Report - hosting.renderforestsites.com

Report Overview

Visited public
2024-09-30 17:29:14
Tags
URL
hosting.renderforestsites.com
Finishing URL
hosting.renderforestsites.com/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Not found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-29 18:13:43	1.3 kB	3.5 kB	23.33.119.57
hosting.renderforestsites.com	unknown	2018-07-10	2021-09-02 14:39:23	2024-09-20 23:29:00	1.3 kB	5.2 kB	188.114.97.1
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-09-29 18:27:04	464 B	1.7 kB	142.250.74.106
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-29 18:23:13	975 B	2.1 kB	216.58.211.3
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-09-29 18:15:09	1.1 kB	68 kB	216.58.207.227
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-29 18:12:51	1.3 kB	3.5 kB	23.33.119.57
static.rfstat.com	541091	2017-10-16	2017-10-26 20:28:10	2024-09-25 07:13:41	466 B	49 kB	104.26.5.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-30	medium	renderforestsites.com	Sinkholed
2024-09-30	medium	renderforestsites.com	Sinkholed
2024-09-30	medium	renderforestsites.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (18)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d070dea5a1c30c330443d09132734e63
3ca8c0f7cd2afd3a26da8bbe3f8a47c5995294f4
4868faf0cf6c4f9bd0d7db49dcde0b7358890c362d5281a233ab666a702e1741

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4868FAF0CF6C4F9BD0D7DB49DCDE0B7358890C362D5281A233AB666A702E1741"
Last-Modified: Sat, 28 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5222
Expires: Mon, 30 Sep 2024 18:55:51 GMT
Date: Mon, 30 Sep 2024 17:28:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4de9df2391ebcb20b98d8f713f87a5bf
20f1dc2e6e7040b3804d4ee3ec82acea14621f61
c0c02e7516b5c8f47116e156ffec5318764a2a60d1d0692f4c92faece747b6e8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C0C02E7516B5C8F47116E156FFEC5318764A2A60D1D0692F4C92FAECE747B6E8"
Last-Modified: Mon, 30 Sep 2024 11:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5285
Expires: Mon, 30 Sep 2024 18:56:54 GMT
Date: Mon, 30 Sep 2024 17:28:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aae837b7f2ef5de4d66d438798369bcd
fcfbcb8dcd8faf9af9ea780440bc18762f060780
f36f32272995a27c5e8becd123957f0185c784ed591102043179dae02676b3c7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F36F32272995A27C5E8BECD123957F0185C784ED591102043179DAE02676B3C7"
Last-Modified: Mon, 30 Sep 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10459
Expires: Mon, 30 Sep 2024 20:23:08 GMT
Date: Mon, 30 Sep 2024 17:28:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
58904a4fbcfb57844d0914da3af1d8c7
469367b4264860d89f0d683cde706e74b21ec66f
92a694d29fa63c8da404b537d0eaac859796cf351325de5b9cb23010089797cc

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "92A694D29FA63C8DA404B537D0EAAC859796CF351325DE5B9CB23010089797CC"
Last-Modified: Mon, 30 Sep 2024 05:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8093
Expires: Mon, 30 Sep 2024 19:43:42 GMT
Date: Mon, 30 Sep 2024 17:28:49 GMT
Connection: keep-alive

GET hosting.renderforestsites.com/

188.114.97.1

404 Not Found

570 B

URL User Request GET HTTP/1.1
hosting.renderforestsites.com/
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
570 B (570 bytes)
Hash
393f085ca4598a740a704cdbea357dd6
b339bab576ab497ff92e70c0a1f9003b528c7df6
c640ad19b6011a792e8b9d95f13490db9101df3e5b35f348e0982dba94a88b90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: hosting.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 30 Sep 2024 17:28:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 26 Jun 2019 11:47:36 GMT
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-Key: index.html
X-Cache: Error from cloudfront
Via: 1.1 7cf1868252578a35a0e0b87d3129c07c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P3
X-Amz-Cf-Id: T_fjvjOIJxWXW8FiBgR6PCcC5od9-Ho9LBSdneRHLayybcDKeJyEwQ==
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9miDb4thGsee76S2chlX42kjp%2By30iz5oU0yaxESC9QF31l6TH3tiM7OAVXC1evkZ3OLtyA0a5Qje6DW6rhdK%2F1xSiXjfbe4r%2FSvzTwNbQbcztQui6IYXqzk%2Firou8kPruow9HVfwPiE90cHjDujw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8cb5ee830b2196e8-AMS
Content-Encoding: gzip

