Report - baratia.com/630202ec-5306-42f6-9b87-0d90e56e1ea3?zoneid=6517015&subzone_id=3149155&zonetype={zone_type}&campaignid=8818526&device=ipod&region=16&isp=?&useragent=Mozilla/5.0(iPodtouch;CPUiPhone17_3likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)Version/17.2Mobile/15E148Safari/604.1&language=en&connectiontype=broadband&cost=0.000300&visitor

Report Overview

Visited public
2024-12-01 19:36:17
Tags
URL
baratia.com/630202ec-5306-42f6-9b87-0d90e56e1ea3?zoneid=6517015&subzone_id=3149155&zonetype={zone_type}&campaignid=8818526&device=ipod&region=16&isp=?&useragent=Mozilla/5.0(iPodtouch;CPUiPhone17_3likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)Version/17.2Mobile/15E148Safari/604.1&language=en&connectiontype=broadband&cost=0.000300&visitor_id=887170776619298816
Finishing URL
slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Shoplooks

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
slooks.top	203327	2018-01-03	2018-01-23	2024-10-27	1.5 kB	1.5 kB	8.211.33.144
baratia.com	unknown	2024-07-28	2017-06-29	2024-12-01	816 B	1.6 kB	188.114.96.1
vuessa.com	unknown	2024-07-29	2024-10-13	2024-11-27	534 B	1.3 kB	172.67.222.126

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-01 19:35:53	medium	Client IP	8.211.33.144	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

baratia.com/630202ec-5306-42f6-9b87-0d90e56e1ea3?zoneid=6517015&subzone_id=3149155&zonetype={zone_type}&campaignid=8818526&device=ipod&region=16&isp=?&useragent=Mozilla/5.0(iPodtouch;CPUiPhone17_3likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)Version/17.2Mobile/15E148Safari/604.1&language=en&connectiontype=broadband&cost=0.000300&visitor_id=887170776619298816

188.114.96.1

302 Found

0 B

URL User Request GET HTTP/2
baratia.com/630202ec-5306-42f6-9b87-0d90e56e1ea3?zoneid=6517015&subzone_id=3149155&zonetype={zone_type}&campaignid=8818526&device=ipod&region=16&isp=?&useragent=Mozilla/5.0(iPodtouch;CPUiPhone17_3likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)Version/17.2Mobile/15E148Safari/604.1&language=en&connectiontype=broadband&cost=0.000300&visitor_id=887170776619298816
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbaratia.com
FingerprintC8:66:D3:E3:8B:92:BD:F1:B4:A0:76:95:DF:74:49:47:04:CF:3F:0A
ValidityThu, 03 Oct 2024 21:41:09 GMT - Wed, 01 Jan 2025 21:41:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /630202ec-5306-42f6-9b87-0d90e56e1ea3?zoneid=6517015&subzone_id=3149155&zonetype={zone_type}&campaignid=8818526&device=ipod&region=16&isp=?&useragent=Mozilla/5.0(iPodtouch;CPUiPhone17_3likeMacOSX)AppleWebKit/605.1.15(KHTML,likeGecko)Version/17.2Mobile/15E148Safari/604.1&language=en&connectiontype=broadband&cost=0.000300&visitor_id=887170776619298816 HTTP/1.1
Host: baratia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 01 Dec 2024 19:35:52 GMT
content-length: 0
location: https://vuessa.com/mica/?mica=https://slooks.top/O77FkZd/66&tag=w3b6qpuko8tiij063gq6hl8s
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 630202ec-5306-42f6-9b87-0d90e56e1ea3-v4=iYEUcbKFL2P4hKORPmbfFYnf8uM3xjR9E5f9Nnp0geY; Max-Age=86400; Expires=Mon, 02 Dec 2024 19:35:52 GMT; Domain=baratia.com; Path=/; HttpOnly
cc-v4=Xwn1b3vnOZG1lY0mEkCyjzpQYlidI58O%2FM%2F5nsjNUPrv8j4Pu%2BZgMKD7eLvyIS%2BTE7nxkGCUzr2WRnXrGEggy3P794rBMYU%2BCZJyTw05q5gT6ufkgJpLH9D78f%2FSTR5qT1YrxKRxS3RJxM6fIk7c8g%3D%3D; Max-Age=31536000; Expires=Mon, 01 Dec 2025 19:35:52 GMT; Domain=baratia.com; Path=/; HttpOnly
x-cache: Miss from cloudfront
via: 1.1 472198048b2177f6905d44f001875bcc.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Xb569tbechuPFYs0O01esAV6oTYZssrhP3uGxZDwI8fTEv4tikhcww==
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DZWb96XFZAIroxSHGOQEoizKg5oJZa85IgjwRXHcN9OVZgRVf8kNywQFt7ppW8%2FJYKrnnjZK9zMb9Ljd8Zu2YSp4xfUlOj0PMj0Yamj%2BSscBnuSId%2FWiLUlEctmdqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8eb585d69ecbb517-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19215&min_rtt=16757&rtt_var=3667&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3196&recv_bytes=1374&delivery_rate=222347&cwnd=254&unsent_bytes=0&cid=4cefde82381af11e&ts=86&x=0"
X-Firefox-Spdy: h2

vuessa.com/mica/?mica=https://slooks.top/O77FkZd/66&tag=w3b6qpuko8tiij063gq6hl8s

172.67.222.126

302 Found

471 B

URL User Request GET HTTP/2
vuessa.com/mica/?mica=https://slooks.top/O77FkZd/66&tag=w3b6qpuko8tiij063gq6hl8s
IP
172.67.222.126:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectvuessa.com
Fingerprint7B:9B:1E:CE:2A:D9:59:92:48:48:CF:12:C7:6F:6B:9A:8D:03:CD:79
ValidityThu, 03 Oct 2024 21:18:39 GMT - Wed, 01 Jan 2025 21:18:38 GMT

File type
data
Size
471 B (471 bytes)
Hash
c2270db88e7e767b5a66900256770fd8
3c984f36f0527218c034eb8210d9da9943c6cde9
50d95669f826874535b2dbdbbbfb8b377754727b8c5e399d8092f120b14af329

HTTP Headers

GET /mica/?mica=https://slooks.top/O77FkZd/66&tag=w3b6qpuko8tiij063gq6hl8s HTTP/1.1
Host: vuessa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 01 Dec 2024 19:35:52 GMT
content-type: text/html; charset=UTF-8
location: https://slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
referrer-policy: no-referrer
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L7Swjq6YC%2FThOc97k7hsTBiScPDuCMhkqxJKmb1f32KAeO37xzZSIgJrVM2Ja742SoVEN2%2By64JRMPcs1YtIUTx59zP206kh%2BT5M0BkBTi0zZLvg4VmdvrI4faUP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8eb585d7dd42b4fa-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16884&min_rtt=16567&rtt_var=2982&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3274&recv_bytes=1287&delivery_rate=261734&cwnd=253&unsent_bytes=0&cid=45843906a7c96dfb&ts=102&x=0"
X-Firefox-Spdy: h2

slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s

8.211.33.144

302 Found

154 B

URL User Request GET HTTP/2
slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
IP
8.211.33.144:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Certificate
IssuerDigiCert Inc
Subject*.slooks.top
Fingerprint77:63:CD:17:71:F0:32:49:1D:EE:4C:23:58:1D:EC:F7:0B:F5:A0:0D
ValidityMon, 18 Mar 2024 00:00:00 GMT - Sun, 23 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Detections

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET /O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s HTTP/1.1
Host: slooks.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: discuz_2132_saltkey=jPaK4O5j
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sun, 01 Dec 2024 19:35:53 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
Via: HTTP/1.1 SLB.37

slooks.top/favicon.ico

8.211.33.144

200 OK

0 B

URL GET HTTP/2
slooks.top/favicon.ico
IP
8.211.33.144:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
Certificate
IssuerDigiCert Inc
Subject*.slooks.top
Fingerprint77:63:CD:17:71:F0:32:49:1D:EE:4C:23:58:1D:EC:F7:0B:F5:A0:0D
ValidityMon, 18 Mar 2024 00:00:00 GMT - Sun, 23 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: slooks.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
Cookie: discuz_2132_saltkey=jPaK4O5j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 01 Dec 2024 19:35:53 GMT
content-type: image/x-icon
content-length: 0
X-Firefox-Spdy: h2

slooks.top/static/images/sl_error_icon.png

8.211.33.144

403 Forbidden

790 B

URL GET HTTP/2
slooks.top/static/images/sl_error_icon.png
IP
8.211.33.144:443
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
https://slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
Certificate
IssuerDigiCert Inc
Subject*.slooks.top
Fingerprint77:63:CD:17:71:F0:32:49:1D:EE:4C:23:58:1D:EC:F7:0B:F5:A0:0D
ValidityMon, 18 Mar 2024 00:00:00 GMT - Sun, 23 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (834), with no line terminators
Size
790 B (790 bytes)
Hash
8c15e949ea781865d71efaf557c2edd7
8bd28bf0afbafc88f283ee9792c47be19b85a1cd
4e9c680ab0218b9b386869d6922459d6db933028bb0cdf850d6fca07df0f67d1

HTTP Headers

GET /static/images/sl_error_icon.png HTTP/1.1
Host: slooks.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://slooks.top/O77FkZd/66?tag=w3b6qpuko8tiij063gq6hl8s
Cookie: discuz_2132_saltkey=jPaK4O5j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 01 Dec 2024 19:35:55 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: X-CSRF-TOKEN
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers