Report - fontzone.net/download/shagexpert-mystery/font-download/shagexpert-mystery/font-download/

Report Overview

Visited public
2024-01-27 14:23:57
Tags
URL
fontzone.net/download/shagexpert-mystery/font-download/shagexpert-mystery/font-download/
Finishing URL
fontzone.net/font-download/
IP / ASN
154.41.248.253
#174 COGENT-174
Title
Download עברית Font - Thousands of fonts to download for free

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2024-01-27 01:49:54	395 B	20 kB	104.21.11.245
moonoafy.net	unknown	2024-01-09	2024-01-09 11:27:50	2024-01-26 21:09:56	4.3 kB	107 kB	139.45.197.250
interbuzznews.com	237501	2018-07-24	2018-08-10 18:24:14	2024-01-26 21:36:02	5.9 kB	104 kB	139.45.197.154
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2024-01-27 00:52:02	476 B	494 kB	142.250.74.99
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2024-01-26 20:28:52	985 B	979 B	139.45.197.250
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-01-26 20:14:58	459 B	743 B	139.45.195.8
veepteero.com	unknown	2023-05-08	2023-05-09 02:18:41	2024-01-27 09:25:31	1.5 kB	8.0 kB	139.45.197.242
alwingulla.com	unknown	2023-05-22	2023-05-22 18:17:44	2024-01-26 21:09:55	401 B	75 kB	188.114.96.1
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-01-26 05:11:16	405 B	1.3 kB	142.250.74.100
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2024-01-27 01:49:54	523 B	482 B	139.45.195.254
fontzone.net	92905	2010-08-17	2012-08-06 16:52:03	2023-11-14 06:05:03	7.6 kB	152 kB	154.41.248.253
cameesse.net	unknown	2023-10-18	2023-10-18 14:31:33	2024-01-27 03:08:40	5.4 kB	467 kB	139.45.197.242
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2024-01-27 00:21:54	1.4 kB	94 kB	104.22.33.172
vupoupay.com	unknown	2024-01-22	2024-01-22 11:43:40	2024-01-26 21:09:56	6.6 kB	91 kB	139.45.197.243
abrhydona.com	unknown	2024-01-05	2024-01-05 10:54:01	2024-01-27 07:38:10	3.4 kB	94 kB	139.45.197.242
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-01-27 00:48:06	421 B	231 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	cameesse.net	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	cameesse.net	Sinkholed
2024-01-27	medium	amunfezanttor.com	Sinkholed
2024-01-27	medium	vupoupay.com	Sinkholed
2024-01-27	medium	cameesse.net	Sinkholed
2024-01-27	medium	abrhydona.com	Sinkholed
2024-01-27	medium	vupoupay.com	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	cameesse.net	Sinkholed
2024-01-27	medium	veepteero.com	Sinkholed
2024-01-27	medium	vupoupay.com	Sinkholed
2024-01-27	medium	vupoupay.com	Sinkholed
2024-01-27	medium	cameesse.net	Sinkholed
2024-01-27	medium	abrhydona.com	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	abrhydona.com	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	vupoupay.com	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	fleraprt.com	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	vupoupay.com	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	vupoupay.com	Sinkholed
2024-01-27	medium	alwingulla.com	Sinkholed
2024-01-27	medium	abrhydona.com	Sinkholed
2024-01-27	medium	moonoafy.net	Sinkholed
2024-01-27	medium	veepteero.com	Sinkholed
2024-01-27	medium	cameesse.net	Sinkholed
2024-01-27	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	From	Size	First Seen	Last Seen
	alwingulla.com/88/tag.min.js	ScriptElement	74 kB	2024-01-27	2024-08-20
Pretty URL alwingulla.com/88/tag.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-27 10:29 Last Seen2024-08-20 10:56 Times Seen7 Hash 069bc62fdab16915025b924d999daa11 e458c1859c51e4598c064990fe414c55271c1898 5253d8b76a30c57c17c8e6de7149d5bf2f168550d30f7ccf7e56638b1f5c1952 Loading...

	vupoupay.com/400/6593522	ScriptElement	82 kB	2024-08-20	2024-08-20
Pretty URL vupoupay.com/400/6593522 IP 139.45.197.243 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 10:54 Last Seen2024-08-20 10:54 Times Seen1 Hash c46ec8d5135e8c145a37f81901540b6c 0cbd79555011030441ffc8ef5ec6d7c17bc0742a 8b0922161c20158daa5acfa61fd9d302f006526b7e6361aa460cfbf23dfdd6d6 Loading...

	abrhydona.com/401/6593524	ScriptElement	89 kB	2024-08-20	2024-08-20
Pretty URL abrhydona.com/401/6593524 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 10:54 Last Seen2024-08-20 10:54 Times Seen1 Hash bdbcfb01ffa8734f4dd57bb0de1cb3b0 b9cec9573293c41f293c5d757765f190e0088329 26cba2f0b6fd1ae68fa860614e73e23be161eadb356ea462f597da637e9e05f7 Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 104.21.11.245 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

	cameesse.net/27/2dfc5cc60fdf6636778a3fa44bb932c7	ScriptElement	413 kB	2024-01-25	2024-08-20
Pretty URL cameesse.net/27/2dfc5cc60fdf6636778a3fa44bb932c7 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-25 13:46 Last Seen2024-08-20 11:08 Times Seen110 Hash d32f59c1607598ac4217df02305e49a4 176c0940d604602a36341e0ab80505e7049248ea 400851f4cac11f9e1867253c679fa40d686f328c0f61fa2957178ac544625f2c Loading...

	www.gstatic.com/recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__en.js	ScriptElement	493 kB	2024-01-24	2024-08-20
Pretty URL www.gstatic.com/recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__en.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-24 15:14 Last Seen2024-08-20 11:21 Times Seen2685 Hash 2b4a2c0d107bc671d4b39568a47aad66 779b0775413e557f972fb43d07c4e1a09d2dbf01 cccbd316b2e050d41ebf62c8c613d5bfae33cd43104ac3b772c9e10950a3dbd2 Loading...

	fontzone.net/font-download/	ScriptElement	57 B	2023-03-07	2025-05-19
Pretty URL fontzone.net/font-download/ IP 154.41.248.253 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06 Last Seen2025-05-19 20:56 Times Seen9688 Hash 2a2781f9bb6302c2f96df0d1e96ef524 796bb90146495848c0c479533c367edadb94f1a9 1b60af0ce49d65e8b1006457c16883d60e53a0054bb157c57c3b03a82ee9964d Loading...

	moz-extension://4a51aab4-ceef-4b39-a464-916e26ff2943/lib/shim_messaging_helper.js		1.7 kB	2023-05-05	2025-05-20
Pretty URL moz-extension://4a51aab4-ceef-4b39-a464-916e26ff2943/lib/shim_messaging_helper.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:33 Last Seen2025-05-20 02:20 Times Seen55209 Hash 865f01cbb34eb505834e826380d7dc2e c239ccc37191f1be78dfaa6bb3f1da5d314fdf9e 30ed6392b8de4590bd974a4a797ee0b12b382f2141738115bfd2d692cfa6ec17 Loading...

	connect.facebook.net/en_US/all.js#xfbml=1	ScriptElement	17 kB	2023-05-05	2025-05-20
Pretty URL connect.facebook.net/en_US/all.js#xfbml=1 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-05 22:33 Last Seen2025-05-20 02:20 Times Seen54596 Hash b938e0b835c600209bdaae9d8ccda6d7 d5ee79d277057e05f002a18381722b5eb75d3883 d1b95aeb57c3285042e1e24c00cc56a8560d16daf7ee5cdfd5c75296b21ac91b Loading...

	moonoafy.net/pfe/current/tag.min.js?z=6593525	ScriptElement	14 kB	2024-01-26	2024-08-20
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=6593525 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 20:07 Last Seen2024-08-20 11:00 Times Seen83 Hash fde923bea1fb34407eb061db7c56f703 d3bad8a1b45a848fb068d16b330df2c41f85ff9f bbbda1c63e48efc0bc695f8093e73e267fed08a7f73938e62c9c6f760a84d752 Loading...

	cameesse.net/1?z=6593523	ScriptElement	43 kB	2024-08-20	2024-08-20
Pretty URL cameesse.net/1?z=6593523 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 10:54 Last Seen2024-08-20 10:54 Times Seen1 Hash 21abe2c3753920726b982ff3b2287f31 099d3c08437967161a28b480cdbccff29c79ca1f f0e562a8bf71cbbb444ed1f9b568c646178c6521723ef01ba7ca4b345990ad05 Loading...

	interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	ScriptElement	1.4 kB	2024-08-20	2024-08-20
Pretty URL interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.154 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 10:54 Last Seen2024-08-20 10:54 Times Seen1 Hash 35347c96240df6f89f7d1b8f5fc8d32a 2f5fb25d1188248d2a2fe6a9912ee65c3d65a575 cbb4d660c163a56fc2430200ba04a0c9fc522a396d6828b1aff0d196bca79e62 Loading...

	www.google.com/recaptcha/api.js?	ScriptElement	850 B	2024-01-24	2024-08-20
Pretty URL www.google.com/recaptcha/api.js? IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-24 17:00 Last Seen2024-08-20 11:17 Times Seen574 Hash 3b570820be60c9c70656f57582c68e43 96f2c2409412d8a6424d9a94d7c694d488b4b09e c63efb3ef2b5dde52db952d989ed358916fe20fff0f270bd81734fd493d29926 Loading...

