Report - lfkpoly.promq.top

Report Overview

Visited public
2025-02-11 00:39:47
Tags
URL
lfkpoly.promq.top
Finishing URL
lfkpoly.promq.top/
IP / ASN
172.245.112.197
#36352 AS-COLOCROSSING
Title
Meta Bot

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lfkpoly.promq.top	unknown	unknown	No data	No data	3.1 kB	100 kB	172.245.112.197
getyourapi.site	unknown	2021-03-05	2021-03-05	2025-02-06	493 B	748 B	3.122.218.248
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2025-02-05	524 B	1.2 kB	35.244.181.201
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-02-05	2.8 kB	159 kB	104.17.25.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-02-05	419 B	140 kB	151.101.65.229
fonts.cdnfonts.com	26261	2018-10-03	2020-06-10	2025-02-07	2.5 kB	220 kB	172.67.184.158

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-11	medium	promq.top	Sinkholed
2025-02-11	medium	getyourapi.site	Sinkholed
2025-02-11	medium	promq.top	Sinkholed
2025-02-11	medium	promq.top	Sinkholed
2025-02-11	medium	promq.top	Sinkholed
2025-02-11	medium	promq.top	Sinkholed
2025-02-11	medium	promq.top	Sinkholed
2025-02-11	medium	promq.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js	ScriptElement	88 kB	2023-08-31	2025-06-13
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 16:03 Last Seen2025-06-13 03:10 Times Seen38886 Hash 2c872dbe60f4ba70fb85356113d8b35e ee48592d1fff952fcf06ce0b666ed4785493afdc fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a Loading...

	lfkpoly.promq.top/src/js/modalPhoneError.js	ScriptElement	1.9 kB	2024-07-03	2025-05-22
Pretty URL lfkpoly.promq.top/src/js/modalPhoneError.js IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-03 19:46 Last Seen2025-05-22 22:06 Times Seen29 Hash 71e236d07872f9eadf05c95f46f40c34 2521d73780b03bd389055eddf0c2d3a377f5b664 7b103ed3d1a2196f130e12bcd3c8a959dc982d788a86faa06c583ea9cfa5f478 Loading...

	lfkpoly.promq.top/	ScriptElement	605 B	2025-02-11	2025-02-11
Pretty URL lfkpoly.promq.top/ IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-11 00:39 Last Seen2025-02-11 00:39 Times Seen1 Hash 10d2f6141a0a584458470df0c5145807 bc8ba6e635aa3e3cf008fa0bc6d9d2897a6b3f16 5fdf0e59f13bca33556510aa85350e923ce02a5fc0a8e72f7ef74d980d508369 Loading...

	cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js	ScriptElement	249 kB	2024-03-04	2025-06-12
Pretty URL cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-04 04:06 Last Seen2025-06-12 03:57 Times Seen555 Hash b34007e0189bdb6d937004b2d35dc0d8 4836255d80bf984e066263a2bffaa1467cfc4cb5 b35c83e4dc3713230edfbda43508fb2fb92d8e07c4189f19d201ba199ef810a2 Loading...

	lfkpoly.promq.top/	ScriptElement	26 kB	2024-09-24	2025-03-07
Pretty URL lfkpoly.promq.top/ IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-24 02:44 Last Seen2025-03-07 05:57 Times Seen16 Hash 57c2ade0aa2a4674b2c92b8e05eeffd6 b5dfdea2404e954a91d9bfd20b908d7f74175934 7324fe57344068495dc1ed01a56752b300998add43a743fe1ff40d609ba19282 Loading...

	cdn.jsdelivr.net/npm/apexcharts	ScriptElement	574 kB	2025-01-30	2025-02-12
Pretty URL cdn.jsdelivr.net/npm/apexcharts IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-30 14:35 Last Seen2025-02-12 06:20 Times Seen9 Hash 54a02be466ae7d359a8ca0bfa5218de3 2981c1f4dbe2aa8399d718a75f1c18ad1ffc6530 f4f5a1cfe4f5a5f9092968b011eb26d775f69289285ec2a8d9003be067780990 Loading...

	cdnjs.cloudflare.com/ajax/libs/toastr.js/2.1.4/toastr.min.js	ScriptElement	5.3 kB	2023-03-07	2025-06-12
Pretty URL cdnjs.cloudflare.com/ajax/libs/toastr.js/2.1.4/toastr.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:24 Last Seen2025-06-12 23:51 Times Seen537 Hash 288053556a8dbbba281cd771104eb77f fef15ece904a9e8c068183635c86779bc7e58ccb c8d6ca635cba876adb55c42d7f46fc96ae1afb1a64b7215cde9498a06018d6a4 Loading...

	lfkpoly.promq.top/src/js/index.js	ScriptElement	15 kB	2025-01-20	2025-03-07
Pretty URL lfkpoly.promq.top/src/js/index.js IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-20 15:10 Last Seen2025-03-07 05:57 Times Seen11 Hash de1b75ee6e3d3aabe556b90a879e42b9 e25d3ff148248ea2fe402345bfdcb5f6a8339820 ce83475e26ad4ffc117481acfa9c40980b58180cc48bdf5ad3e8a7afb2b21e17 Loading...

	cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js	ScriptElement	31 kB	2024-03-04	2025-06-12
Pretty URL cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-04 04:06 Last Seen2025-06-12 03:57 Times Seen556 Hash ddc9d20a5dc24ff745358bba80eea1f3 c569c6d9f50923de1753da1f2c090132fa455f55 54bc983ea406933001939caacb25ec98a9f633b8f2d54aa5ca3180948d6fe389 Loading...

HTTP Transactions (21)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js

104.17.25.14

200 OK

27 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
27 kB (27446 bytes)
Hash
2c872dbe60f4ba70fb85356113d8b35e
ee48592d1fff952fcf06ce0b666ed4785493afdc
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

HTTP Headers

GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 27446
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64ed75bb-6b36"
last-modified: Tue, 29 Aug 2023 04:36:11 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1213132
expires: Sun, 01 Feb 2026 00:39:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BwMO%2FDth8byWd6KjnH1T3NfmOftlYU28Gscb7DkxMsN%2FlweKyOAVVry3CVJHlaENhJPtQpRBOkf37ZpHhJc4xVktkBWsDHFV4BOzicX%2BZSbTGUQoofYN0DXRbYAjjAPz3MOMBQ0m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 910047e6cf9f569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js

104.17.25.14

200 OK

8.8 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27324)
Size
8.8 kB (8765 bytes)
Hash
ddc9d20a5dc24ff745358bba80eea1f3
c569c6d9f50923de1753da1f2c090132fa455f55
54bc983ea406933001939caacb25ec98a9f633b8f2d54aa5ca3180948d6fe389

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 8765
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-223d"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2370957
expires: Sun, 01 Feb 2026 00:39:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=otv20Y7YFRKS4YxXlK56d9MnNsu9yGrjXlOWDS%2F0quV7etwgD3g5vgt2JFWj093MFBvDQjdN8jLd4WMV0mwaLeSHemoWGpGnsSpr%2FmGahtL3tMQh56Vaz7sthuwBMrTGeR5j2g1V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 910047e6dfa1569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/toastr.js/2.1.4/toastr.min.js

104.17.25.14

200 OK

1.8 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/toastr.js/2.1.4/toastr.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (5215)
Size
1.8 kB (1763 bytes)
Hash
288053556a8dbbba281cd771104eb77f
fef15ece904a9e8c068183635c86779bc7e58ccb
c8d6ca635cba876adb55c42d7f46fc96ae1afb1a64b7215cde9498a06018d6a4

HTTP Headers

GET /ajax/libs/toastr.js/2.1.4/toastr.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lfkpoly.promq.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 1763
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ffe-1483"
last-modified: Mon, 04 May 2020 16:17:02 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2145184
expires: Sun, 01 Feb 2026 00:39:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TorrRaWbcrmfbCY1q%2Fk%2BxW75VjbZM31MTLMwUxviqwVAbkJvsFaKjbpBu7Mpecy5GLyHHHtbXZ8MGPMic7wpY7p1ji%2FmF3jhkx3fKap%2FjjCDb8BIIxb9OnL118cWNQC9wpVvATBq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 910047e6c9ff0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css

