Report - lollygag.nincompoopery.net/

Report Overview

Visited public
2023-12-10 02:57:39
Tags
meta facebook phishing social suspicious
URL
lollygag.nincompoopery.net/
Finishing URL
lollygag.nincompoopery.net/
IP / ASN
172.67.131.115
#13335 CLOUDFLARENET
Title
Meta
Phishing - Facebook
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-09 08:21:37	432 B	32 kB	151.101.194.137
i.imgur.com	5110	2009-01-09	2012-05-21 10:09:36	2023-12-09 18:01:42	441 B	5.9 kB	151.101.244.193
lollygag.nincompoopery.net	unknown	unknown	No data	No data	2.6 kB	147 kB	172.67.131.115
ipapi.co	195030	2016-04-19	2017-01-31 10:07:01	2023-12-09 06:13:38	494 B	743 B	104.26.9.44
1646415.com	unknown	2023-07-19	2023-07-19 16:31:42	2023-12-03 18:19:10	591 B	597 B	103.221.223.46
ipinfo.io	8136	2013-04-23	2013-12-16 08:25:53	2023-12-09 18:44:51	498 B	796 B	34.117.59.81
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-09 05:09:03	1.4 kB	46 kB	151.101.193.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-10 02:57:21	medium	Client IP	Internal IP	ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup)
2023-12-10 02:57:21	medium	Client IP	Internal IP	ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup)
2023-12-10 02:57:21	medium	Client IP	34.117.59.81	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-09	medium	lollygag.nincompoopery.net/	Facebook, Inc.
2023-12-09	medium	lollygag.nincompoopery.net/	Facebook, Inc.
2023-12-09	medium	lollygag.nincompoopery.net/	Facebook, Inc.
2023-12-09	medium	lollygag.nincompoopery.net/	Facebook, Inc.
2023-12-09	medium	lollygag.nincompoopery.net/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-10	medium	1646415.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:49 Times Seen205612 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdn.jsdelivr.net/npm/jquery.cookie@1.4.1/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-05-09
Pretty URL cdn.jsdelivr.net/npm/jquery.cookie@1.4.1/jquery.cookie.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-09 05:38 Times Seen7226 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.min.js	ScriptElement	58 kB	2023-03-07	2025-05-09
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 08:01 Times Seen11639 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

	lollygag.nincompoopery.net/	ScriptElement	11 kB	2024-08-20	2024-08-20
Pretty URL lollygag.nincompoopery.net/ IP 172.67.131.115 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:13 Last Seen2024-08-20 16:13 Times Seen1 Hash 79fe96707455a37ec29cc865a4c482eb 33582c05a7922cb4f65cb5460d85998d373e699c 2f1d5903e9286641a479e42f8155998905d079cf72dff0d850c8bf014c826998 Loading...

HTTP Transactions (13)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css

151.101.193.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65324)
Size
26 kB (25648 bytes)
Hash
a15c2ac3234aa8f6064ef9c1f7383c37
6e10354828454898fda80f55f3decb347fd9ed21
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

HTTP Headers

GET /npm/bootstrap@4.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"2606e-bhA1SChFSJj9qA9V897LNH/Z7SE"
content-encoding: br
accept-ranges: bytes
date: Sun, 10 Dec 2023 02:57:13 GMT
age: 11239964
x-served-by: cache-fra-eddf8230028-FRA, cache-bma1665-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25648
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 10 Dec 2023 02:57:13 GMT
age: 1574416
x-served-by: cache-lga21931-LGA, cache-bma1650-BMA
x-cache: HIT, HIT
x-cache-hits: 14, 407894
x-timer: S1702177034.984712,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.min.js

151.101.193.229

200 OK

16 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (57791)
Size
16 kB (16459 bytes)
Hash
e1d98d47689e00f8ecbc5d9f61bdb42e
6778fed3cf095a318141a31f455c8f4663885bde
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

HTTP Headers

GET /npm/bootstrap@4.3.1/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.3.1
x-jsd-version-type: version
etag: W/"e2d8-Z3j+088JWjGBQaMfRVyPRmOIW94"
content-encoding: br
accept-ranges: bytes
date: Sun, 10 Dec 2023 02:57:13 GMT
age: 5699130
x-served-by: cache-fra-etou8220067-FRA, cache-bma1665-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16459
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/jquery.cookie@1.4.1/jquery.cookie.js