GET hosting.renderforestsites.com/

188.114.97.1

404 Not Found

963 B

URL User Request GET HTTP/1.1
hosting.renderforestsites.com/
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text
Size
963 B (963 bytes)
Hash
393f085ca4598a740a704cdbea357dd6
b339bab576ab497ff92e70c0a1f9003b528c7df6
c640ad19b6011a792e8b9d95f13490db9101df3e5b35f348e0982dba94a88b90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: hosting.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Mon, 30 Sep 2024 17:28:50 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Wed, 26 Jun 2019 11:47:36 GMT
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-key: index.html
x-cache: Error from cloudfront
via: 1.1 054609fe51831eb8825d39133f1a4c84.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P3
x-amz-cf-id: SXX-1zDWPiRhF6H8zz4bMCggRwWGIKNJeSl5QZPsWYnefOtyo2HSdA==
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KTWcE%2F3pncj13KXYiavfPxR9l6IzbzWKtjgfKPFkbgj8vy71dLR%2BXuY5n4WR8uZRJsiFyQ8qH4%2BddZZE2LVYNSVEdXmRnco2CitXqWPf2CUVPtEBhpUhNayaTG%2FxGO5B3RREi3l6M9Jab7ViJG261Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cb5ee7f9d68b7c6-AMS
content-encoding: br
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Montserrat:400,600&display=swap

142.250.74.106

200 OK

1.0 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Montserrat:400,600&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://hosting.renderforestsites.com/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC6:E8:36:27:AB:3A:34:33:0B:85:2C:D8:6C:0A:74:34:71:6A:F5:62
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
gzip compressed data, max compression
Size
1.0 kB (1038 bytes)
Hash
be156a2c0c9d6b222e758f87ec00f0de
fc9e5ba978a0f71d5276c38577263461542dd877
43dd8b9bd99e717cfaa3ea1613a38fa96c2f2ec990b2e2b7c36ca2e9db9840f4

HTTP Headers

GET /css?family=Montserrat:400,600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hosting.renderforestsites.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 30 Sep 2024 17:28:50 GMT
date: Mon, 30 Sep 2024 17:28:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

216.58.211.3

472 B

URL
o.pki.goog/wr2
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
00cd5141e171045b541e0afe9bef099f
d98ecdf0cd929c533bb53c9b301b001fc9217cf8
88b919805a8b2e603cb141d0f0303c8b67b6704f721315911d73d4440c0b1948

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Sep 2024 17:28:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

216.58.211.3

472 B

URL
o.pki.goog/wr2
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
00cd5141e171045b541e0afe9bef099f
d98ecdf0cd929c533bb53c9b301b001fc9217cf8
88b919805a8b2e603cb141d0f0303c8b67b6704f721315911d73d4440c0b1948

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Sep 2024 17:28:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://hosting.renderforestsites.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hosting.renderforestsites.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Sep 2024 11:20:50 GMT
expires: Fri, 26 Sep 2025 11:20:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 367681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://hosting.renderforestsites.com/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://hosting.renderforestsites.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Sep 2024 11:20:50 GMT
expires: Fri, 26 Sep 2025 11:20:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 367681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

216.58.211.3

472 B

URL
o.pki.goog/wr2
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
00cd5141e171045b541e0afe9bef099f
d98ecdf0cd929c533bb53c9b301b001fc9217cf8
88b919805a8b2e603cb141d0f0303c8b67b6704f721315911d73d4440c0b1948

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Sep 2024 17:28:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET hosting.renderforestsites.com/favicon.ico

188.114.97.1

404 Not Found

564 B

URL GET HTTP/1.1
hosting.renderforestsites.com/favicon.ico
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://hosting.renderforestsites.com/