104.17.25.14

200 OK

2.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
ASCII text
Size
2.1 kB (2139 bytes)
Hash
582a1f76889553869a19d492c7728242
7d0ac85f92401984088d1c79d2a8d91b00e16a8a
c9ae063d7bf400c91d4056a69889903b54205f2efd6cb224d6041eca58b92cca

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: text/css; charset=utf-8
content-length: 2139
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-85b"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2197258
expires: Sun, 01 Feb 2026 00:39:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBupfDOJqIU1twjPd1TQXaE1tBjx7emjjg6F%2B%2BO0RaeAQQ7AAe4CrZwnrf2rU0obVNv8VldJYXZsLoO68ybCrxwyNoGctqE%2Bjcbljl9R75GqCUmeoeT16ldJpz8kTowfVzUVY85Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 910047e6dfa3569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/apexcharts

151.101.65.229

200 OK

140 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/apexcharts
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65444)
Size
140 kB (139527 bytes)
Hash
54a02be466ae7d359a8ca0bfa5218de3
2981c1f4dbe2aa8399d718a75f1c18ad1ffc6530
f4f5a1cfe4f5a5f9092968b011eb26d775f69289285ec2a8d9003be067780990

HTTP Headers

GET /npm/apexcharts HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.4.0
x-jsd-version-type: version
etag: W/"8c238-KYHB9NviqoOZ1xinXxwYrR/8ZTA"
content-encoding: br
accept-ranges: bytes
date: Tue, 11 Feb 2025 00:39:16 GMT
age: 40386
x-served-by: cache-fra-etou8220144-FRA, cache-hel1410032-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 139527
X-Firefox-Spdy: h2

fonts.cdnfonts.com/s/29105/ArialCE.woff

172.67.184.158

200 OK

12 kB

URL GET HTTP/3
fonts.cdnfonts.com/s/29105/ArialCE.woff
IP
172.67.184.158:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnfonts.com
Fingerprint01:DE:DA:C9:4A:74:99:9A:D5:6A:41:C2:81:92:CC:04:7B:2A:DF:35
ValidityThu, 16 Jan 2025 09:04:05 GMT - Wed, 16 Apr 2025 10:02:19 GMT

File type
Web Open Font Format, TrueType, length 12308, version 0.0
Size
12 kB (12308 bytes)
Hash
90c5c9f0a7e67f8d35fd61ba011189e4
3eb4d57b0a1b0a2a35995d5ff4c2b3eeb0061f0e
4c8e4daa210ef65d2c2a1026b4b5961eba277c1315c6a99847ee0a354ceb594f

HTTP Headers

GET /s/29105/ArialCE.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lfkpoly.promq.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: font/woff
content-length: 12308
last-modified: Sat, 05 Feb 2022 02:00:44 GMT
etag: "3014-5d73bbc3a8812"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QDS%2BegfYleeGrtx7SWbSFoGxJLGdOYBfUli5UA6gjPIfkSFkM5M5KeYmy9mHufuG6KtL3e14eI2CTZMbqfz9eFfAx%2FrN2909WKjertJRmVFMVfGt9ohyodFc1oezf%2Fo78i4o%2Bwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 910047e949f15695-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3812&min_rtt=2454&rtt_var=1890&sent=11&recv=8&lost=0&retrans=0&sent_bytes=4068&recv_bytes=2196&delivery_rate=242051&cwnd=12000&unsent_bytes=0&cid=4cf7b0f37dafb466&ts=82&x=1", cfExtPri, cfHdrFlush;dur=0

fonts.cdnfonts.com/s/29105/ArialCEMTBlack.woff

172.67.184.158

200 OK

26 kB

URL GET HTTP/3
fonts.cdnfonts.com/s/29105/ArialCEMTBlack.woff
IP
172.67.184.158:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnfonts.com
Fingerprint01:DE:DA:C9:4A:74:99:9A:D5:6A:41:C2:81:92:CC:04:7B:2A:DF:35
ValidityThu, 16 Jan 2025 09:04:05 GMT - Wed, 16 Apr 2025 10:02:19 GMT