151.101.193.229

200 OK

1.4 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/jquery.cookie@1.4.1/jquery.cookie.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
1.4 kB (1403 bytes)
Hash
d5528dde0006c78be04817327c2f9b6f
31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8

HTTP Headers

GET /npm/jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.4.1
x-jsd-version-type: version
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
content-encoding: br
accept-ranges: bytes
date: Sun, 10 Dec 2023 02:57:14 GMT
age: 940563
x-served-by: cache-fra-etou8220072-FRA, cache-bma1665-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1403
X-Firefox-Spdy: h2

i.imgur.com/ZUXA21k.png

151.101.244.193

200 OK

5.1 kB

URL GET HTTP/2
i.imgur.com/ZUXA21k.png
IP
151.101.244.193:443
ASN
#54113 FASTLY

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT

File type
PNG image data, 212 x 60, 8-bit/color RGBA, non-interlaced - data
Size
5.1 kB (5127 bytes)
Hash
3b365a98760b211155db1b2013fc89e9
18ddf9412bbe7a905c3a5015d2e15989361ea180
f85ae19942302afb33ddc15deb32e501c38ae71a83645fbdf96321b1443d4c55

HTTP Headers

GET /ZUXA21k.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
last-modified: Sun, 23 Jul 2023 18:44:04 GMT
etag: "3b365a98760b211155db1b2013fc89e9"
x-amz-server-side-encryption: AES256
x-amz-cf-pop: IAD12-P2
x-amz-cf-id: ABRh91uDkLM28fbfYU5vtHmGWu30Wwus3ESk1rZr_VYSJhEt74ouhw==
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 10 Dec 2023 02:57:14 GMT
age: 2887299
x-served-by: cache-iad-kcgs7200047-IAD, cache-hel1410033-HEL
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 4912, 1
x-timer: S1702177034.075927,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 5127
X-Firefox-Spdy: h2

lollygag.nincompoopery.net/images/newlogo1.png

172.67.131.115

200 OK

4.6 kB

URL GET HTTP/3
lollygag.nincompoopery.net/images/newlogo1.png
IP
172.67.131.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectnincompoopery.net
Fingerprint37:99:FB:6D:FF:CE:F8:62:A8:5D:CE:8B:23:D3:35:E1:0E:27:2E:8A
ValidityWed, 06 Dec 2023 18:06:58 GMT - Tue, 05 Mar 2024 18:06:57 GMT

File type
PNG image data, 68 x 55, 8-bit/color RGBA, non-interlaced - data
Size
4.6 kB (4645 bytes)
Hash
4632b63ae6c52a32586fb3db3faf1167
7ee373c59fb93448c3d409d5683db9995570ce70
096988abc603ffc3519d70d6dcb0475bb60b72f2e490c804f03fbf111074deab

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /images/newlogo1.png HTTP/1.1
Host: lollygag.nincompoopery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Cookie: PHPSESSID=it7p6qm0tahj185efdqndrs8me
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 10 Dec 2023 02:57:14 GMT
content-type: image/png
content-length: 4645
last-modified: Thu, 07 Dec 2023 22:33:45 GMT
etag: "65724849-1225"
expires: Tue, 09 Jan 2024 02:57:14 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9TbifYS5QZeYpORikvyOu4nJuI6X45BymGJvH3nNOc977X5S49KKkmFuAc9B16nnDQKLwq5Vk2LjCjhqVDnxHcL1Ds8tMZ9njYnIFoHJISIwZTcYh6lNMpHCVKfjQI08ue%2Fd06aKhA6C8BONg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8332381e3f2556b9-OSL
alt-svc: h3=":443"; ma=86400

lollygag.nincompoopery.net/images/email-icon-circle-28.jpg

172.67.131.115

200 OK

64 kB

URL GET HTTP/3
lollygag.nincompoopery.net/images/email-icon-circle-28.jpg
IP
172.67.131.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectnincompoopery.net
Fingerprint37:99:FB:6D:FF:CE:F8:62:A8:5D:CE:8B:23:D3:35:E1:0E:27:2E:8A
ValidityWed, 06 Dec 2023 18:06:58 GMT - Tue, 05 Mar 2024 18:06:57 GMT