	fontzone.net/js/jquery-2.1.3.min.js	ScriptElement	84 kB	2023-03-07	2025-05-20
Pretty URL fontzone.net/js/jquery-2.1.3.min.js IP 154.41.248.253 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12 Last Seen2025-05-20 01:03 Times Seen213 Hash 0bdc04968d2fe6799360150868a8b8b6 3cca78feb86ab7549f20306ab25c7ab76c72b21f 7682ae16052155906f82c882564658da00e3f9bf19eadf56cfe13f44c0c3d308 Loading...

	unknown	ScriptElement	88 kB	2024-01-26	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 20:07 Last Seen2024-08-20 11:00 Times Seen84 Hash 0822f76c891a36a284a8ba8a59e9f919 435842beb5209258e56b88bdbf44c48da0fe0fac 48443b13bfbacb1410860e76dc3475718b9079dbc7249e80c911850bdbd416c5 Loading...

	fontzone.net/js/custom.js	ScriptElement	265 B	2023-11-14	2024-08-20
Pretty URL fontzone.net/js/custom.js IP 154.41.248.253 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-14 07:22 Last Seen2024-08-20 19:39 Times Seen6 Hash 878c75d6602b718684d8a8bd69e05372 77063069149fffb668dae47dd8e9457076076ffa 7aa71b93e2580bb97299983771f88784ea70a53db4885c21efaf96877b96937f Loading...

	fontzone.net/font-download/	ScriptElement	153 B	2023-11-25	2024-08-20
Pretty URL fontzone.net/font-download/ IP 154.41.248.253 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-25 21:49 Last Seen2024-08-20 17:56 Times Seen4 Hash c150c44669193450af99400aeea4cb83 19ba32a3e675b997b9d93f7c662b46027a211b33 7a0532e1e2e0770a78552c91a70904b51c4bf246f536527925a1422782ad55da Loading...

	www.googletagmanager.com/gtag/js?id=G-LERTLY8FFK	ScriptElement	230 kB	2024-08-20	2024-08-20
Pretty URL www.googletagmanager.com/gtag/js?id=G-LERTLY8FFK IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 10:54 Last Seen2024-08-20 10:54 Times Seen1 Hash 09eace99e49c929c930623e5d9d8ee3c 98697ce786c7c7c551fe9faf6fd1c206f43cd9e1 664f310a829fafe5eb2a8078b0d65c9b02455cec59db57d29ca1d942b4c11b76 Loading...

HTTP Transactions (58)

URL IP Response Size

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
39 B (39 bytes)
Hash
c16023891530fbce40f0a1244c3af01c
e15d9dff768d82673e5e797a8395d1fa7d9049b7
c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Content-Type: application/json
Content-Length: 384
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4fd40d0172f336c11f552f498cb98934
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

interbuzznews.com/contents/s/4f/ef/6a/a42b44f033dded60219917eea7/01156673987456.jpeg

139.45.197.154

200 OK

35 kB

URL GET HTTP/2
interbuzznews.com/contents/s/4f/ef/6a/a42b44f033dded60219917eea7/01156673987456.jpeg
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint6F:EA:DE:99:16:57:B3:EB:00:31:74:C7:1E:99:E6:69:0A:74:EA:D8
ValidityMon, 11 Dec 2023 05:13:19 GMT - Sun, 10 Mar 2024 05:13:18 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 492x328, components 3
Size
35 kB (35363 bytes)
Hash
4fef6aa42b44f033dded60219917eea7
b50603e2ca15a6862daaaf51928bea742fec9100
95bfcecbacacadd8abd27b7e265aa65600dc6789651c45a751bffe7c6dc5ed32

HTTP Headers

GET /contents/s/4f/ef/6a/a42b44f033dded60219917eea7/01156673987456.jpeg HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: image/jpeg
content-length: 35363
last-modified: Fri, 26 Jan 2024 08:40:00 GMT
vary: Accept-Encoding
etag: "65b36fe0-8a23"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

fontzone.net/images/footer-bullet.jpg

154.41.248.253

200 OK

292 B

URL GET HTTP/3
fontzone.net/images/footer-bullet.jpg
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
RIFF (little-endian) data, Web/P image
Size
292 B (292 bytes)
Hash
e6ce7ec419f281f46163511649f6d40f
6a28d7228742133032051deaeced5b2b6be95283
d962652ae7eacaf817eb0ee1b746eb4e2596d55fdaf10a5a73cf38e7a569d76b

HTTP Headers

GET /images/footer-bullet.jpg HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/css/style.css
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: image/webp
content-length: 292
cache-control: public, max-age=15552000,public
expires: Tue, 23 Jul 2024 01:27:11 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
age: 219379
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 59b2ac3989dcd014e04433903ffb9e34-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

cameesse.net/9?z=6593523&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=ad45df34426a4b4e891ac9467eed6903

139.45.197.242

200 OK

6.5 kB

URL POST HTTP/2
cameesse.net/9?z=6593523&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=ad45df34426a4b4e891ac9467eed6903
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint23:7C:28:2C:97:BE:75:D0:19:66:1F:B0:CB:42:67:FF:F8:B0:3C:A6
ValidityFri, 12 Jan 2024 22:33:49 GMT - Thu, 11 Apr 2024 22:33:48 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (6981), with no line terminators
Size
6.5 kB (6504 bytes)
Hash
168a08bc731bc0e7400f14e020479600
3916507a04819b76f3cf8a9a24ea961d41980f3d
1970ceffd98cbce039df9bf893bc117ad823621c3e3bbd7a18f3bbc4cf1e3f67

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=6593523&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=ad45df34426a4b4e891ac9467eed6903 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 675
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: scm=1; OAID=935acb4d5d6f4486a662e926eab02af7; oaidts=1706365410
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 81c505edea946384d316bc3df3f0cd44
access-control-expose-headers: X-Sc
set-cookie: OAID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:30 GMT; secure; SameSite=None
oaidts=1706365410; expires=Sun, 26 Jan 2025 14:23:30 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.154

200 OK

50 kB

URL GET HTTP/2
interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint6F:EA:DE:99:16:57:B3:EB:00:31:74:C7:1E:99:E6:69:0A:74:EA:D8
ValidityMon, 11 Dec 2023 05:13:19 GMT - Sun, 10 Mar 2024 05:13:18 GMT

File type

Size
50 kB (50325 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=7Q4n1mixZzsN_IHQuC0Zw-588BBJ4WibUQtfNbbad64; expires=Sat, 27-Jan-2024 15:23:31 GMT; Max-Age=3600; path=/
OAID=ab9094d220247e038a515acdf8136b1f; expires=Thu, 23-Feb-2079 04:47:02 GMT; Max-Age=1737987811; path=/
oaidts=1706365411; expires=Thu, 23-Feb-2079 04:47:02 GMT; Max-Age=1737987811; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__en.js

142.250.74.99

200 OK

493 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__en.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://fontzone.net/font-download/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint4C:E1:1E:E3:63:49:81:BB:F5:53:CE:44:91:07:8A:14:84:70:7F:66
ValidityTue, 02 Jan 2024 13:09:26 GMT - Tue, 26 Mar 2024 13:09:25 GMT

File type
JavaScript source, ASCII text, with very long lines (539)
Size
493 kB (492693 bytes)
Hash
2b4a2c0d107bc671d4b39568a47aad66
779b0775413e557f972fb43d07c4e1a09d2dbf01
cccbd316b2e050d41ebf62c8c613d5bfae33cd43104ac3b772c9e10950a3dbd2

HTTP Headers

GET /recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 196969
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Jan 2024 21:36:40 GMT
expires: Sat, 25 Jan 2025 21:36:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 05:28:49 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 60410
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.478

139.45.197.250

200 OK

88 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.478
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87991 bytes)
Hash
0822f76c891a36a284a8ba8a59e9f919
435842beb5209258e56b88bdbf44c48da0fe0fac
48443b13bfbacb1410860e76dc3475718b9079dbc7249e80c911850bdbd416c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.478 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/javascript
last-modified: Fri, 26 Jan 2024 14:26:35 GMT
etag: W/"65b3c11b-157b7"
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.242

204 No Content

0 B

URL OPTIONS HTTP/2
cameesse.net/9?z=6593523&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=ad45df34426a4b4e891ac9467eed6903
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint23:7C:28:2C:97:BE:75:D0:19:66:1F:B0:CB:42:67:FF:F8:B0:3C:A6
ValidityFri, 12 Jan 2024 22:33:49 GMT - Thu, 11 Apr 2024 22:33:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=6593523&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=ad45df34426a4b4e891ac9467eed6903 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
94 B (94 bytes)
Hash
17a2b9868c9b0028b0abf7cbc795e9b2
11e6f39aad51eae0b56849b4e3177317a060895e
b791f0d82a29ed083055f42c579d1d8ad0ddb5613fc195d02f0ea4f327525a62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Content-Type: application/json
Content-Length: 511
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

offerimage.com/www/images/1b15e9039afaccc9361c0da61d86230e.png

104.22.33.172

200 OK

58 kB

URL GET HTTP/2
offerimage.com/www/images/1b15e9039afaccc9361c0da61d86230e.png
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fontzone.net/font-download/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
58 kB (58482 bytes)
Hash
1b15e9039afaccc9361c0da61d86230e
b71792e23db95aa4d8a38682d28fa15b9e477c93
1b5601ab89da64c3eb22a0a2b7908eb2552fea8a6485dd996d488f52deb22264

HTTP Headers

GET /www/images/1b15e9039afaccc9361c0da61d86230e.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: image/png
content-length: 58482
last-modified: Wed, 13 Dec 2023 10:32:25 GMT
etag: "65798839-e472"
expires: Sat, 27 Jan 2024 22:45:08 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 56303
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 84c1a76c7f6eabdb-CPH
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.33.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fontzone.net/font-download/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Jan 2024 14:23:35 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 27 Jan 2024 16:23:05 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 79230
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 84c1a7897c69abdb-CPH
X-Firefox-Spdy: h2

vupoupay.com/400/6593522

139.45.197.243

200 OK

82 kB

URL GET HTTP/2
vupoupay.com/400/6593522
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectvupoupay.com
FingerprintFD:C2:60:A3:0E:44:39:00:97:C4:15:89:C1:DE:7E:75:7B:D3:87:6F
ValidityMon, 22 Jan 2024 09:16:15 GMT - Sun, 21 Apr 2024 09:16:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
82 kB (82009 bytes)
Hash
c46ec8d5135e8c145a37f81901540b6c
0cbd79555011030441ffc8ef5ec6d7c17bc0742a
8b0922161c20158daa5acfa61fd9d302f006526b7e6361aa460cfbf23dfdd6d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6593522 HTTP/1.1
Host: vupoupay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/javascript
x-trace-id: c4dbbbae6428ba73d6d77cf8fb4b1028
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=19a09dc0c5a842d5882099b6752175a5; expires=Sun, 26 Jan 2025 14:23:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=ad45df34426a4b4e891ac9467eed6903

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=ad45df34426a4b4e891ac9467eed6903
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint41:21:53:7F:A2:C4:68:B1:CA:BC:47:66:5D:3C:CA:96:45:5E:71:15
ValiditySat, 23 Dec 2023 22:43:24 GMT - Fri, 22 Mar 2024 22:43:23 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
46b1ff8d75d3f10d1ac62c9862086746
aa4a75037dbe4ffc88bc81b316f34598f7c5fc91
5f2edf209eedb122d7bfe53a02f4fc795d41fae58921d13c3d9a45113845282e

HTTP Headers

GET /gid.js?userId=ad45df34426a4b4e891ac9467eed6903 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cameesse.net/27/2dfc5cc60fdf6636778a3fa44bb932c7

139.45.197.242

200 OK

413 kB

URL GET HTTP/2
cameesse.net/27/2dfc5cc60fdf6636778a3fa44bb932c7
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint23:7C:28:2C:97:BE:75:D0:19:66:1F:B0:CB:42:67:FF:F8:B0:3C:A6
ValidityFri, 12 Jan 2024 22:33:49 GMT - Thu, 11 Apr 2024 22:33:48 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
413 kB (412841 bytes)
Hash
d32f59c1607598ac4217df02305e49a4
176c0940d604602a36341e0ab80505e7049248ea
400851f4cac11f9e1867253c679fa40d686f328c0f61fa2957178ac544625f2c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/2dfc5cc60fdf6636778a3fa44bb932c7 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: scm=1; OAID=935acb4d5d6f4486a662e926eab02af7; oaidts=1706365410
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: daa24ebe4397dfedd176df5d261e6454
cache-control: max-age:290304000, public
last-modified: Thu, 25 Jan 2024 06:27:22 GMT
expires: Thu, 24 Feb 2084 06:27:22 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

abrhydona.com/500/6593524?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0

139.45.197.242

200 OK

1.6 kB

URL GET HTTP/2
abrhydona.com/500/6593524?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectabrhydona.com
Fingerprint78:0B:F3:3A:D8:68:4E:D9:4B:6B:8E:02:AE:F7:4F:4F:99:C6:C9:DB
ValidityFri, 05 Jan 2024 07:58:14 GMT - Thu, 04 Apr 2024 07:58:13 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1653), with no line terminators
Size
1.6 kB (1630 bytes)
Hash
13f9f9c988776b390a1da5b9eeb0fd64
8ee122a98eebfe9d8bb2bbdec683cac4d651daee
dc17b2638d6909f4e7b0110e02ff9423a826e076c57b352b1546bbc28e787a70

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6593524?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: abrhydona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: OAID=e33f6d2645da46a194bba72cdcaf2de6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: application/javascript
x-trace-id: a24bdb4cb87d7e6b79f17d9d440a5aa6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://fontzone.net
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

fontzone.net/font-download/

154.41.248.253

200 OK

10 kB

URL User Request GET HTTP/2
fontzone.net/font-download/
IP
154.41.248.253:443
ASN
#174 COGENT-174

Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type

Size
10 kB (10352 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /font-download/ HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: text/html; charset=UTF-8
content-length: 3919
x-powered-by: PHP/7.4.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate,public
pragma: no-cache
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: ab96f675a818f0b3723cb9a4b466d769-bnk-edge1
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.552
accept-ranges: bytes
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?

142.250.74.100

200 OK

850 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://fontzone.net/font-download/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint3A:23:7A:7E:16:AE:AC:26:15:62:07:69:2E:E7:AD:8F:9D:B5:90:B7
ValidityTue, 02 Jan 2024 13:09:58 GMT - Tue, 26 Mar 2024 13:09:57 GMT

File type
JavaScript source, ASCII text, with very long lines (850), with no line terminators
Size
850 B (850 bytes)
Hash
3b570820be60c9c70656f57582c68e43
96f2c2409412d8a6424d9a94d7c694d488b4b09e
c63efb3ef2b5dde52db952d989ed358916fe20fff0f270bd81734fd493d29926

HTTP Headers

GET /recaptcha/api.js? HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 27 Jan 2024 14:23:29 GMT
date: Sat, 27 Jan 2024 14:23:29 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fontzone.net/css/responsive.css

154.41.248.253

200 OK

3.4 kB

URL GET HTTP/3
fontzone.net/css/responsive.css
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
ASCII text, with very long lines (3546), with no line terminators
Size
3.4 kB (3393 bytes)
Hash
afa94e2fb228d84a98a7c18bda1b275b
126ee6b039b9b1522b044a59aac4013552581716
078a9e1a0eca86da54e0c1f71f77bbccea2643845fa093153eefde80712b0690

HTTP Headers

GET /css/responsive.css HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: text/css
content-length: 1106
cache-control: public, max-age=15552000,public
expires: Tue, 23 Jul 2024 01:27:10 GMT
last-modified: Wed, 30 Aug 2023 12:41:55 GMT
etag: "d41-64ef3913-e4587ddf42e4c193;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
age: 219379
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 2e499386b1472e07f0cdb092f38189e5-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

fontzone.net/favicon.ico

154.41.248.253

200 OK

1.4 kB

URL GET HTTP/3
fontzone.net/favicon.ico
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
b4154dcc60389847d50d6821881c1de4
751ca7480cb7b5788524e118d00c78864da97166
a3cd066ddb0d61e53467076c40ff80c96653a141a7543cb6b075591cd4e7ba8d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95; _ga_LERTLY8FFK=GS1.1.1706365410.1.0.1706365410.0.0.0; _ga=GA1.1.1338394150.1706365411; prefetchAd_6593521=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: image/x-icon
content-length: 367
cache-control: public, max-age=15552000,public
expires: Mon, 22 Jul 2024 01:57:31 GMT
last-modified: Wed, 30 Aug 2023 12:41:55 GMT
etag: "57e-64ef3913-8104f3d6d895991c;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
age: 303959
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: b9b9ca26f9dd1e1816b2ec7e55ddd664-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

vupoupay.com/impression/eEkoSJp8EFyl4I9iPHWmTByfl0j_rEYCX5KOdHS0LrSEJ7NbjX1uUFB3s0d6h2QF5xqpnuirPvBK0UWu4YMjLl10LGWX6avCyMgfWwh_OSuvoOUboxjY9ILGW5Ecvn8aSyI-B8gGuHes3-OjCnD3Xb8KMZ5KXPfmPx4p_dIH9V-V_xPNCKFDk14yc7VwbSxqh_1_ySB3w1di2RkLjdR9EAT3EFqsdhT7CRAqRqL-VWALpuredjqRkxPudXgXa4ABKi_t8skff6yMc02YAD8LLsaUeTAWVXTJ6K6LJMqpJMR-ExEflgT6QZ08ZNcPg05aUr96x_IxKs0IhGOHnwY7Dvwqt-kwW0XTSsXVg-gI5wqYl2RRYthQHwHyD6Z9kq9SAJELl6NJtv9UmhRSC-ofREIGqGi2oBb3vgOcv-j_ivNlQZCaJsIgOF9ybwEEfb-uB6PhXFwm_2lW7cpQssPL53JYGIp6SeuS8c6tb55wpD7MgqVbUcJ-DWkFivZYuUQETYNo6XdYdewTwsnipeSTcjwcY6UIFGOBqxqy0vz15-u1zwWAFuTtHJEI6mk9__Q8-ytJYGBKOl99hdckTPwnEADOKxpeI9cTJoOihS6nLmxcQ-TnfaHfbQaD8TOEtMPjiotARll7dsERrGBLJssgbFWUBxkd1iDXu7eFvWiwi_8DYAFg3ByfzFAb6O73L2RFemHLIvay6XZPu7AO10WNAgW817ziBgtOJyV0k-96vcbPBXQF8g0wULbwwlRsX55oPssx57DSGt-7SjS82jVWAMsNn_DkrkyEQBgSdF82yLsIT_BhS1mrNWDsmOI=?_z=6593522&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0

139.45.197.243

200 OK

43 B

URL GET HTTP/2
vupoupay.com/impression/eEkoSJp8EFyl4I9iPHWmTByfl0j_rEYCX5KOdHS0LrSEJ7NbjX1uUFB3s0d6h2QF5xqpnuirPvBK0UWu4YMjLl10LGWX6avCyMgfWwh_OSuvoOUboxjY9ILGW5Ecvn8aSyI-B8gGuHes3-OjCnD3Xb8KMZ5KXPfmPx4p_dIH9V-V_xPNCKFDk14yc7VwbSxqh_1_ySB3w1di2RkLjdR9EAT3EFqsdhT7CRAqRqL-VWALpuredjqRkxPudXgXa4ABKi_t8skff6yMc02YAD8LLsaUeTAWVXTJ6K6LJMqpJMR-ExEflgT6QZ08ZNcPg05aUr96x_IxKs0IhGOHnwY7Dvwqt-kwW0XTSsXVg-gI5wqYl2RRYthQHwHyD6Z9kq9SAJELl6NJtv9UmhRSC-ofREIGqGi2oBb3vgOcv-j_ivNlQZCaJsIgOF9ybwEEfb-uB6PhXFwm_2lW7cpQssPL53JYGIp6SeuS8c6tb55wpD7MgqVbUcJ-DWkFivZYuUQETYNo6XdYdewTwsnipeSTcjwcY6UIFGOBqxqy0vz15-u1zwWAFuTtHJEI6mk9__Q8-ytJYGBKOl99hdckTPwnEADOKxpeI9cTJoOihS6nLmxcQ-TnfaHfbQaD8TOEtMPjiotARll7dsERrGBLJssgbFWUBxkd1iDXu7eFvWiwi_8DYAFg3ByfzFAb6O73L2RFemHLIvay6XZPu7AO10WNAgW817ziBgtOJyV0k-96vcbPBXQF8g0wULbwwlRsX55oPssx57DSGt-7SjS82jVWAMsNn_DkrkyEQBgSdF82yLsIT_BhS1mrNWDsmOI=?_z=6593522&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectvupoupay.com
FingerprintFD:C2:60:A3:0E:44:39:00:97:C4:15:89:C1:DE:7E:75:7B:D3:87:6F
ValidityMon, 22 Jan 2024 09:16:15 GMT - Sun, 21 Apr 2024 09:16:14 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/eEkoSJp8EFyl4I9iPHWmTByfl0j_rEYCX5KOdHS0LrSEJ7NbjX1uUFB3s0d6h2QF5xqpnuirPvBK0UWu4YMjLl10LGWX6avCyMgfWwh_OSuvoOUboxjY9ILGW5Ecvn8aSyI-B8gGuHes3-OjCnD3Xb8KMZ5KXPfmPx4p_dIH9V-V_xPNCKFDk14yc7VwbSxqh_1_ySB3w1di2RkLjdR9EAT3EFqsdhT7CRAqRqL-VWALpuredjqRkxPudXgXa4ABKi_t8skff6yMc02YAD8LLsaUeTAWVXTJ6K6LJMqpJMR-ExEflgT6QZ08ZNcPg05aUr96x_IxKs0IhGOHnwY7Dvwqt-kwW0XTSsXVg-gI5wqYl2RRYthQHwHyD6Z9kq9SAJELl6NJtv9UmhRSC-ofREIGqGi2oBb3vgOcv-j_ivNlQZCaJsIgOF9ybwEEfb-uB6PhXFwm_2lW7cpQssPL53JYGIp6SeuS8c6tb55wpD7MgqVbUcJ-DWkFivZYuUQETYNo6XdYdewTwsnipeSTcjwcY6UIFGOBqxqy0vz15-u1zwWAFuTtHJEI6mk9__Q8-ytJYGBKOl99hdckTPwnEADOKxpeI9cTJoOihS6nLmxcQ-TnfaHfbQaD8TOEtMPjiotARll7dsERrGBLJssgbFWUBxkd1iDXu7eFvWiwi_8DYAFg3ByfzFAb6O73L2RFemHLIvay6XZPu7AO10WNAgW817ziBgtOJyV0k-96vcbPBXQF8g0wULbwwlRsX55oPssx57DSGt-7SjS82jVWAMsNn_DkrkyEQBgSdF82yLsIT_BhS1mrNWDsmOI=?_z=6593522&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: vupoupay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: OAID=ad45df34426a4b4e891ac9467eed6903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:35 GMT
content-type: image/gif
content-length: 43
x-trace-id: 4e9ff523aece4fa16be5427870602771
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

fontzone.net/css/style.css

154.41.248.253

200 OK

18 kB

URL GET HTTP/3
fontzone.net/css/style.css
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
ASCII text, with very long lines (426)
Size
18 kB (17941 bytes)
Hash
9afaee31e085aa5f0d01ecbad52482e7
d95361d568c4f970f726cdc7f379987f1fc96769
47d95532e07685396d100873b76da42a39f188eff44482730eed0b3bb5f32b42

HTTP Headers

GET /css/style.css HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: text/css
content-length: 3100
cache-control: public, max-age=15552000,public
expires: Tue, 23 Jul 2024 01:27:10 GMT
last-modified: Wed, 30 Aug 2023 12:41:55 GMT
etag: "4615-64ef3913-3b320dbf5dac1777;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
age: 219379
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 525512759cd58fe08790b19116b70796-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

fontzone.net/images/tabs.png

154.41.248.253

200 OK

1.3 kB

URL GET HTTP/3
fontzone.net/images/tabs.png
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1302 bytes)
Hash
a615d814c1fd870f9f569f5ec90eca42
772f0fa6d5d7baff4524835bea139eeacfad79c5
1bc893ee5c19880f9ddb82577a1dfeefacb84c9a359d89d2a8e232601aa52bf4

HTTP Headers

GET /images/tabs.png HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/css/style.css
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: image/webp
content-length: 1302
cache-control: public, max-age=15552000,public
expires: Thu, 25 Jul 2024 04:44:21 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
age: 34749
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f312052834dcbcacacb2cc4ae7b17ade-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

moonoafy.net/pfe/current/tag.min.js?z=6593525

139.45.197.250

200 OK

14 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=6593525
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type
JavaScript source, ASCII text, with very long lines (14410), with no line terminators
Size
14 kB (14410 bytes)
Hash
fde923bea1fb34407eb061db7c56f703
d3bad8a1b45a848fb068d16b330df2c41f85ff9f
bbbda1c63e48efc0bc695f8093e73e267fed08a7f73938e62c9c6f760a84d752

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=6593525 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/javascript
last-modified: Fri, 26 Jan 2024 14:26:35 GMT
etag: W/"65b3c11b-384a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/1?z=6593523

139.45.197.242

200 OK

43 kB

URL GET HTTP/2
cameesse.net/1?z=6593523
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint23:7C:28:2C:97:BE:75:D0:19:66:1F:B0:CB:42:67:FF:F8:B0:3C:A6
ValidityFri, 12 Jan 2024 22:33:49 GMT - Thu, 11 Apr 2024 22:33:48 GMT

File type
JavaScript source, ASCII text, with very long lines (41975)
Size
43 kB (42964 bytes)
Hash
21abe2c3753920726b982ff3b2287f31
099d3c08437967161a28b480cdbccff29c79ca1f
f0e562a8bf71cbbb444ed1f9b568c646178c6521723ef01ba7ca4b345990ad05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=6593523 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: c334a7eef7310400f5a6aa3b4cbc31e4
access-control-expose-headers: X-Sc
x-sc: GF4X5hprIAKbiPJgugjhFoOvpJAOn3tMbHoMql_VJueFxCoapKtSUIzDimh8xmkTfjoyMGWiNbZs9lU4szpaQICl8Ns=
set-cookie: scm=1; expires=Sun, 26 Jan 2025 14:23:30 GMT; secure; SameSite=None
OAID=935acb4d5d6f4486a662e926eab02af7; expires=Sun, 26 Jan 2025 14:23:30 GMT; secure; SameSite=None
oaidts=1706365410; expires=Sun, 26 Jan 2025 14:23:30 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

veepteero.com/?rb=0DNm-755j2ea7gLH1RW8Qgf8lXvmvSyy6FMOw_5LyA4qIieLk09WSoKse0zS-IRZ4rB35kc9MCteBPX6qpgtFmWKrtb6FT-JVaVjAc5KRVr1McCaP4EKGEiJ1V6qzLSosHQH6JfC5j10GUnu_i8r3OSprBW1PE4_GV-xNM1aID3ZBb_PR4LF4xp0iM_yMKFuLO9tO5aZCnudR6NXx9dELmky0aKwdZvyuawL2dqt6Zyou6tWZykN4POSjixKvdke&request_ab2=0&zoneid=6593521&js_build=iclick-v1.667.2-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.667.2-auto&navlng=en-US&pnt=0&pnrc=0&bs=daf4c1f7-80ea-463e-99c3-8397bf2b93f0&userId=ad45df34426a4b4e891ac9467eed6903&m=link

139.45.197.242

200 OK

3.0 kB

URL GET HTTP/2
veepteero.com/?rb=0DNm-755j2ea7gLH1RW8Qgf8lXvmvSyy6FMOw_5LyA4qIieLk09WSoKse0zS-IRZ4rB35kc9MCteBPX6qpgtFmWKrtb6FT-JVaVjAc5KRVr1McCaP4EKGEiJ1V6qzLSosHQH6JfC5j10GUnu_i8r3OSprBW1PE4_GV-xNM1aID3ZBb_PR4LF4xp0iM_yMKFuLO9tO5aZCnudR6NXx9dELmky0aKwdZvyuawL2dqt6Zyou6tWZykN4POSjixKvdke&request_ab2=0&zoneid=6593521&js_build=iclick-v1.667.2-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.667.2-auto&navlng=en-US&pnt=0&pnrc=0&bs=daf4c1f7-80ea-463e-99c3-8397bf2b93f0&userId=ad45df34426a4b4e891ac9467eed6903&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint8A:B9:66:90:50:92:4F:BC:3B:D5:BE:85:41:72:85:E3:A2:55:E4:D1
ValidityWed, 03 Jan 2024 05:16:21 GMT - Tue, 02 Apr 2024 05:16:20 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3034), with no line terminators
Size
3.0 kB (3005 bytes)
Hash
10293be16ead15f06d672f76070f2073
ab7d549876c274ceb9ec96f02b8a8a1070fe7941
2bea796a6912e309a4d1bf4d4685699f76afab7fe698c425076f38def878d4dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=0DNm-755j2ea7gLH1RW8Qgf8lXvmvSyy6FMOw_5LyA4qIieLk09WSoKse0zS-IRZ4rB35kc9MCteBPX6qpgtFmWKrtb6FT-JVaVjAc5KRVr1McCaP4EKGEiJ1V6qzLSosHQH6JfC5j10GUnu_i8r3OSprBW1PE4_GV-xNM1aID3ZBb_PR4LF4xp0iM_yMKFuLO9tO5aZCnudR6NXx9dELmky0aKwdZvyuawL2dqt6Zyou6tWZykN4POSjixKvdke&request_ab2=0&zoneid=6593521&js_build=iclick-v1.667.2-auto&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.667.2-auto&navlng=en-US&pnt=0&pnrc=0&bs=daf4c1f7-80ea-463e-99c3-8397bf2b93f0&userId=ad45df34426a4b4e891ac9467eed6903&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/json
x-trace-id: 957d3550a103c9cd6482588197f7bfc4
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:30 GMT; path=/; secure; SameSite=None
oaidts=1706365410; expires=Sun, 26 Jan 2025 14:23:30 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 03 Feb 2024 14:23:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

vupoupay.com/500/6593522?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0

139.45.197.243

200 OK

0 B

URL OPTIONS HTTP/2
vupoupay.com/500/6593522?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectvupoupay.com
FingerprintFD:C2:60:A3:0E:44:39:00:97:C4:15:89:C1:DE:7E:75:7B:D3:87:6F
ValidityMon, 22 Jan 2024 09:16:15 GMT - Sun, 21 Apr 2024 09:16:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6593522?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: vupoupay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

vupoupay.com/500/6593522?excludes=19845929&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0

139.45.197.243

200 OK

0 B

URL OPTIONS HTTP/2
vupoupay.com/500/6593522?excludes=19845929&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectvupoupay.com
FingerprintFD:C2:60:A3:0E:44:39:00:97:C4:15:89:C1:DE:7E:75:7B:D3:87:6F
ValidityMon, 22 Jan 2024 09:16:15 GMT - Sun, 21 Apr 2024 09:16:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6593522?excludes=19845929&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: vupoupay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:35 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

cameesse.net/11?rnd=2171053723&z=6593523&b=20187630&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=qrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA==&ruid=a445ef16-5e3b-4f8e-90fa-827e741aa7ff&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=2171053723&z=6593523&b=20187630&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=qrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA==&ruid=a445ef16-5e3b-4f8e-90fa-827e741aa7ff&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint23:7C:28:2C:97:BE:75:D0:19:66:1F:B0:CB:42:67:FF:F8:B0:3C:A6
ValidityFri, 12 Jan 2024 22:33:49 GMT - Thu, 11 Apr 2024 22:33:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=2171053723&z=6593523&b=20187630&var=&varid=0&rqtdbc=0&rcvdbc=0&btp=7&rb=qrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA==&ruid=a445ef16-5e3b-4f8e-90fa-827e741aa7ff&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: scm=1; OAID=ad45df34426a4b4e891ac9467eed6903; oaidts=1706365410
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:51 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 49d8e02a3e540c2bb1def690b9c9948a
access-control-expose-headers: X-Sc
set-cookie: OAID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:51 GMT; secure; SameSite=None
oaidts=1706365410; expires=Sun, 26 Jan 2025 14:23:51 GMT; secure; SameSite=None
oaidvc=1; expires=Sun, 26 Jan 2025 14:23:51 GMT; secure; SameSite=None
CNT=1_v1_7gk0AQEAAAAlTQAA; expires=Sat, 27 Jan 2024 15:23:51 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

fontzone.net/js/jquery-2.1.3.min.js

154.41.248.253

200 OK

84 kB

URL GET HTTP/3
fontzone.net/js/jquery-2.1.3.min.js
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
JavaScript source, ASCII text, with very long lines (32180)
Size
84 kB (84319 bytes)
Hash
0bdc04968d2fe6799360150868a8b8b6
3cca78feb86ab7549f20306ab25c7ab76c72b21f
7682ae16052155906f82c882564658da00e3f9bf19eadf56cfe13f44c0c3d308

HTTP Headers

GET /js/jquery-2.1.3.min.js HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: application/x-javascript
content-length: 28563
cache-control: public, max-age=604800,public
expires: Mon, 29 Jan 2024 05:34:21 GMT
last-modified: Wed, 30 Aug 2023 12:41:55 GMT
etag: "1495f-64ef3913-1559aa6327194fee;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
age: 463748
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: fb01c23679d5cab0e7b5947b9a110e87-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

abrhydona.com/401/6593524

139.45.197.242

200 OK

89 kB

URL GET HTTP/2
abrhydona.com/401/6593524
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectabrhydona.com
Fingerprint78:0B:F3:3A:D8:68:4E:D9:4B:6B:8E:02:AE:F7:4F:4F:99:C6:C9:DB
ValidityFri, 05 Jan 2024 07:58:14 GMT - Thu, 04 Apr 2024 07:58:13 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (88913 bytes)
Hash
bdbcfb01ffa8734f4dd57bb0de1cb3b0
b9cec9573293c41f293c5d757765f190e0088329
26cba2f0b6fd1ae68fa860614e73e23be161eadb356ea462f597da637e9e05f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/6593524 HTTP/1.1
Host: abrhydona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/javascript
x-trace-id: 4ace5561ac7039e182765f887aa186af
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=e33f6d2645da46a194bba72cdcaf2de6; expires=Sun, 26 Jan 2025 14:23:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

moonoafy.net/zone?pub=0&zone_id=6593525&is_mobile=false&domain=fontzone.net&var=&ymid=&var_3=&tg=0&sw=3.1.478

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=6593525&is_mobile=false&domain=fontzone.net&var=&ymid=&var_3=&tg=0&sw=3.1.478
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
880 B (880 bytes)
Hash
de0dfc6cfa18f23c646ecc53f8e5416c
26f6ea5f7e89034f87ba10e04579e04f3cace494
a7cd6d9c14f9f4fd27590e0c046a1501993f5d8e66323209982d574d310fc8e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=6593525&is_mobile=false&domain=fontzone.net&var=&ymid=&var_3=&tg=0&sw=3.1.478 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: a055defea333f51f71e38ad8e7f148c6
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fontzone.net/fontimage/t/

154.41.248.253

403 Forbidden

699 B

URL GET HTTP/3
fontzone.net/fontimage/t/
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
HTML document, ASCII text, with very long lines (730), with no line terminators
Size
699 B (699 bytes)
Hash
f18738db31bcebd888a29d632a95e026
ba0d82f29ea996be3b72a2ded66adc7fcfa1658f
6c1eb40e768735e0bc405e532d8701bb11759cf091aa3e8aff576562bcfc9f23

HTTP Headers

GET /fontimage/t/ HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
server: hcdn
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: text/html
vary: accept-encoding
cache-control: private, no-cache, no-store, must-revalidate, max-age=0,public
pragma: no-cache
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 1884a2d57f3f4f4846c9ebe900bd54a6-bnk-edge1
content-encoding: br

abrhydona.com/impression/cwIPNteKeibo0kNqnui7XKgBIHpatQYPVDvyI8TD0OfQ2gS7swcnIx0SSUjNQdLPOuMPncEZDmmvS4mZuukOBkTLzOk5_hE_tUIs_ttnZnPh10449mpWWR-Xwhz1iXigqvGuUdobpokJj6hxOjHHdd5-XtYrglxRjUrtc__wvB9Q6pXFI3wbIGJWzNJfS2bhK6wg_LrxhFRiw6_PfUztQvk_CygV2oafw6Yl9dAL6-JinA9DqljzO8SihoTs257qplXs0Yoc9oU-OBdamWxFCsaTNs4CEU7erfXFonM5CiEspki-LB2KrlBw1f81iqyn2_KHnjZDL491Wy1zvP0O7KVt1TMXXYLU8Dg0EM6iVAqU22tFQrnk9uTeEcCyC9X6LUUca3WCjhV2vivRy5dgINXUOMeLR1jzSK1BshIpQXKWb_qHh9id6ZJOjgtLizLA0Y9UGdBSLmj87pY9FQWi2EcfRVV1WIOlQ0ueuQrmPNYyp_52mLy8Ei2-UrsI5Z7EVrvbaQcIMGYSMNyiN7GxM9I5tQq-Tt3hX4TRzh6C12XAbOuNxRn7mpB_vuGOxXu1Uf5cbac9eBrPHKpuABzb8CkygFzVcQhwoOGagbLAwX6HjmQ3RKNDVSkxIohixOt8JlJtk8dGJCAEXFuCCDlLKyG8yOPPH06GESGuxTQe0exVK2p9J-SI3xxf2VZh-_Mwirzyd19hEsj0T6IQ?_z=6593524&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
abrhydona.com/impression/cwIPNteKeibo0kNqnui7XKgBIHpatQYPVDvyI8TD0OfQ2gS7swcnIx0SSUjNQdLPOuMPncEZDmmvS4mZuukOBkTLzOk5_hE_tUIs_ttnZnPh10449mpWWR-Xwhz1iXigqvGuUdobpokJj6hxOjHHdd5-XtYrglxRjUrtc__wvB9Q6pXFI3wbIGJWzNJfS2bhK6wg_LrxhFRiw6_PfUztQvk_CygV2oafw6Yl9dAL6-JinA9DqljzO8SihoTs257qplXs0Yoc9oU-OBdamWxFCsaTNs4CEU7erfXFonM5CiEspki-LB2KrlBw1f81iqyn2_KHnjZDL491Wy1zvP0O7KVt1TMXXYLU8Dg0EM6iVAqU22tFQrnk9uTeEcCyC9X6LUUca3WCjhV2vivRy5dgINXUOMeLR1jzSK1BshIpQXKWb_qHh9id6ZJOjgtLizLA0Y9UGdBSLmj87pY9FQWi2EcfRVV1WIOlQ0ueuQrmPNYyp_52mLy8Ei2-UrsI5Z7EVrvbaQcIMGYSMNyiN7GxM9I5tQq-Tt3hX4TRzh6C12XAbOuNxRn7mpB_vuGOxXu1Uf5cbac9eBrPHKpuABzb8CkygFzVcQhwoOGagbLAwX6HjmQ3RKNDVSkxIohixOt8JlJtk8dGJCAEXFuCCDlLKyG8yOPPH06GESGuxTQe0exVK2p9J-SI3xxf2VZh-_Mwirzyd19hEsj0T6IQ?_z=6593524&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectabrhydona.com
Fingerprint78:0B:F3:3A:D8:68:4E:D9:4B:6B:8E:02:AE:F7:4F:4F:99:C6:C9:DB
ValidityFri, 05 Jan 2024 07:58:14 GMT - Thu, 04 Apr 2024 07:58:13 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/cwIPNteKeibo0kNqnui7XKgBIHpatQYPVDvyI8TD0OfQ2gS7swcnIx0SSUjNQdLPOuMPncEZDmmvS4mZuukOBkTLzOk5_hE_tUIs_ttnZnPh10449mpWWR-Xwhz1iXigqvGuUdobpokJj6hxOjHHdd5-XtYrglxRjUrtc__wvB9Q6pXFI3wbIGJWzNJfS2bhK6wg_LrxhFRiw6_PfUztQvk_CygV2oafw6Yl9dAL6-JinA9DqljzO8SihoTs257qplXs0Yoc9oU-OBdamWxFCsaTNs4CEU7erfXFonM5CiEspki-LB2KrlBw1f81iqyn2_KHnjZDL491Wy1zvP0O7KVt1TMXXYLU8Dg0EM6iVAqU22tFQrnk9uTeEcCyC9X6LUUca3WCjhV2vivRy5dgINXUOMeLR1jzSK1BshIpQXKWb_qHh9id6ZJOjgtLizLA0Y9UGdBSLmj87pY9FQWi2EcfRVV1WIOlQ0ueuQrmPNYyp_52mLy8Ei2-UrsI5Z7EVrvbaQcIMGYSMNyiN7GxM9I5tQq-Tt3hX4TRzh6C12XAbOuNxRn7mpB_vuGOxXu1Uf5cbac9eBrPHKpuABzb8CkygFzVcQhwoOGagbLAwX6HjmQ3RKNDVSkxIohixOt8JlJtk8dGJCAEXFuCCDlLKyG8yOPPH06GESGuxTQe0exVK2p9J-SI3xxf2VZh-_Mwirzyd19hEsj0T6IQ?_z=6593524&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: abrhydona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: OAID=ad45df34426a4b4e891ac9467eed6903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:35 GMT
content-type: image/gif
content-length: 43
x-trace-id: 354eb7106e391025a269e693296a7d4e
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
39 B (39 bytes)
Hash
c16023891530fbce40f0a1244c3af01c
e15d9dff768d82673e5e797a8395d1fa7d9049b7
c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Content-Type: application/json
Content-Length: 762
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 169e96a2c5c44999ce0ca2f489280750
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fontzone.net/images/fontzone-logo.jpg

154.41.248.253

200 OK

1.4 kB

URL GET HTTP/3
fontzone.net/images/fontzone-logo.jpg
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.4 kB (1390 bytes)
Hash
43a1819dcc8eff15642fbbd6ba5ea486
2f9eff954f8d0c26ad39560a9456a2fa83de6c8d
a11654f89627b3473921acb9aec27c0336e96b9bd4d4fd29b68daa53a063f313

HTTP Headers

GET /images/fontzone-logo.jpg HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/css/style.css
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: image/webp
content-length: 1390
cache-control: public, max-age=15552000,public
expires: Tue, 23 Jul 2024 01:27:11 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
age: 219379
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: bd233233490e2833b0b4cbc2188dfafa-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

vupoupay.com/impression/JXq4JwPa2VNH7aJAVsMfjrv0GP-1qMqyqDt6NKshuJ9kWKmoXujqVZogdJKb_yxkJ0Tvv-2cH_t72lFsuB9C1-vWJrCy6XvslSq5Q050CUYwPBm4om4P0mbkOJN0HeQrm5qtpMeDhkt4-QMtET_i1t6lxZj6dCFpEymI6PO37PGjzcyfmxsDDzjPQnTfbSGkY25oIGiXG82_hVHzNyCvNQ52BLwe4cGodK54_b-0hv--x_dQKNhax6OD2tznP5YwkJoNFi9Vfiv4UzORsMACDJnqsjHe_CqW_XsAJxlNo-1KgvyIsosVSW_GcaWBK9y0X19adNitey3TNqGqnQ5092ZjLqPF55Y9p9KeMPcGbZjLTo3vBp5gcR-Gyo73Jp5QqGX-ECTHIJ6YtXrVgMFngFa9cz--MvMxbJ8-lWGAXxnumSC01FaMIMTswsPMF34kQgf8HtQoNqQ-EtZlhGMp6RzyxjLDMmODKohpN7OmfijDh0e_eukCYfYLVS8v9JjQ7t2QQ4hRP6kpVC3-pj3oyK57utT-PkvdGJLotXicWvzKvENg6EdxCcdsYdJcvEPfx3gVr1mSDZcDG09C9tJG6JeDB2tpNTVLxrpvPaKHFo78S49C_zPF6X8ZFtfg-saVU8XsAl-4OWN5KfLAJU2DoUkpQ3ZBkHC9_MOw9yYPY6-yhfhjrUHA6WDgXOjaey5x5c2BFHzcnvpoP7cTdLiTkmMAyH4WIUntRkVya9bEBgfRTK3rZXIDcemQjR_MMD4_5yY7mXc2VK4Oey9NgcGAM0g3orguJP20KNBHntj2M2_byKGUaR5ykJzBSUM=?_z=6593522&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0

139.45.197.243

200 OK

43 B

URL GET HTTP/2
vupoupay.com/impression/JXq4JwPa2VNH7aJAVsMfjrv0GP-1qMqyqDt6NKshuJ9kWKmoXujqVZogdJKb_yxkJ0Tvv-2cH_t72lFsuB9C1-vWJrCy6XvslSq5Q050CUYwPBm4om4P0mbkOJN0HeQrm5qtpMeDhkt4-QMtET_i1t6lxZj6dCFpEymI6PO37PGjzcyfmxsDDzjPQnTfbSGkY25oIGiXG82_hVHzNyCvNQ52BLwe4cGodK54_b-0hv--x_dQKNhax6OD2tznP5YwkJoNFi9Vfiv4UzORsMACDJnqsjHe_CqW_XsAJxlNo-1KgvyIsosVSW_GcaWBK9y0X19adNitey3TNqGqnQ5092ZjLqPF55Y9p9KeMPcGbZjLTo3vBp5gcR-Gyo73Jp5QqGX-ECTHIJ6YtXrVgMFngFa9cz--MvMxbJ8-lWGAXxnumSC01FaMIMTswsPMF34kQgf8HtQoNqQ-EtZlhGMp6RzyxjLDMmODKohpN7OmfijDh0e_eukCYfYLVS8v9JjQ7t2QQ4hRP6kpVC3-pj3oyK57utT-PkvdGJLotXicWvzKvENg6EdxCcdsYdJcvEPfx3gVr1mSDZcDG09C9tJG6JeDB2tpNTVLxrpvPaKHFo78S49C_zPF6X8ZFtfg-saVU8XsAl-4OWN5KfLAJU2DoUkpQ3ZBkHC9_MOw9yYPY6-yhfhjrUHA6WDgXOjaey5x5c2BFHzcnvpoP7cTdLiTkmMAyH4WIUntRkVya9bEBgfRTK3rZXIDcemQjR_MMD4_5yY7mXc2VK4Oey9NgcGAM0g3orguJP20KNBHntj2M2_byKGUaR5ykJzBSUM=?_z=6593522&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectvupoupay.com
FingerprintFD:C2:60:A3:0E:44:39:00:97:C4:15:89:C1:DE:7E:75:7B:D3:87:6F
ValidityMon, 22 Jan 2024 09:16:15 GMT - Sun, 21 Apr 2024 09:16:14 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/JXq4JwPa2VNH7aJAVsMfjrv0GP-1qMqyqDt6NKshuJ9kWKmoXujqVZogdJKb_yxkJ0Tvv-2cH_t72lFsuB9C1-vWJrCy6XvslSq5Q050CUYwPBm4om4P0mbkOJN0HeQrm5qtpMeDhkt4-QMtET_i1t6lxZj6dCFpEymI6PO37PGjzcyfmxsDDzjPQnTfbSGkY25oIGiXG82_hVHzNyCvNQ52BLwe4cGodK54_b-0hv--x_dQKNhax6OD2tznP5YwkJoNFi9Vfiv4UzORsMACDJnqsjHe_CqW_XsAJxlNo-1KgvyIsosVSW_GcaWBK9y0X19adNitey3TNqGqnQ5092ZjLqPF55Y9p9KeMPcGbZjLTo3vBp5gcR-Gyo73Jp5QqGX-ECTHIJ6YtXrVgMFngFa9cz--MvMxbJ8-lWGAXxnumSC01FaMIMTswsPMF34kQgf8HtQoNqQ-EtZlhGMp6RzyxjLDMmODKohpN7OmfijDh0e_eukCYfYLVS8v9JjQ7t2QQ4hRP6kpVC3-pj3oyK57utT-PkvdGJLotXicWvzKvENg6EdxCcdsYdJcvEPfx3gVr1mSDZcDG09C9tJG6JeDB2tpNTVLxrpvPaKHFo78S49C_zPF6X8ZFtfg-saVU8XsAl-4OWN5KfLAJU2DoUkpQ3ZBkHC9_MOw9yYPY6-yhfhjrUHA6WDgXOjaey5x5c2BFHzcnvpoP7cTdLiTkmMAyH4WIUntRkVya9bEBgfRTK3rZXIDcemQjR_MMD4_5yY7mXc2VK4Oey9NgcGAM0g3orguJP20KNBHntj2M2_byKGUaR5ykJzBSUM=?_z=6593522&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: vupoupay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: OAID=ad45df34426a4b4e891ac9467eed6903
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:38 GMT
content-type: image/gif
content-length: 43
x-trace-id: c7e6abc695f4588121d8dac54d854ee5
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1660
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 27 Jan 2024 14:23:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://fontzone.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

fontzone.net/sw.js

154.41.248.253

200 OK

5.2 kB

URL GET HTTP/3
fontzone.net/sw.js
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
JavaScript source, ASCII text, with very long lines (5239), with no line terminators
Size
5.2 kB (5236 bytes)
Hash
f6567594c63534be44571e1a362e3ebf
55deab9cdb55c00866ec86f6bd3e2bd7143e73df
782ce5751cfeab3a793815d1df4459676f37b9e5d1b331d1576058ee36b4632e

HTTP Headers

GET /sw.js HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/font-download/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95; _ga_LERTLY8FFK=GS1.1.1706365410.1.0.1706365410.0.0.0; _ga=GA1.1.1338394150.1706365411; prefetchAd_6593521=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: application/x-javascript
content-length: 2321
cache-control: public, max-age=604800,public
expires: Fri, 02 Feb 2024 22:04:31 GMT
last-modified: Sat, 11 Nov 2023 17:49:26 GMT
etag: "1474-654fbea6-15a1f6af873bdcda;br"
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
age: 58740
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: e99f9837450af1cf93a0a278049dab76-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

139.45.197.243

200 OK

1.7 kB

URL GET HTTP/2
vupoupay.com/500/6593522?excludes=19845929&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectvupoupay.com
FingerprintFD:C2:60:A3:0E:44:39:00:97:C4:15:89:C1:DE:7E:75:7B:D3:87:6F
ValidityMon, 22 Jan 2024 09:16:15 GMT - Sun, 21 Apr 2024 09:16:14 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1759), with no line terminators
Size
1.7 kB (1736 bytes)
Hash
fa014a3ca28f13ef1a909ecfa46f52dd
50a218cca87c7ed4606f5964d73b6ec7a111f4bc
875e9d154b16dfaa9a2bdfcfcb35ed97aac836434982ec4055977b4cc9b35a06

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6593522?excludes=19845929&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: vupoupay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: OAID=ad45df34426a4b4e891ac9467eed6903
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:35 GMT
content-type: application/javascript
x-trace-id: a32fdfa30fc9a6a216cfe3b920e40bde
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://fontzone.net
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:35 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

fontzone.net/images/menu_ico.jpg

154.41.248.253

200 OK

692 B

URL GET HTTP/3
fontzone.net/images/menu_ico.jpg
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
RIFF (little-endian) data, Web/P image
Size
692 B (692 bytes)
Hash
fbe492e4d93e6aa473cc0740c3e7a789
770dbc6f02477ef30b71a5d9ceae15ad1d37370f
0d9507c4f253693aed486d87b8bf937d25627ada36d90926d7eda590c0f30cbb

HTTP Headers

GET /images/menu_ico.jpg HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: image/webp
content-length: 692
cache-control: public, max-age=15552000,public
expires: Tue, 23 Jul 2024 01:27:11 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
age: 219378
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 2a99f93a09d62d30430ac4f1f1219470-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

fontzone.net/images/download-btn.png

154.41.248.253

200 OK

466 B

URL GET HTTP/3
fontzone.net/images/download-btn.png
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
RIFF (little-endian) data, Web/P image
Size
466 B (466 bytes)
Hash
187f719a16afb550748ebc7440b6b1ee
209acec755931fed6999824ad264daf6e7068ad5
7e439610d844d10c8800d9a616b28d61acae5ffe8dfe4563f5a2c1e170ace305

HTTP Headers

GET /images/download-btn.png HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/css/style.css
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: image/webp
content-length: 466
cache-control: public, max-age=15552000,public
expires: Tue, 23 Jul 2024 01:27:11 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
age: 219379
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: f4483a0d8e6d52b3e08bb86220324474-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
39 B (39 bytes)
Hash
c16023891530fbce40f0a1244c3af01c
e15d9dff768d82673e5e797a8395d1fa7d9049b7
c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Content-Type: application/json
Content-Length: 375
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6740b08092f1558c2cc27ce100744c42
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

139.45.197.243

200 OK

1.7 kB

URL GET HTTP/2
vupoupay.com/500/6593522?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectvupoupay.com
FingerprintFD:C2:60:A3:0E:44:39:00:97:C4:15:89:C1:DE:7E:75:7B:D3:87:6F
ValidityMon, 22 Jan 2024 09:16:15 GMT - Sun, 21 Apr 2024 09:16:14 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1771), with no line terminators
Size
1.7 kB (1748 bytes)
Hash
219e83a2ee2e0eedede6833eef0fb016
12f79ae0e9ba7bab43fedf8169963d820ccd84eb
dd6978e39ca4baad57f0a45c90437ca5199bea196d565b0f5b8169f9c5036530

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6593522?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: vupoupay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: OAID=19a09dc0c5a842d5882099b6752175a5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: application/javascript
x-trace-id: 9f3ccc09c646b917a614298d3f7d67ac
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://fontzone.net
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

interbuzznews.com/contents/s/d1/2a/23/7383747392501c1487da343ba9/01037559025392.jpeg

139.45.197.154

200 OK

16 kB

URL GET HTTP/2
interbuzznews.com/contents/s/d1/2a/23/7383747392501c1487da343ba9/01037559025392.jpeg
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint6F:EA:DE:99:16:57:B3:EB:00:31:74:C7:1E:99:E6:69:0A:74:EA:D8
ValidityMon, 11 Dec 2023 05:13:19 GMT - Sun, 10 Mar 2024 05:13:18 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 256x256, components 3
Size
16 kB (15480 bytes)
Hash
d12a237383747392501c1487da343ba9
f6c91d8a2e06ec6caa65290ab192bd35c2fc1ee5
d5f602e7fcf9c90ed34ebe5a7aa03b1d407a9690b233a13c1688e54a047c5289

HTTP Headers

GET /contents/s/d1/2a/23/7383747392501c1487da343ba9/01037559025392.jpeg HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=v9nLOdcLv9n5akT&cd_meta_crid=394803&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D2057812376%26z%3D6593523%26b%3D20187630%26c%3D7875697%26var%3D%26varid%3D0%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D4828%2526key%253D025d76cd3aeec48efa4f92c67b128e1d%2526zoneid%253D%257Bzoneid%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DqrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA%3D%3D%26bag%3De5WiNa3QjVf4u1jVtO_1dw%3D%3D%26ruid%3Da445ef16-5e3b-4f8e-90fa-827e741aa7ff%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Ffontzone.net%252Ffont-download%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D0%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: image/jpeg
content-length: 15480
last-modified: Fri, 26 Jan 2024 08:40:00 GMT
vary: Accept-Encoding
etag: "65b36fe0-3c78"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

fontzone.net/js/custom.js

154.41.248.253

200 OK

265 B

URL GET HTTP/3
fontzone.net/js/custom.js
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
JavaScript source, ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
abbc4d19a8eac193ff7b0e72f7a715cf
81981ecf45cd386d4b6e8a933067a6df037c3153
51002d5821b5d0ea840ac345d20857de782ec438802c9fe8072d7f7ed53107e1

HTTP Headers

GET /js/custom.js HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: application/x-javascript
vary: accept-encoding
cache-control: public, max-age=604800,public
expires: Mon, 29 Jan 2024 05:34:21 GMT
last-modified: Wed, 30 Aug 2023 12:41:55 GMT
etag: W/"109-64ef3913-fb13f6e6f33488c1;;;"
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
age: 463748
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: c677344b77f995db10647ff36033f017-bnk-edge1
x-hcdn-cache-status: HIT
content-encoding: br

alwingulla.com/88/tag.min.js

188.114.96.1

200 OK

74 kB

URL GET HTTP/2
alwingulla.com/88/tag.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fontzone.net/font-download/
Certificate
IssuerGoogle Trust Services LLC
Subjectalwingulla.com
FingerprintEC:7B:79:D8:9B:E7:5C:B6:D2:7B:E5:0A:62:FE:0A:4C:FE:2A:7C:74
ValiditySat, 13 Jan 2024 17:19:19 GMT - Fri, 12 Apr 2024 17:19:18 GMT

File type
JavaScript source, ASCII text, with very long lines (65494)
Size
74 kB (73715 bytes)
Hash
069bc62fdab16915025b924d999daa11
e458c1859c51e4598c064990fe414c55271c1898
5253d8b76a30c57c17c8e6de7149d5bf2f168550d30f7ccf7e56638b1f5c1952

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/tag.min.js HTTP/1.1
Host: alwingulla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 0630c8574d8d92cb434073b8d516a680
cache-control: max-age=86400
last-modified: Fri, 26 Jan 2024 20:38:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 28 Jan 2024 06:13:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 29403
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wYRwFoqNn4w%2FLE74uPsy5fAU5XUnB6j7dxG1USNVwNpVUkalkA%2FTt1lIhk9PFoUjZIx9dB0s2Jz93Mkz7q%2FM5nNyoK2TOozBCFK3YSazRVTaz2przkoBn5yrFAI3nbwb1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84c1a7639e28568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fontzone.net/images/facebook-like.png

154.41.248.253

200 OK

6.6 kB

URL GET HTTP/3
fontzone.net/images/facebook-like.png
IP
154.41.248.253:443
ASN
#174 COGENT-174

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type
RIFF (little-endian) data, Web/P image
Size
6.6 kB (6580 bytes)
Hash
85668b52a4ac6cc1993245efca235313
ffdb906d020510ef80b336db2f96cbb1dd464890
50c8576a7287590b7550018f69231f7cd82d914d9a573ffbc67f50b16ed563c6

HTTP Headers

GET /images/facebook-like.png HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/font-download/
Cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: image/webp
content-length: 6580
cache-control: public, max-age=15552000,public
expires: Tue, 23 Jul 2024 01:27:10 GMT
x-hcdn-image-optimizer: f:webp q:85 w:1600
age: 219379
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: 17001680ab683d17abb39df8ccec0bae-bnk-edge1
x-hcdn-cache-status: HIT
accept-ranges: bytes

139.45.197.242

200 OK

0 B

URL OPTIONS HTTP/2
abrhydona.com/500/6593524?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectabrhydona.com
Fingerprint78:0B:F3:3A:D8:68:4E:D9:4B:6B:8E:02:AE:F7:4F:4F:99:C6:C9:DB
ValidityFri, 05 Jan 2024 07:58:14 GMT - Thu, 04 Apr 2024 07:58:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6593524?excludes=&oaid=ad45df34426a4b4e891ac9467eed6903&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=8&sw_version=v1.319.0 HTTP/1.1
Host: abrhydona.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
FingerprintFC:27:80:38:8F:DA:69:79:BB:D3:4C:59:0E:9F:B6:E3:92:AA:B0:D9
ValidityTue, 09 Jan 2024 08:45:45 GMT - Mon, 08 Apr 2024 08:45:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

fontzone.net/download/shagexpert-mystery/font-download/shagexpert-mystery/font-download/

154.41.248.253

302 Found

10 kB

URL User Request GET HTTP/2
fontzone.net/download/shagexpert-mystery/font-download/shagexpert-mystery/font-download/
IP
154.41.248.253:443
ASN
#174 COGENT-174

Certificate
IssuerLet's Encrypt
Subjectfontzone.net
Fingerprint0E:08:EF:DD:04:24:6C:7E:2E:7F:45:C8:E4:D4:C0:C3:6F:F7:67:F9
ValidityThu, 11 Jan 2024 08:27:01 GMT - Wed, 10 Apr 2024 08:27:00 GMT

File type

Size
10 kB (10352 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /download/shagexpert-mystery/font-download/shagexpert-mystery/font-download/ HTTP/1.1
Host: fontzone.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: hcdn
date: Sat, 27 Jan 2024 14:23:29 GMT
content-type: text/html; charset=UTF-8
content-length: 3731
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=c39262294387604c9c33158f5b06ea95; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0,public
pragma: no-cache
location: /font-download/
content-encoding: br
platform: hostinger
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
alt-svc: h3=":443"; ma=86400
x-hcdn-request-id: a43a26cb383f8531941f31b8860ee718-bnk-edge1
x-hcdn-cache-status: MISS
x-hcdn-upstream-rt: 0.541
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-LERTLY8FFK

142.250.74.168

200 OK

230 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-LERTLY8FFK
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://fontzone.net/font-download/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintD0:30:40:C8:C1:4E:8B:97:6C:36:B5:83:34:51:BE:DC:6F:B7:4C:D9
ValidityTue, 02 Jan 2024 13:02:45 GMT - Tue, 26 Mar 2024 13:02:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
230 kB (230344 bytes)
Hash
09eace99e49c929c930623e5d9d8ee3c
98697ce786c7c7c551fe9faf6fd1c206f43cd9e1
664f310a829fafe5eb2a8078b0d65c9b02455cec59db57d29ca1d942b4c11b76

HTTP Headers

GET /gtag/js?id=G-LERTLY8FFK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 27 Jan 2024 14:23:29 GMT
expires: Sat, 27 Jan 2024 14:23:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81520
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

veepteero.com/88/21233

139.45.197.242

200 OK

3.0 kB

URL GET HTTP/2
veepteero.com/88/21233
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint8A:B9:66:90:50:92:4F:BC:3B:D5:BE:85:41:72:85:E3:A2:55:E4:D1
ValidityWed, 03 Jan 2024 05:16:21 GMT - Tue, 02 Apr 2024 05:16:20 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3304), with no line terminators
Size
3.0 kB (3044 bytes)
Hash
d264a709d67578a5a2b1681638370f63
0d4c5c32f5f6bac54ac2aab007ed5653aaafd577
90480baefb2599c935fe08dde238c6d392ddeebfcdd92fa12cfbc164183e36bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/21233 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/json
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.11.245

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.11.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fontzone.net/font-download/
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
FingerprintF2:F3:F8:C4:40:73:B6:FE:DD:58:70:D7:13:25:D2:51:21:88:50:0B
ValiditySun, 03 Dec 2023 17:24:18 GMT - Sat, 02 Mar 2024 17:24:17 GMT

File type
JavaScript source, ASCII text, with very long lines (18369)
Size
19 kB (19019 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Jan 2024 14:23:30 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3048
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RvDRRhyZD%2B7Pc91uBZiqGjbrtj%2BVxhOMZu0noGeEf6id%2Bir%2BP81L8SerlbSoDjUe9hz0pRHcaTZqrCQiiY%2F%2BzzTcgQWoqJ%2Bqxqg0m8LyBbSm0uiVKcwKvt%2BMMBGAWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84c1a767d87a5696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cameesse.net/11?rnd=2171053723&z=6593523&b=20187630&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=qrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA==&ruid=a445ef16-5e3b-4f8e-90fa-827e741aa7ff&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=127

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=2171053723&z=6593523&b=20187630&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=qrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA==&ruid=a445ef16-5e3b-4f8e-90fa-827e741aa7ff&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=127
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint23:7C:28:2C:97:BE:75:D0:19:66:1F:B0:CB:42:67:FF:F8:B0:3C:A6
ValidityFri, 12 Jan 2024 22:33:49 GMT - Thu, 11 Apr 2024 22:33:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=2171053723&z=6593523&b=20187630&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=qrTQUbxadW3aOlm5LE_ivcGu05RHyhO9JZwIjxUXIEUasNYWJIpsjWe2MRPx_UDH8XIeXiiK9mnmTOpWSSQJHUgPXSaSleohXpRbBpEfZ0WG3BDPVrdhFar-RUilHKDD__-29l25hMBCYXCsGnET8pWdDHkAYWO8xmU_c-zr70FmdclAb1lU88gQf4lniLTI6QdIJkFP06IjRa44VtsjDWOLi05sqRMcirLdXmsZeGw6rq98TTjkfCkuF8hrJqWUWBc3FO-ArvBJbGYIwcfBHxM2B6DMr1NExMpxAJA1OsAlaP6kwJbiyvYQfO3OHPpQojYnQyuKlk11c9PpKTGyTLhYnYxIBZ4t-cUPV4spizCcF1sgaCjpE3XFqubHHb_9mIIhim4xbkWOMWEaB0OcIjv_y0bmNqhuhMVo65usPyHPtNXbWwP2rh92GzpAGrYMTDCszlInBgLo878JFGjpH3yn3HmVh9uUjmo9_h37w-Hi2vqau6nIh33J0DciGfdTi_CG8nPGJo5ySh8RlERiCdZQViEN4SmVY3z3gKzYUETv2Bfk0kQBlBhnyuTrE-ulbpktu0bK9tli7VBfIGSZOtpVblTH9TRfJgmz4mufROnL1Kp63hiInkYKavlM78eWXmsti4J6Tkj5ZFOYSf9P6C8gLW7fG7ES7FQBmA==&ruid=a445ef16-5e3b-4f8e-90fa-827e741aa7ff&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Ffontzone.net%2Ffont-download%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&ot=127 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Cookie: scm=1; OAID=ad45df34426a4b4e891ac9467eed6903; oaidts=1706365410
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://fontzone.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: f549d9afa3e08a48d89a0da3fdef77ad
access-control-expose-headers: X-Sc
set-cookie: OAID=ad45df34426a4b4e891ac9467eed6903; expires=Sun, 26 Jan 2025 14:23:31 GMT; secure; SameSite=None
oaidts=1706365410; expires=Sun, 26 Jan 2025 14:23:31 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fontzone.net/font-download/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint94:5D:BD:F9:F6:55:6B:83:55:25:90:4A:5F:E4:CF:19:5E:6B:A2:51
ValidityWed, 22 Nov 2023 20:33:33 GMT - Tue, 20 Feb 2024 20:33:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fontzone.net/
Origin: https://fontzone.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://fontzone.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg

104.22.33.172

200 OK

17 kB

URL GET HTTP/2
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fontzone.net/font-download/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
17 kB (17173 bytes)
Hash
9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906

HTTP Headers

GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fontzone.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Jan 2024 14:23:31 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 27 Jan 2024 16:23:05 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 79226
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 84c1a76c7f67abdb-CPH
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by