File type
Web Open Font Format, TrueType, length 26420, version 0.0
Size
26 kB (26420 bytes)
Hash
328b58d85c853c4c8f87e4dc029171d4
7b1ce2d22e62e138b1af7d4c9d84f5f5b9ab312e
e2eda48ae9dede257c1074b95dabcc315138c14c1e706bf1d7b72ed21fad5b83

HTTP Headers

GET /s/29105/ArialCEMTBlack.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lfkpoly.promq.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: font/woff
content-length: 26420
last-modified: Sat, 05 Feb 2022 02:00:44 GMT
etag: "6734-5d73bbc3a8812"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNhiMX8I7BFmb%2BhnZN6YDoAc2HtKrJNcgbUMN7vx%2F%2B7WxbUSmUDgrkLmT2tLZDxEDN1WSkrvKkb0dJ59T8JR7FFXIPyLf5RKaNUe8vM3M0lzg%2FnRGBMoD7Xa%2BrwshUq857aZ5tM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 910047e949f25695-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3750&min_rtt=2281&rtt_var=1609&sent=23&recv=10&lost=0&retrans=0&sent_bytes=17426&recv_bytes=2284&delivery_rate=257546&cwnd=24000&unsent_bytes=0&cid=4cf7b0f37dafb466&ts=105&x=1", cfExtPri, cfHdrFlush;dur=0

fonts.cdnfonts.com/s/29105/ARIALN.woff

172.67.184.158

200 OK

86 kB

URL GET HTTP/3
fonts.cdnfonts.com/s/29105/ARIALN.woff
IP
172.67.184.158:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnfonts.com
Fingerprint01:DE:DA:C9:4A:74:99:9A:D5:6A:41:C2:81:92:CC:04:7B:2A:DF:35
ValidityThu, 16 Jan 2025 09:04:05 GMT - Wed, 16 Apr 2025 10:02:19 GMT

File type
Web Open Font Format, TrueType, length 85844, version 0.0
Size
86 kB (85844 bytes)
Hash
608b786f0f982cab226cf831b4535492
900528e9026528c93f27445bd96b157d4056dc01
2b6456247d7acc550b05357bbaf1d8bfcf8be3d3a6f6ea365c8995ecc2e96b90

HTTP Headers

GET /s/29105/ARIALN.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lfkpoly.promq.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: font/woff
content-length: 85844
last-modified: Sat, 05 Feb 2022 02:00:44 GMT
etag: "14f54-5d73bbc3a842a"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFHBcIcXQGsp3lxh8ckGcqK77Oxbj2c3Mzp%2FlxHrkOXZ%2Fkm50CcTDapQxm3zMQ4GAE3x3lwu13mVi07YKpRicAUBRGERp9jyRmzG2DuOmhyUQ8PJWbZFClD713uDKMjWjM5Yzh4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 910047e949ef5695-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3457&min_rtt=2281&rtt_var=1412&sent=87&recv=12&lost=0&retrans=0&sent_bytes=93213&recv_bytes=2371&delivery_rate=1508298&cwnd=48000&unsent_bytes=0&cid=4cf7b0f37dafb466&ts=134&x=1", cfExtPri, cfHdrFlush;dur=0

fonts.cdnfonts.com/s/29105/ARIALNB.woff

172.67.184.158

200 OK

86 kB

URL GET HTTP/3
fonts.cdnfonts.com/s/29105/ARIALNB.woff
IP
172.67.184.158:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnfonts.com
Fingerprint01:DE:DA:C9:4A:74:99:9A:D5:6A:41:C2:81:92:CC:04:7B:2A:DF:35
ValidityThu, 16 Jan 2025 09:04:05 GMT - Wed, 16 Apr 2025 10:02:19 GMT

File type
Web Open Font Format, TrueType, length 86264, version 0.0
Size
86 kB (86264 bytes)
Hash
8ffb72584e65e108d657a37ddaf2f073
88e4976454e5963c61a952bd88d799665501980b
59f9c84e1910e87bc78530bcc643fc070fc3183281e9cdff47f33df2e1989c85

HTTP Headers

GET /s/29105/ARIALNB.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lfkpoly.promq.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: font/woff
content-length: 86264
last-modified: Sat, 05 Feb 2022 02:00:44 GMT
etag: "150f8-5d73bbc3a842a"
cache-control: max-age=2678400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IzSEWURZ0s4HdaXNRKNjwxsa5NuM8sYi1Z9PLA5nMm9bt4AqVK3lATNhgPbaysJAYYLFl8kFmMAYpBkFHduYCArYl1WBkJiPvFOqIkkH7f2tbsDFMU2vaFDbtuhtsy1VadDzQAs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 910047e949f05695-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3457&min_rtt=2281&rtt_var=1412&sent=47&recv=12&lost=0&retrans=0&sent_bytes=45213&recv_bytes=2371&delivery_rate=1508298&cwnd=48000&unsent_bytes=0&cid=4cf7b0f37dafb466&ts=132&x=1", cfExtPri, cfHdrFlush;dur=0

lfkpoly.promq.top/src/images/avatar.png

172.245.112.197

200 OK

8.9 kB

URL GET HTTP/2
lfkpoly.promq.top/src/images/avatar.png
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerLet's Encrypt
Subjectlfkpoly.promq.top
FingerprintFF:ED:54:48:AF:1D:97:D7:80:C8:81:F7:C7:B7:F6:BC:20:99:5F:1A
ValidityFri, 07 Feb 2025 14:10:21 GMT - Thu, 08 May 2025 14:10:20 GMT

File type
PNG image data, 120 x 76, 8-bit/color RGBA, non-interlaced
Size
8.9 kB (8938 bytes)
Hash
e8c24aa78613364343332e3c29f99d9c
40a2cb3299dae0f033c6ea3cde64463ba8e98744
d5bccdfa177310c9da484a12739a021f21d25506926cc47b0b1ce417a2af3166

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /src/images/avatar.png HTTP/1.1
Host: lfkpoly.promq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: image/png
vary: Accept-Encoding
X-Firefox-Spdy: h2

getyourapi.site/api/geolocation

3.122.218.248

200 OK

148 B

URL GET HTTP/2
getyourapi.site/api/geolocation
IP
3.122.218.248:443
ASN
#16509 AMAZON-02

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerLet's Encrypt
Subjectgetyourapi.site
FingerprintB8:CC:E4:A9:44:3F:45:44:4A:34:55:3C:AB:DD:20:12:6F:56:CE:A2
ValiditySun, 02 Feb 2025 21:17:26 GMT - Sat, 03 May 2025 21:17:25 GMT

File type
JSON text data
Size
148 B (148 bytes)
Hash
74460ac0d8a8e24ebc406d6f9c3a14c6
51b678dd6124b6402c4adbc9c54146ffd7092988
74b21dde3560d5e9abad0c79391b40094f8948643f67427e0fcba315f7650a7d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/geolocation HTTP/1.1
Host: getyourapi.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lfkpoly.promq.top
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:17 GMT
content-type: application/json; charset=utf-8
content-length: 148
x-powered-by: Express
access-control-allow-origin: https://lfkpoly.promq.top
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization
access-control-expose-headers: content-type, authorization, x-request-id
x-request-id: fc4e1c6b-5faa-4643-ac7c-2c005d17af30
etag: W/"94-UbZ43WEktkAsStvJxUFG/9cJKYg"
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/img/flags.png?1

104.17.25.14

200 OK

67 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/img/flags.png?1
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
PNG image data, 5762 x 15, 8-bit/color RGBA, non-interlaced
Size
67 kB (67119 bytes)
Hash
8ec9f8e2915d6bf684abf7629a1b3df0
00e80b4f1321a71de50ade6eaea01eb1713c5ce3
3af394920236bdcab19b5514b8f67e06b194e29017368d6a9d83d598947f203b

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/img/flags.png?1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 11 Feb 2025 00:39:17 GMT
content-type: image/png; charset=utf-8
content-length: 67119
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-1062f"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2500680
expires: Sun, 01 Feb 2026 00:39:17 GMT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cU%2FmNcSCWU8b3VHBGIWpWBTw71zE%2FJ1mV7JlAOdveZoI5Ra0%2BQMuIsazk4MINDdrIeZN8iHcvDZtLbbjMnn8YF5zIN84LzDa4q9XZ5qMO7eIizOKWzbd7eZouxqHe9EihOq%2FoeD%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 910047ebdbddb50f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js