File type
HTML document, ASCII text
Size
564 B (564 bytes)
Hash
393f085ca4598a740a704cdbea357dd6
b339bab576ab497ff92e70c0a1f9003b528c7df6
c640ad19b6011a792e8b9d95f13490db9101df3e5b35f348e0982dba94a88b90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hosting.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://hosting.renderforestsites.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Mon, 30 Sep 2024 17:28:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 26 Jun 2019 11:47:36 GMT
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-Key: favicon.ico
X-Cache: Error from cloudfront
Via: 1.1 e07bd6386c24c4e98bde2dc8881304ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P3
X-Amz-Cf-Id: fXDL28rfn8mtXL0VN12oEIiGr1HUVfKPRNAUYXYmjo1rwqmh1vZ69Q==
Cache-Control: max-age=2678400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2BeStq7lY%2BxKwyvmrF%2BmDj3l2rpRaihB41X7%2FOqN%2Fg2VmMLZpQ%2Fh17j9NEHPwwO1UKXTYzu%2BqlaGTOdTGtF9S4IlyVsipxz5KlSp5%2FzjvKnyRWLhDoXqY400uGMeKWJFqvGHtELaV%2B5Jd9zWKG8U5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Speculation-Rules: "/cdn-cgi/speculation"
Server: cloudflare
CF-RAY: 8cb5ee86bacc96e8-AMS
Content-Encoding: gzip

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d192ec04f2d316363a9a18fa6060462
3fbd851b538e3ae156719d6a8b5b80e22f1fb688
1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859"
Last-Modified: Mon, 30 Sep 2024 12:13:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7873
Expires: Mon, 30 Sep 2024 19:40:04 GMT
Date: Mon, 30 Sep 2024 17:28:51 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d192ec04f2d316363a9a18fa6060462
3fbd851b538e3ae156719d6a8b5b80e22f1fb688
1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859"
Last-Modified: Mon, 30 Sep 2024 12:13:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7873
Expires: Mon, 30 Sep 2024 19:40:04 GMT
Date: Mon, 30 Sep 2024 17:28:51 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d192ec04f2d316363a9a18fa6060462
3fbd851b538e3ae156719d6a8b5b80e22f1fb688
1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859"
Last-Modified: Mon, 30 Sep 2024 12:13:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7873
Expires: Mon, 30 Sep 2024 19:40:04 GMT
Date: Mon, 30 Sep 2024 17:28:51 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d192ec04f2d316363a9a18fa6060462
3fbd851b538e3ae156719d6a8b5b80e22f1fb688
1dc27b3b9dc1a54ab241754a564e5c9d2117944a825e6e75d1fea7a68d9d9859

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1DC27B3B9DC1A54AB241754A564E5C9D2117944A825E6E75D1FEA7A68D9D9859"
Last-Modified: Mon, 30 Sep 2024 12:13:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7873
Expires: Mon, 30 Sep 2024 19:40:04 GMT
Date: Mon, 30 Sep 2024 17:28:51 GMT
Connection: keep-alive

GET static.rfstat.com/static/error-pages/rendy-not-found.svg

104.26.5.228

200 OK

48 kB

URL GET HTTP/2
static.rfstat.com/static/error-pages/rendy-not-found.svg
IP
104.26.5.228:443
ASN
#13335 CLOUDFLARENET

Requested by
http://hosting.renderforestsites.com/
Certificate
IssuerGoogle Trust Services
Subjectrfstat.com
FingerprintED:02:ED:85:DB:D1:71:97:46:A7:74:F6:7A:F1:C8:10:75:6A:31:56
ValidityMon, 16 Sep 2024 03:01:38 GMT - Sun, 15 Dec 2024 03:01:37 GMT

File type
SVG Scalable Vector Graphics image
Size
48 kB (48389 bytes)
Hash
277b0b742e865ee5506e47078b5432de
bb37f2d6eb683dcc683ace3d548d6920ebcb7f87
928d9ffeee8228c7e9e7476694f04363d38e3b58f2183f35d3bc75fb4ffbd221

HTTP Headers

GET /static/error-pages/rendy-not-found.svg HTTP/1.1
Host: static.rfstat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://hosting.renderforestsites.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 30 Sep 2024 17:28:51 GMT
content-type: image/svg+xml
last-modified: Wed, 26 Jun 2019 06:55:22 GMT
etag: W/"277b0b742e865ee5506e47078b5432de"
cache-control: public, max-age=31536000
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pQpjUlc08fEUI0x-zXlDkLlZCt1aS1Azn-kKhNEB7qfGmDh52Z_kMA==
age: 115867
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zMbwiiup5N2XeC6qsCGRR4%2BmkTmhCADq223BhEJ%2ByebSIUWNoJ5T654AJArUGfvmEcjTQDtuU83Z8%2B3BFCRJ2kqtsegNietyBQFVR3VCrH6soxHQQIw5lVbhDcNEFNaI8lKZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8cb5ee875dcd1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (18)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash