| trd.stockwise.life/favicon.ico |  104.21.91.21 | 403 Forbidden | 4.6 kB |
URL GET trd.stockwise.life/favicon.ico IP104.21.91.21:80
Requested byhttp://trd.stockwise.life/cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response=
File typeHTML document, ASCII text, with very long lines (394) Hash2bf4694be407284ec30e39d846be39fa cda9fae6af9df1bae300d70e4e1dba4d806335a9 5eb12b3b2c838f3eab1059428d8589f83d0837434f72c93bd7ed5e1ed477aab1
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /favicon.ico HTTP/1.1
Host: trd.stockwise.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://trd.stockwise.life/cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response=
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 10 May 2025 20:34:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0sUBag4lX1PrMnKLbkLW4DZFR%2F6qkKthoAiGHs%2BylxMglfOBabPcVFRFKplSm9A8m8smxpRzOQ6GOGLItA7OzMYYNTBlFZ68IS8xeKmfRGvAHTsAr%2F%2BVu3feYl8K5mnkKi%2BfF4c%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 93dc3821eade5687-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
| trd.stockwise.life/cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response= | 104.21.91.21 | 403 Forbidden | 5.0 kB |
URL User Request GET trd.stockwise.life/cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response= IP104.21.91.21:443
CertificateIssuerGoogle Trust Services Subjectstockwise.life Fingerprint83:C9:31:18:8A:C1:13:58:C2:C4:A8:5E:A5:EF:77:32:99:59:1D:73 ValidityFri, 02 May 2025 18:20:04 GMT - Thu, 31 Jul 2025 19:17:12 GMT
File typeHTML document, ASCII text, with very long lines (396) Hash08908ce2f09d15f0258f18bf1c3de260 ac65923cbbfa9e0f639f8d5f08a87ab9d43ab0ea fe1320d919546f56b60568f243abb1ab4e2a1532bf908fbdfe79936597f9ed88
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response= HTTP/1.1
Host: trd.stockwise.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Sat, 10 May 2025 20:34:46 GMT
content-type: text/html; charset=utf-8
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=vgRWCGKa2JydE7rSuoEYP%2BDdmjBa1zJR6p3jJqZl8PfUv0r9QTT93KGw7v0ysKiSj8uohoP%2B7nXbb2OeWFzkr8Vi8GFnNPlOsKMR9s%2B6PP%2Fx79rTkqCKmBZBdWpPOf3qx6aamto%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 93dc381fcc0862ea-HAM
X-Firefox-Spdy: h2
|
| trd.stockwise.life/cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response= | 104.21.91.21 | 403 Forbidden | 151 B |
URL User Request GET trd.stockwise.life/cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response= IP104.21.91.21:80
File typeHTML document, ASCII text, with CRLF line terminators Hashc371fa8374a06a3c0535fc341d454236 441671eacb9398792d435443beaddd3fc5fa1910 eed0b81a2fbdd1c5a9f80705885fc5bbf346ba428a79ff7a13ec8491c6a8e96c
| NIDS | Severity | Alert |
|---|
| suricata | medium | ET INFO HTTP Request to Suspicious *.life Domain |
GET /cdn-cgi/phish-bypass?atok=fA7uIudS7.RR2nlPcqRk0J2VP_L9KFKHD9F1MA3_Cn4-1746855934.3130987-0.0.1.1-%2F&cf-turnstile-response= HTTP/1.1
Host: trd.stockwise.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Sat, 10 May 2025 20:34:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
CF-RAY: 93dc3820e9715687-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Encoding: gzip
|