104.17.25.14

200 OK

46 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
46 kB (46045 bytes)
Hash
b34007e0189bdb6d937004b2d35dc0d8
4836255d80bf984e066263a2bffaa1467cfc4cb5
b35c83e4dc3713230edfbda43508fb2fb92d8e07c4189f19d201ba199ef810a2

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/js/utils.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 11 Feb 2025 00:39:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 46045
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-b3dd"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 509169
expires: Sun, 01 Feb 2026 00:39:17 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MxSsGtbYjq03FB3zJiTVH25FjbOc8rR4dCJ1L4QTlJ3%2BGtcLQDXVhptIDY6nypggyompp9GeztSLApaSfCVSu9xhiGdx%2F8DDco8QsgudHe6jaBeFNNHr8iakjoluayA0Wu8ynONB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 910047ec0bf1b50f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

lfkpoly.promq.top/src/js/modalPhoneError.js

172.245.112.197

200 OK

11 kB

URL GET HTTP/2
lfkpoly.promq.top/src/js/modalPhoneError.js
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerLet's Encrypt
Subjectlfkpoly.promq.top
FingerprintFF:ED:54:48:AF:1D:97:D7:80:C8:81:F7:C7:B7:F6:BC:20:99:5F:1A
ValidityFri, 07 Feb 2025 14:10:21 GMT - Thu, 08 May 2025 14:10:20 GMT

File type
gzip compressed data, from Unix
Size
11 kB (10751 bytes)
Hash
b3881d3658c70501f4c00a0bf056b8ea
934fb6346d42f7fedf1ea088887e44024a328af9
f7fe243069b3294f0582f856101f27536123f321eb766fc37f9f1ac071a6fc4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /src/js/modalPhoneError.js HTTP/1.1
Host: lfkpoly.promq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

200 OK

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.41%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/g/chains/202402/aus.content-signature.mozilla.org-2025-03-21-18-01-18.chain; p384ecdsa=QNrK06Izq4fx4ueG6NfeVTGtDl0hOsMR9JyvWzrCOh0HqIbmFalbSpmZrcQY25P94NE-UnP8q0N94j2TvRJ8xRoiecY1vi5bjLwAccQYW4sxLT6twgfwfJj6QvxuOlb3
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 11 Feb 2025 00:39:11 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 23
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

lfkpoly.promq.top/

172.245.112.197

200 OK

32 kB

URL User Request GET HTTP/2
lfkpoly.promq.top/
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Certificate
IssuerLet's Encrypt
Subjectlfkpoly.promq.top
FingerprintFF:ED:54:48:AF:1D:97:D7:80:C8:81:F7:C7:B7:F6:BC:20:99:5F:1A
ValidityFri, 07 Feb 2025 14:10:21 GMT - Thu, 08 May 2025 14:10:20 GMT

File type

Size
32 kB (32363 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: lfkpoly.promq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.cdnfonts.com/css/arial

172.67.184.158

200 OK

4.2 kB

URL GET HTTP/2
fonts.cdnfonts.com/css/arial
IP
172.67.184.158:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerGoogle Trust Services
Subjectcdnfonts.com
Fingerprint01:DE:DA:C9:4A:74:99:9A:D5:6A:41:C2:81:92:CC:04:7B:2A:DF:35
ValidityThu, 16 Jan 2025 09:04:05 GMT - Wed, 16 Apr 2025 10:02:19 GMT

File type
ASCII text, with very long lines (4288), with no line terminators
Size
4.2 kB (4154 bytes)
Hash
a5d2348da9e5f008aba1b5cb413f780d
c80fe2f35d15ae2336419e663eaa9e391db3791f
486f9752d1ef00ad8e638472e7186077dae213512b6d0ec41e5eb02a671c84e2

HTTP Headers

GET /css/arial HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 4812774
last-modified: Tue, 17 Dec 2024 07:46:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5X1lveW2I0H3iRJIaFzd2mJELbF7s%2BlcL%2Bc%2B3RSEPZKZqevpHyC2oemL94uSp7Z3fsDc3EzLW8Y6G10bJNFvM0yHSTk306OobsNq%2BVbTmGWbLdAPbypq16nZFpp28pYPTppQxEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-origin: *
server: cloudflare
cf-ray: 910047e8a9bc7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=430&min_rtt=404&rtt_var=98&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3276&recv_bytes=1211&delivery_rate=8670658&cwnd=247&unsent_bytes=0&cid=6ffa7a0a8758329b&ts=24&x=0"
X-Firefox-Spdy: h2

lfkpoly.promq.top/src/css/main.css

172.245.112.197

200 OK

12 kB

URL GET HTTP/2
lfkpoly.promq.top/src/css/main.css
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerLet's Encrypt
Subjectlfkpoly.promq.top
FingerprintFF:ED:54:48:AF:1D:97:D7:80:C8:81:F7:C7:B7:F6:BC:20:99:5F:1A
ValidityFri, 07 Feb 2025 14:10:21 GMT - Thu, 08 May 2025 14:10:20 GMT

File type
assembler source, ASCII text
Size
12 kB (11589 bytes)
Hash
f058909056f1b74e277b2b67e186f4ea
672a0719f7925b9702097bf541cc92988f6d05da
89ebccd90f5c14eb3e5462d17d89ae3c9b6e8747bb0debfab017194d2e0f9512

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /src/css/main.css HTTP/1.1
Host: lfkpoly.promq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

lfkpoly.promq.top/src/css/form-style.css

172.245.112.197

200 OK

6.0 kB

URL GET HTTP/2
lfkpoly.promq.top/src/css/form-style.css
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerLet's Encrypt
Subjectlfkpoly.promq.top
FingerprintFF:ED:54:48:AF:1D:97:D7:80:C8:81:F7:C7:B7:F6:BC:20:99:5F:1A
ValidityFri, 07 Feb 2025 14:10:21 GMT - Thu, 08 May 2025 14:10:20 GMT

File type
ASCII text, with very long lines (6382), with no line terminators
Size
6.0 kB (6014 bytes)
Hash
2a90d1f134e723abb9e5698f26279e7d
789364c0d962e92fd260532372bcbf0b6f2d102e
2eae04f1b38f468881e656b4d6e231cd1520fe9518f37673400cd6879c3074ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /src/css/form-style.css HTTP/1.1
Host: lfkpoly.promq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

lfkpoly.promq.top/src/js/index.js

172.245.112.197

200 OK

15 kB

URL GET HTTP/2
lfkpoly.promq.top/src/js/index.js
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerLet's Encrypt
Subjectlfkpoly.promq.top
FingerprintFF:ED:54:48:AF:1D:97:D7:80:C8:81:F7:C7:B7:F6:BC:20:99:5F:1A
ValidityFri, 07 Feb 2025 14:10:21 GMT - Thu, 08 May 2025 14:10:20 GMT

File type

Size
15 kB (14911 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /src/js/index.js HTTP/1.1
Host: lfkpoly.promq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:16 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

lfkpoly.promq.top/favicon.ico

172.245.112.197

200 OK

14 kB

URL GET HTTP/2
lfkpoly.promq.top/favicon.ico
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://lfkpoly.promq.top/
Certificate
IssuerLet's Encrypt
Subjectlfkpoly.promq.top
FingerprintFF:ED:54:48:AF:1D:97:D7:80:C8:81:F7:C7:B7:F6:BC:20:99:5F:1A
ValidityFri, 07 Feb 2025 14:10:21 GMT - Thu, 08 May 2025 14:10:20 GMT

File type
MS Windows icon resource - 1 icon, 75x46, 32 bits/pixel
Size
14 kB (14414 bytes)
Hash
fe58025849e8eda7fd9bbb5c04dc8a88
62834506f928bcd913af5d1d72735d588f780f7d
7ebc684d65f2da596486fa03c68b40c1340d58302cd42afd5a062c76d76957d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lfkpoly.promq.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lfkpoly.promq.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 11 Feb 2025 00:39:17 GMT
content-type: image/x-icon
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL GET HTTP/2

IP

ASN

Requested by