File type
PNG image data, 2400 x 2400, 8-bit gray+alpha, non-interlaced - data
Size
64 kB (64005 bytes)
Hash
e2ec2d4b04985880f2b12ef8c92fae3e
9854092d156e4e9c25a46cf51a73e17aacce766a
726be1e116ab2ab6670d94751d0568c157a75f4e625989793fa8e9b77800caa0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /images/email-icon-circle-28.jpg HTTP/1.1
Host: lollygag.nincompoopery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Cookie: PHPSESSID=it7p6qm0tahj185efdqndrs8me
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 10 Dec 2023 02:57:14 GMT
content-type: image/jpeg
content-length: 64005
last-modified: Thu, 07 Dec 2023 22:33:41 GMT
etag: "65724845-fa05"
expires: Tue, 09 Jan 2024 02:57:14 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgfGMPbMH4YUja8OXhi3rxYJal%2Fe1CEuSS3KwdrNMNwbXuyZiUhd0PGV%2BM%2FNajXhd7hv57gQ%2FzZNVyLMcWPPZdAUPPpq5VP0KfrQ8hX%2FP6hKGhYjs6x4RhPn%2Ft5yNFGPW1rylz0XR%2F012feWcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8332381e2f2356b9-OSL
alt-svc: h3=":443"; ma=86400

ipapi.co/ip

104.26.9.44

200 OK

12 B

URL GET HTTP/2
ipapi.co/ip
IP
104.26.9.44:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1C:DB:D6:56:6B:17:32:E7:56:AF:64:8D:07:3B:37:96:77:A8:FD:F1
ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
35b0bce9d250429df012c0426f88d0bd
f81d80af9cbeb0011316fbba3da8002b32251f7a
da9add592d7eb9cca7705cb4870d7fd4e9718ccd51486c4261a727a8d566960d

HTTP Headers

GET /ip HTTP/1.1
Host: ipapi.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://lollygag.nincompoopery.net
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 10 Dec 2023 02:57:14 GMT
content-type: text/plain; charset=utf-8
content-length: 12
allow: HEAD, OPTIONS, OPTIONS, GET, POST
x-frame-options: DENY
vary: Host, origin
access-control-allow-origin: https://lollygag.nincompoopery.net
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vpSm9yfuqk0%2BiEFkV4sZ97DNCDEIlFPNUkO6WwqC2IcbqceUTf48Yxh6VyqbGYM8nR8D%2FxKL1aOTIoP0ntSvnGYxHp7X6JXbKma5Q4cC4fTCgO6KbF7AI9op"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 833238223e6bb4ee-OSL
X-Firefox-Spdy: h2

1646415.com/modun_post.php

103.221.223.46

200 OK

15 B

URL POST HTTP/2
1646415.com/modun_post.php
IP
103.221.223.46:443
ASN
#63760 AZDIGI Corporation

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerLet's Encrypt
Subject1646415.com
Fingerprint4B:C6:D3:55:8B:FF:48:2F:9F:71:95:0B:75:BF:92:DD:C6:AA:D8:77
ValidityWed, 08 Nov 2023 11:49:26 GMT - Tue, 06 Feb 2024 11:49:25 GMT

File type
JSON data - , ASCII text, with no line terminators
Size
15 B (15 bytes)
Hash
ff4dd58b07b170345acc9cfa5fe9082f
874c71a87c93ba5b85fa658f262a3c9b74088d54
17292710b7dd4f68535359cb27b3d9f0ce12710c43645224060b433c05ee7289

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /modun_post.php HTTP/1.1
Host: 1646415.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 43
Origin: https://lollygag.nincompoopery.net
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=d7faa3aaf922c6f7dd9d91b045f2d2fe; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 15
content-encoding: br
vary: Accept-Encoding
date: Sun, 10 Dec 2023 02:57:15 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

lollygag.nincompoopery.net/css/app.css

172.67.131.115

200 OK

11 kB

URL GET HTTP/3
lollygag.nincompoopery.net/css/app.css
IP
172.67.131.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectnincompoopery.net
Fingerprint37:99:FB:6D:FF:CE:F8:62:A8:5D:CE:8B:23:D3:35:E1:0E:27:2E:8A
ValidityWed, 06 Dec 2023 18:06:58 GMT - Tue, 05 Mar 2024 18:06:57 GMT

