Report - go1.fere.work/r.go?r=http://kwanic.com/pkplayhoodau_rea/?srv=playhood&p=jazz&ad=rea&pubid=3277&aff

Report Overview

Visitedpublic

2024-04-08 20:11:42

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
12618907bcf5.nobhere.com	576695	2017-06-21	2022-06-10 09:29:01	2024-03-28 03:59:38	511 B	30 kB	94.237.90.104
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2024-04-07 18:47:42	460 B	31 kB	172.64.207.38
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-04-08 04:13:05	448 B	4.9 kB	142.250.74.106
go1.fere.work	unknown	2019-01-22	2023-04-11 17:40:11	2024-03-28 11:20:44	1.2 kB	1.1 kB	217.22.19.197
www.funkyoffer.online	unknown	unknown	No data	No data	1.8 kB	71 kB	94.237.26.82
kwanic.com	unknown	2022-04-22	2020-08-20 04:41:49	2024-03-25 05:28:18	497 B	30 kB	172.67.156.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-08	medium	funkyoffer.online	Sinkholed
2024-04-08	medium	funkyoffer.online	Sinkholed
2024-04-08	medium	funkyoffer.online	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream	ScriptElement	2.5 kB	2023-10-23	2024-08-21
URL www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream IP / ASN 94.237.26.82 #202053 UpCloud Ltd Introduced by ScriptElement Embedded true Resource Info First Seen 2023-10-23 Last Seen 2024-08-21 Times Seen 45 Size 2.5 kB (2512 bytes) MD5 dfbc1276e634701cc42b5c5eadcbbe59 SHA1 d4edbe02626449ce7c7570e67c33b2096f34aa10 SHA256 e641d1c6b2c4def3c58078b68f49e1c1de8493feeb16cc6b2a4bb348332190b6 Format Code Loading...

	www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream	ScriptElement	444 B	2023-10-23	2024-10-04
URL www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream IP / ASN 94.237.26.82 #202053 UpCloud Ltd Introduced by ScriptElement Embedded true Resource Info First Seen 2023-10-23 Last Seen 2024-10-04 Times Seen 92 Size 444 B (444 bytes) MD5 03067204cfc2850ac8060b87581ead97 SHA1 8c8441b7bb0b54b911069bd2a27d4b601adb4942 SHA256 0a63e82b0be34ab73d087f3afe3276d40f353f8bcd38fa2f78108872f41d85e1 Format Code Loading...

	www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream	ScriptElement	1.7 kB	2024-08-20	2024-08-20
URL www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream IP / ASN 94.237.26.82 #202053 UpCloud Ltd Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-20 Last Seen 2024-08-20 Times Seen 1 Size 1.7 kB (1738 bytes) MD5 64f2fbb06fd6d582a1d6323f2c70e118 SHA1 4e57924e51a17f874c430fd655dad4c443f4f096 SHA256 66c2ee03d667f3c6fb145c96b11640cc56462336530042aee1c735bec499e7fa Format Code Loading...

HTTP Transactions (9)

URL IP Response Size

go1.fere.work/r.go?r=http://kwanic.com/pkplayhoodau_rea/?srv=playhood&p=jazz&ad=rea&pubid=3277&aff_sub=c4142971-47e2-40bb-ab80-99b578d54f3b

217.22.19.197

352 B

URL

go1.fere.work/r.go?r=http://kwanic.com/pkplayhoodau_rea/?srv=playhood&p=jazz&ad=rea&pubid=3277&aff_sub=c4142971-47e2-40bb-ab80-99b578d54f3b

IP / ASN

217.22.19.197

#42567 Mojohost B.v.

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2024-04-04

Last Seen2024-08-20

Times Seen6

Size352 B (352 bytes)

MD5397cc95be937f46c612139d67379aee9

SHA1e003cf453b443014d7d58f6588848e2fd1210796

SHA2566fc46da323b8671fe759c4415e67fc517ffd8c9a810f26ed92fe0bad94cecc04

HTTP Headers

GET /r.go?r=http://kwanic.com/pkplayhoodau_rea/?srv=playhood&p=jazz&ad=rea&pubid=3277&aff_sub=c4142971-47e2-40bb-ab80-99b578d54f3b HTTP/1.1
Host: go1.fere.work
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 08 Apr 2024 20:11:17 GMT
content-type: text/html; charset=utf-8
content-length: 352
content-encoding: gzip
expires: Mon, 03 Jul 2001 06:00:00 GMT
last-modified: Janon, 08 04 2024 20:11:17 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0,post-check=0, pre-check=0
pragma: no-cache
x-backend-server: nl2-go-web-244
X-Firefox-Spdy: h2

go1.fere.work/favicon.ico

217.22.19.197

146 B

URL

go1.fere.work/favicon.ico

IP / ASN

217.22.19.197

#42567 Mojohost B.v.

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen211033

Size146 B (146 bytes)

MD58eec510e57f5f732fd2cce73df7b73ef

SHA13c0af39ecb3753c5fee3b53d063c7286019eac3b

SHA25655f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: go1.fere.work
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go1.fere.work/r.go?r=http://kwanic.com/pkplayhoodau_rea/?srv=playhood&p=jazz&ad=rea&pubid=3277&aff_sub=c4142971-47e2-40bb-ab80-99b578d54f3b
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 08 Apr 2024 20:11:17 GMT
content-type: text/html
content-length: 146
x-backend-server: nl2-go-web-244
X-Firefox-Spdy: h2

GET www.funkyoffer.online/dl/all/offer/sub/video/style.css

94.237.26.82

200 OK

40 kB

URL

www.funkyoffer.online/dl/all/offer/sub/video/style.css

IP / ASN

94.237.26.82

#202053 UpCloud Ltd

Requested byhttps://www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream

Resource Info

File typegzip compressed data, from Unix

First Seen2024-08-20

Last Seen2024-08-20

Times Seen1

Size40 kB (40269 bytes)

MD50c06a8182cb4f9cb2f91f19981895ee2

SHA1d81848db2920efa6ef882b389ccc151550f0a6ab

SHA256f308728507b00432031a8b59fd65deebb2d72aa1399cf47e380e1f58796b0601

Certificate Info

IssuerLet's Encrypt

Subject*.funkyoffer.online

Fingerprint5C:02:79:B5:05:FB:F0:DD:92:FB:AE:82:D9:2B:06:1C:23:F3:5F:3E

ValidityWed, 27 Mar 2024 08:02:57 GMT - Tue, 25 Jun 2024 08:02:56 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dl/all/offer/sub/video/style.css HTTP/1.1
Host: www.funkyoffer.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 08 Apr 2024 20:11:18 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 10:38:01 GMT
vary: Accept-Encoding
etag: W/"660fd489-3fe83"
expires: Tue, 08 Apr 2025 20:11:18 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream

94.237.26.82

200 OK

29 kB

URL

www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream

IP / ASN

94.237.26.82

#202053 UpCloud Ltd

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606810

Size29 kB (29324 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subject*.funkyoffer.online

Fingerprint5C:02:79:B5:05:FB:F0:DD:92:FB:AE:82:D9:2B:06:1C:23:F3:5F:3E

ValidityWed, 27 Mar 2024 08:02:57 GMT - Tue, 25 Jun 2024 08:02:56 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream HTTP/1.1
Host: www.funkyoffer.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Mon, 08 Apr 2024 20:11:18 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET kwanic.com/pkplayhoodau_rea/?srv=playhood

172.67.156.217

302 Found

29 kB

URL

kwanic.com/pkplayhoodau_rea/?srv=playhood

IP / ASN

172.67.156.217

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606810

Size29 kB (29324 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services LLC

Subjectkwanic.com

FingerprintE4:97:60:EA:21:24:33:75:71:AE:E2:FB:83:9B:BD:FA:B4:27:4F:3C

ValidityMon, 19 Feb 2024 23:22:33 GMT - Sun, 19 May 2024 23:22:32 GMT

HTTP Headers

GET /pkplayhoodau_rea/?srv=playhood HTTP/1.1
Host: kwanic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 08 Apr 2024 20:11:17 GMT
content-type: text/html
location: https://12618907bcf5.nobhere.com/?p=23964&media_type=mainstream
x-powered-by: PHP/5.5.38
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lYzNRzyePgRebGXsoHmQFmCDg4gQNccnUkh5gI9nqqlgEomLMQrczdFg9h%2FSrVcJrSeN0663YT4V7w5HUeCmqrqCSX9Njf3tHQszzZ5QwHKonw8LwaoA3thpDEd9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8714e7d95ab8568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 12618907bcf5.nobhere.com/?p=23964&media_type=mainstream

94.237.90.104

302 Found

29 kB

URL

12618907bcf5.nobhere.com/?p=23964&media_type=mainstream

IP / ASN

94.237.90.104

#202053 UpCloud Ltd

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606810

Size29 kB (29324 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectnobhere.com

