0c461a43735019cc73db8074aa7ab504 cfee15b8d3ffca2475ecab6e25900ed1454d9c327fca1942728629452ad00ee6
GET /BR-GC-Animation/w2e8i.png HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: image/png
content-length: 96
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "43e2c1f55b928aee3605029ae8c2d76e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2B5W8XC52bHlolnm1CULMZ1%2BsZ1BUMafACKPwg06qULvvDvLnNnPa5i%2B31xeohJo8%2BJnmhgp4kfEfTTNtSe3ZRnsWwphwTil%2BcfI5qMyZkY08MQBIdis41vu%2FWzuQ9Ug"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 87648664fe1a569c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 | 104.21.28.50 | 200 OK | 4.8 kB |
URL User Request GET HTTP/2luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 IP104.21.28.50:443
CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (4920), with no line terminators Hash7eb94d84cbc13f6b0509874d6706d72c 9443d1d432f457f0875cd704306f33a900e6c33e 4b2c26f01102ea56c5e96ae1bf31ff48fd423a96270bd2ad922be022c90273ed
GET /BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 12:05:45 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sNak9A8Akl6NKQb2VEbdxPKOhUVEaO6jFqaLnobUKZFDtdX69Z%2Fwh%2F2LPo2jsPMW6fCLTSRN7kfEgREQ79VAdcAz5zwnFCkka54uQ5V9f8AvuOOGgOc3As%2BRgKBt9%2FkZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8764865dcad7b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| luckypop.shop/BR-GC-Animation/s9m7w.png | 104.21.28.50 | 200 OK | 8.7 kB |
URL GET HTTP/3luckypop.shop/BR-GC-Animation/s9m7w.png IP104.21.28.50:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
File typePNG image data, 395 x 77, 8-bit/color RGBA, non-interlaced Hashbec6b8eab9d6e094df42a0e1b8230994 2ef289afa287fa1e905a9eb520974fb963c1fe98 ca9a2744b49c225c39ddd78239e2b4e1703f2f8ee03d6bc22a9f53532ac94046
GET /BR-GC-Animation/s9m7w.png HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/BR-GC-Animation/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: image/png
content-length: 8660
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b807f0faec2c500a1a2f76d99319ebc2"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRcCc%2FNRmM0X2MdNbP9JM0EwEXFFpjvGO6wnsAegAl4cngLgwmA1CwrzGzEJCwhFabTcqGCTKLGa4iIpCHI%2Bnj8VW%2Fxj6odvaQ461MLYP0Q4dTuOGEvhyTs8h6rvxsFP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 876486619d0f569c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| desenteir.com/pfe/current/reverse.min.js?sf=1 | 139.45.197.252 | 200 OK | 1.2 kB |
URL GET HTTP/2desenteir.com/pfe/current/reverse.min.js?sf=1 IP139.45.197.252:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectdesenteir.com FingerprintBB:E1:FF:08:F7:90:E0:40:BF:A4:59:6A:83:5B:75:33:7D:65:65:B8 ValiditySun, 11 Feb 2024 20:07:28 GMT - Sat, 11 May 2024 20:07:27 GMT
File typeJavaScript source, ASCII text, with very long lines (1217), with no line terminators Hash19fa1dbb952ff8bf2480f4135be72b90 a78194bb1a50a19de1f0379ec42846977f1cf197 5865c72bb7291c94d8603bf8fb936587914c45dfe5610d49a811aa166c187e10
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/reverse.min.js?sf=1 HTTP/1.1
Host: desenteir.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:56:40 GMT
etag: W/"661e9fb8-4a5"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| luckypop.shop/sw-check-permissions-d059b.js?zoneId=5542487 | 104.21.28.50 | 200 OK | 566 B |
URL GET HTTP/3luckypop.shop/sw-check-permissions-d059b.js?zoneId=5542487 IP104.21.28.50:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectluckypop.shop Fingerprint3A:31:10:C5:86:DC:05:68:29:50:4B:DC:B2:08:1B:84:51:C9:D3:AD ValiditySun, 24 Mar 2024 02:44:06 GMT - Sat, 22 Jun 2024 02:44:05 GMT
File typeASCII text, with very long lines (605), with no line terminators Hash599d2aaaee8eaaba0d57de0c5080f991 8cc895d3c80c1903ff711f8ea6fb2fa34dfaaeaa 57f39ce628f3e5ad1b39dfb39996a9b4c07bc6f7ca34d4e55dda28e1a67c9105
GET /sw-check-permissions-d059b.js?zoneId=5542487 HTTP/1.1
Host: luckypop.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"69488de9c34c48170cbaf8ab99895f23"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OdyLLL1wx59q8XQjwuQew9MxVlWBO%2FO4gG6fRQzR94PV5BN7AspDZBjLT5OASRbIgGpUqbPRSSHmMSzdTrt1%2BL%2BKGLsYitXOwpQz8%2BRdei8XXesNrGnoDqoJTxadkIPQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 87648663daf0569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| poavoabe.net/pfe/current/micro.tag.min.js?z=5542487&sw=/sw-check-permissions-d059b.js | 139.45.197.251 | 200 OK | 36 kB |
URL GET HTTP/2poavoabe.net/pfe/current/micro.tag.min.js?z=5542487&sw=/sw-check-permissions-d059b.js IP139.45.197.251:443
Requested byhttps://luckypop.shop/BR-GC-Animation/index4?cep=RouLWkKiCTsgc5VZNqJHhJJIpiewFs8nWTpPhm8ldZzNXioAi1v1RUSuNeFS6zrlQ0-dMU-GpKkYrrEeHT9hjX4oDwk6nDLGT6YlEPngVc1bDBgPHu1J72KbZvgf2VUHoB8p_7W4uxfsprpFX8aoKCcdRO2g-ns0yXBomKIPsDmbwc107pMc_tk3udCbcOJlQdLv_yp4nYw8J23rKKtcM-xyGM8vRAQc0-msbGmziz8Jh612RcEBqOb47VhGkO6kLoPWyrNmsz0bM4tufiuALlj1ZTAFTV6HJm4MGHm7ALzaJV-o4fZvbaBXF9BLdZM3GX3RH90cRwi7mOgEqSKfV7-FOfyjALnd3s0y_yHapuwovhZBYhLrLHzXWTuRYsaEMKiQf1JWdB5MdpxHYwfXd0aWLhyfW-d5t-LeY-qfRhI&lptoken=17f313cd44db379c2871 CertificateIssuerLet's Encrypt Subjectpoavoabe.net FingerprintEA:0B:FC:6A:9F:F2:C8:BB:63:B0:A9:3E:B1:A6:7B:52:34:86:5B:A4 ValidityMon, 15 Apr 2024 05:23:56 GMT - Sun, 14 Jul 2024 05:23:55 GMT
File typeJavaScript source, ASCII text, with very long lines (36528), with no line terminators Hashb64d3763f9aa99e7edc76dc0dd29d030 9b5d6da9384fe75fcc5a4f79ad2cde0399bfd523 e64712048ba884038027c9037196f430b7ae020a3ec9679dfd577a6fb58f9de3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=5542487&sw=/sw-check-permissions-d059b.js HTTP/1.1
Host: poavoabe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luckypop.shop/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 12:05:46 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:56:40 GMT
etag: W/"661e9fb8-8eb0"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|