File type
ASCII text, with CRLF line terminators
Size
11 kB (10583 bytes)
Hash
36c54a0a58b0568af9972be5f4cfc64a
8da733c66745242601ddca2010055c511cbf34a9
b5f049cd8c198126f1bbbf9152357d27c5cac5f498665fcac784540ff42edab1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /css/app.css HTTP/1.1
Host: lollygag.nincompoopery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Cookie: PHPSESSID=it7p6qm0tahj185efdqndrs8me
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 10 Dec 2023 02:57:14 GMT
content-type: text/css
last-modified: Thu, 07 Dec 2023 22:33:39 GMT
vary: Accept-Encoding
etag: W/"65724843-2957"
expires: Sun, 10 Dec 2023 14:57:14 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oME%2B3q%2FYmUElMZxXgeABQHjXiEJRmwRC74%2BvOJfeNs0bOel7JvALLwy1MGldz8454rW5vjvTanldzjG7Nlr0OeoefO5i7lTyvEnoNxYp0XNBLuJKs8xKaujN7U24IxfbN%2BvfsmeujlN7Q3ah2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8332381e2f1f56b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

lollygag.nincompoopery.net/

172.67.131.115

200 OK

58 kB

URL User Request GET HTTP/2
lollygag.nincompoopery.net/
IP
172.67.131.115:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectnincompoopery.net
Fingerprint37:99:FB:6D:FF:CE:F8:62:A8:5D:CE:8B:23:D3:35:E1:0E:27:2E:8A
ValidityWed, 06 Dec 2023 18:06:58 GMT - Tue, 05 Mar 2024 18:06:57 GMT

File type

Size
58 kB (58455 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET / HTTP/1.1
Host: lollygag.nincompoopery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 10 Dec 2023 02:57:13 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=it7p6qm0tahj185efdqndrs8me; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V7zAZCptrDhLRzwRXRdA%2BpksllCsnwWTpPHNhknZnvIklWJY2P912FqI888FLTz9XuaNzqxNsg0MwdczPP8y6%2Fl7fbSssTDKaiNtvhR1N5npeMq%2Fg8GPQTL7RpI1VOF01uFcKmq%2Fi1oxx3RCyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8332381a6bc37129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ipinfo.io//json?

34.117.59.81

200 OK

280 B

URL GET HTTP/2
ipinfo.io//json?
IP
34.117.59.81:443
ASN
#15169 GOOGLE

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerLet's Encrypt
Subjectipinfo.io
Fingerprint02:67:9A:BD:EB:E2:DF:E4:D3:87:6D:3B:B4:56:D4:77:D6:F3:61:E3
ValidityTue, 07 Nov 2023 06:17:02 GMT - Mon, 05 Feb 2024 06:17:01 GMT

File type
ASCII text, with very long lines (331), with no line terminators
Size
280 B (280 bytes)
Hash
1438617e5afe35240ea18211e338db01
89cd78f604e6cbe17941a252074a02a4a01e4f44
3ea7df984d0727ca5eddf1c01b8f584629a1fb93caa8c0b581e5835ede012c1d

HTTP Headers

GET //json? HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lollygag.nincompoopery.net
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: application/json; charset=utf-8
date: Sun, 10 Dec 2023 02:57:14 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lollygag.nincompoopery.net/images/favicon.ico

172.67.131.115

200 OK

5.4 kB

URL GET HTTP/3
lollygag.nincompoopery.net/images/favicon.ico
IP
172.67.131.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lollygag.nincompoopery.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectnincompoopery.net
Fingerprint37:99:FB:6D:FF:CE:F8:62:A8:5D:CE:8B:23:D3:35:E1:0E:27:2E:8A
ValidityWed, 06 Dec 2023 18:06:58 GMT - Tue, 05 Mar 2024 18:06:57 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel - data
Size
5.4 kB (5430 bytes)
Hash
de76b0c210c815ef282d5b59de8a0567
023038e2dfd649047be4fbba79c78dd80bc4cd90
c636a92a12eb33629e6dcadc67e49651ac54e8f3b18a03c805668505f05c885a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: lollygag.nincompoopery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lollygag.nincompoopery.net/
Cookie: PHPSESSID=it7p6qm0tahj185efdqndrs8me
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 10 Dec 2023 02:57:15 GMT
content-type: image/x-icon
last-modified: Thu, 07 Dec 2023 22:33:42 GMT
etag: W/"65724846-1536"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uMS8ANSaC6F8dKqqRxAf30Ynb2nkc4WzT7vokwKb3XliKUH5p1CUnrqgQ5Bg9kguLJogvsDI39Z3uhSPsQojp%2BNUgo5k35rrUJuwERaV6MPVi7W81UDDw16PpAgg1IvqI0TOofXaJSFufEcZuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8332382358d156b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP