GET claimbonusrewardsnow-xyz.lol/cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response=
400 Bad Request 23 B URL User Request GET claimbonusrewardsnow-xyz.lol/cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response=
IP
Certificate IssuerGoogle Trust Services
Subjectclaimbonusrewardsnow-xyz.lol
Fingerprint10:93:AE:3B:4B:E2:06:FD:61:4F:32:27:CC:9A:74:6D:6E:98:9C:F1
ValiditySat, 31 May 2025 00:28:41 GMT - Fri, 29 Aug 2025 01:28:19 GMT
File type ASCII text, with no line terminators
Hash 1862a245f1f02bd4477a17e9432e3a25
5e9e7ba669c7c6e7aa7aede335b0b22f0a08b88f
e999e13afc2c76a9b3523daa037814a97f9ad5310ee32c4dfe3b5d006a0ed73b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response= HTTP/1.1
Host: claimbonusrewardsnow-xyz.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 400 Bad Request
date: Fri, 27 Jun 2025 13:53:39 GMT
content-length: 23
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wrsdUPb09wfldze9CDGIx%2FEUbBHdO4HbQKorj6KmBku4gfTmdJns12c5d%2BP6AZZnHIsXA1fpcFZn0Vo6%2FZPWVDudIdCEk%2FIHQoXld6oOylQesO2IxmXOKVTE"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 95656e8d0ad156a4-OSL
X-Firefox-Spdy: h2
GET claimbonusrewardsnow-xyz.lol/cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response=
400 Bad Request 23 B URL User Request GET claimbonusrewardsnow-xyz.lol/cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response=
IP
File type ASCII text, with no line terminators
Hash 1862a245f1f02bd4477a17e9432e3a25
5e9e7ba669c7c6e7aa7aede335b0b22f0a08b88f
e999e13afc2c76a9b3523daa037814a97f9ad5310ee32c4dfe3b5d006a0ed73b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response= HTTP/1.1
Host: claimbonusrewardsnow-xyz.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 400 Bad Request
Date: Fri, 27 Jun 2025 13:53:39 GMT
Content-Length: 23
Connection: keep-alive
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Vary: accept-encoding
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hq4qyMCP4e7Lh6TERclUwLZqzp6lxJhykCMSPbiUa0f%2FUOQhply1SYebkNfsoufGgSpr7G1cd51L5eTCJb0PSjecV4wSnqJpjtpfAfGQNKFf02u9BC3nDCqS"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server: cloudflare
CF-RAY: 95656e8e480d56a9-OSL
alt-svc: h2=":443"; ma=60
GET claimbonusrewardsnow-xyz.lol/favicon.ico
403 Forbidden 5.0 kB URL GET claimbonusrewardsnow-xyz.lol/favicon.ico
IP
Requested by http://claimbonusrewardsnow-xyz.lol/cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response=
File type HTML document, ASCII text, with very long lines (396)
Hash 05e57afab66bc30ccbe8390a7056e1ed
1fb44d33005e55e8b0554d7e96e00d4c7e3e9180
7f1cd6a539bbd98eca4b742121765332c76886681bdc42d22b08c0e7ca8f21fb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: claimbonusrewardsnow-xyz.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://claimbonusrewardsnow-xyz.lol/cdn-cgi/phish-bypass?atok=3zioC9IluHpyQK1gg4A9uWZ85nZBBNcvYB5AovSl6WM-1750996978.9227943-0.0.1.1-%2F&original_path=%2F&cf-turnstile-response=
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 27 Jun 2025 13:53:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Vary: accept-encoding
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KJ1P%2FYiNQfD5G4HhgP5UG%2FeX%2FgJj1BySwqtmX41x7DPKl2vlrYdX1ZGtHOboyY5nVvblo1cenwtD33SsSjX102YAdGVJ84wT5SjTYM4CTJ5um3x2exmSTUKU"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Content-Encoding: gzip
Server: cloudflare
CF-RAY: 95656e8f8a1c56a9-OSL
alt-svc: h2=":443"; ma=60
172.67.156.81