FingerprintE1:A4:60:85:E9:FD:E7:29:F6:9E:A4:C2:F5:03:F6:1A:88:4D:B1:9F

ValidityFri, 05 Apr 2024 19:57:51 GMT - Thu, 04 Jul 2024 19:57:50 GMT

HTTP Headers

GET /?p=23964&media_type=mainstream HTTP/1.1
Host: 12618907bcf5.nobhere.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 08 Apr 2024 20:11:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: rts-trck=1; expires=Mon, 08 Apr 2024 20:21:18 GMT; Max-Age=600; path=/; domain=12618907bcf5.nobhere.com
t-uuid=62jlwczkec03wyxet1mgwcck0; expires=Sat, 08 Apr 2034 20:11:18 GMT; Max-Age=315532800; path=/; domain=.nobhere.com
rts-trck=1; expires=Mon, 08 Apr 2024 20:21:18 GMT; Max-Age=600; path=/; domain=12618907bcf5.nobhere.com
traffic-visited-domain=funkyoffer.online; expires=Wed, 08 May 2024 20:11:18 GMT; Max-Age=2592000; path=/; domain=.nobhere.com
traffic-back=ok; expires=Mon, 08 Apr 2024 20:11:48 GMT; Max-Age=30; path=/; domain=.nobhere.com
location: https://www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream
X-Firefox-Spdy: h2

GET www.funkyoffer.online/dl/all/offer/sub/video/font.css

94.237.26.82

200 OK

1.0 kB

URL

www.funkyoffer.online/dl/all/offer/sub/video/font.css

IP / ASN

94.237.26.82

#202053 UpCloud Ltd

Requested byhttps://www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream

Resource Info

File typeASCII text, with very long lines (1052), with no line terminators

First Seen2023-10-23

Last Seen2024-10-04

Times Seen76

Size1.0 kB (1031 bytes)

MD5bdf4ad58efd8c7a67df5bf5c698aa26a

SHA16726e13361ecbdc14eba7d1f02ae30903e0ce194

SHA256ee348b108b05b9e9a91a472f3c4937c1ddc264ab23992c6c356879bbfe227837

Certificate Info

IssuerLet's Encrypt

Subject*.funkyoffer.online

Fingerprint5C:02:79:B5:05:FB:F0:DD:92:FB:AE:82:D9:2B:06:1C:23:F3:5F:3E

ValidityWed, 27 Mar 2024 08:02:57 GMT - Tue, 25 Jun 2024 08:02:56 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dl/all/offer/sub/video/font.css HTTP/1.1
Host: www.funkyoffer.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 08 Apr 2024 20:11:18 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 10:38:01 GMT
vary: Accept-Encoding
etag: W/"660fd489-407"
expires: Tue, 08 Apr 2025 20:11:18 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

GET use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css

172.64.207.38

200 OK

30 kB

URL

use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css

IP / ASN

172.64.207.38

#13335 CLOUDFLARENET

Requested byhttps://www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream

Resource Info

File typeASCII text, with very long lines (30343)

First Seen2023-04-05

Last Seen2025-08-02

Times Seen4462

Size30 kB (30344 bytes)

MD536082410df2ef7f83932219089dc1443

SHA17961402d7d01e19387fe609a38454b0bc8c6cca4

SHA2565b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Certificate Info

IssuerCloudflare, Inc.

Subjectuse.fontawesome.com

FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78

ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

HTTP Headers

GET /releases/v4.7.0/css/font-awesome-css.min.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.funkyoffer.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 08 Apr 2024 20:11:18 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"36082410df2ef7f83932219089dc1443"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1464505
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKlhibgVybye0mp5zdhsC2nCXI61z6sdCY8oO7XutHqv20nShwDYM%2FceQMfkc2arwJ9fAjAgLd8CTOn%2FyAdmzp7CrNrRq5BGEIQES0gEIs%2BpM7OKYkDx%2BltlpWns0UP9Ub2qyJfv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8714e7e169574189-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Muli:300,400,700,800

142.250.74.106

200 OK

4.3 kB

URL

fonts.googleapis.com/css?family=Muli:300,400,700,800

IP / ASN

142.250.74.106

#15169 GOOGLE

Requested byhttps://www.funkyoffer.online/dl/all/offer/sub/video/?tid=62jlwczk96ltbh6uf3688kkwo,17414106,5,23964&flow=app&ctrack=1712607078.216405252&p=23964&media_type=mainstream

Resource Info

File typeASCII text, with very long lines (4408), with no line terminators

First Seen2024-02-19

Last Seen2024-10-06

Times Seen121

Size4.3 kB (4312 bytes)

MD5157627e6a6500a7afb22fd8b021455c8

SHA1d5ebccc6e2974a1504e67784c50897c52c24c560

SHA256e9fd212d9fcd2c67db2a10523a1a17b1e795fa343a0859c01b224b970dda766f

Certificate Info

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E

ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

HTTP Headers

GET /css?family=Muli:300,400,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.funkyoffer.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 08 Apr 2024 20:11:18 GMT
date: Mon, 08 Apr 2024 20:11:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2