Report - click.email.thefortunefavor.com/?qs=6b2ea3ff6d6a7c314b169b63cf9ff34b67561c492ad8ec0264c2bb7c2acd9d4f8f5a9dc068e9f64694b5c4673491b0748a6b7ae740598ff6

Report Overview

Submitted URL
click.email.thefortunefavor.com/?qs=6b2ea3ff6d6a7c314b169b63cf9ff34b67561c492ad8ec0264c2bb7c2acd9d4f8f5a9dc068e9f64694b5c4673491b0748a6b7ae740598ff6
IP
128.245.152.51
ASN
#14340 SALESFORCE
Submitted
2024-05-10 13:44:39
Access
public
Website Title
Privacy Policy – The Fortune Favor
Final URL
thefortunefavor.com/index.php/privacy-policy/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
60

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
bind.bestresulttostart.com	unknown	2024-03-04	2024-03-22	2024-04-26	862 B	37 kB	193.163.7.113
api.startservicefounds.com	unknown	2024-02-27	2024-02-27	2024-05-06	422 B	11 kB	45.150.67.235
jquery.restartyourchoices.com	unknown	2024-03-04	2024-05-06	2024-05-08	443 B	12 kB	172.67.185.53
click.email.thefortunefavor.com	unknown	2023-03-13	2023-05-31	2024-04-17	602 B	396 B	128.245.152.51
thefortunefavor.com	unknown	2023-03-13	2023-03-28	2024-03-22	10 kB	584 kB	51.81.201.141
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	1.1 kB	3.1 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	2.1 kB	117 kB	216.58.207.227
js.cdntoswitchspirit.com	unknown	2024-04-29	2024-05-06	2024-05-06	432 B	94 kB	172.67.209.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 13:44:16	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-05-10 13:44:16	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-05-10 13:44:16	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-05-10 13:44:16	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	bestresulttostart.com	Sinkholed
2024-05-10	medium	bestresulttostart.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	cdntoswitchspirit.com	Sinkholed
2024-05-10	medium	bestresulttostart.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	startservicefounds.com	Sinkholed
2024-05-10	medium	bestresulttostart.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-04-02	medium	bind.bestresulttostart.com	Unknown malware
2024-04-02	medium	bind.bestresulttostart.com	Unknown malware

JavaScript (19)

	URL	Size	First Seen	Last Seen
	thefortunefavor.com/wp-includes/js/jquery/jquery.min.js	88 kB	2023-11-03	2024-05-20
Pretty URL thefortunefavor.com/wp-includes/js/jquery/jquery.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26:43 Last Seen2024-05-20 20:48:07 Times Seen49563 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js	15 kB	2024-05-02	2024-05-20
Pretty URL thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 10:14:08 Last Seen2024-05-20 15:06:53 Times Seen37 Hash 5de2a20d5a46388809b0a501126f87dc b5cabce8a888f89c2fe63fd619d47d06a5267128 47dece01ed661572ab893a23cfa868df1074e86378fc3dc2bc534c5610e144b5 Loading...

	thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js	838 B	2023-03-07	2024-05-20
Pretty URL thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:06 Last Seen2024-05-20 19:26:19 Times Seen3927 Hash 49cea0a781874a962879c2caca9bc322 72c1650de2b93ef320d2db873fbb473fe360269c 57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37 Loading...

	unknown	389 B	2024-04-08	2024-05-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-08 14:51:53 Last Seen2024-05-20 15:06:53 Times Seen71 Hash dbf40e5c99cb46a5644d1e593a901858 54cc32aeec025dfe3dc726b8adf730988d01f139 99ab894aeb59d34150f8492c3ec65fb935ad4027e6045a8d9f0ba9ef5540b82f Loading...

	thefortunefavor.com/index.php/privacy-policy/	3.2 kB	2024-05-02	2024-05-20
Pretty URL thefortunefavor.com/index.php/privacy-policy/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 10:14:08 Last Seen2024-05-20 15:06:53 Times Seen17 Hash b5cbf06cdd7d31291a0ae7b33f6af999 4619bcca668de8e35c278c08c9c50cc332159fba c9a65fd43903953256b1028fab5daeda260bfbebb1f85947803e5c37e9dcf92d Loading...

	bind.bestresulttostart.com/scripts/statistics.js	10 kB	2024-04-30	2024-05-20
Pretty URL bind.bestresulttostart.com/scripts/statistics.js IP 193.163.7.113 ASN #204601 Zomro B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 17:38:54 Last Seen2024-05-20 16:35:59 Times Seen165 Hash 9d3a2c5feb7b6810bff5bdd9c6987a11 f96b5c4dcbed5e2abd7edb29dcefd1fb9fb28b4b c97d2621e7e098aab41dfae76dc18919579ef8c1e79dbb27d2172396da956829 Loading...

	thefortunefavor.com/index.php/privacy-policy/	15 kB	2024-03-02	2024-05-20
Pretty URL thefortunefavor.com/index.php/privacy-policy/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 02:19:59 Last Seen2024-05-20 15:06:53 Times Seen176 Hash 81931896525639787120c691a304df8c 0cf873e5d15dc39e750cf6d1d30fe13eba457ab0 41d024224aa7cec2df7b8fa2c82f9a73eaa17ad6f97cf19095b49969b11ed5fe Loading...

	thefortunefavor.com/index.php/privacy-policy/	802 B	2023-03-07	2024-05-20
Pretty URL thefortunefavor.com/index.php/privacy-policy/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:59:33 Last Seen2024-05-20 15:06:53 Times Seen272 Hash 64b75d732662f304c9be6d1ffe54a4cc 783393b78f0111acbde920564682b080500f13ab 5ec0d36782107d3ff6d39da5d848edefb025570a0049628576c4cbf30142c177 Loading...

	thefortunefavor.com/index.php/privacy-policy/	717 B	2024-04-08	2024-05-20
Pretty URL thefortunefavor.com/index.php/privacy-policy/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-08 14:51:53 Last Seen2024-05-20 15:06:53 Times Seen70 Hash 99abe8a98b9a8c5ca15632c9b3bc22bd 3ec7b59ed1ae1a957f145c8aa1a7286b8f389d2a d4592d5f5d479bc507894ec8ab8892b6016d11cd01fb5baa0a8a9ffdf222a882 Loading...

	thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js	174 kB	2023-03-11	2024-05-20
Pretty URL thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:24:35 Last Seen2024-05-20 15:06:53 Times Seen109 Hash df1e571c2e359ec248658d4b23f43567 81ec3eac5acf28cb17d3b72b9fe004c1322973e8 b502364d386c7cec8866d76dcb7c89291bd919d1653ee64958e2078ce8495089 Loading...

	thefortunefavor.com/wp-content/themes/soledad/js/main.js	62 kB	2023-03-11	2024-05-20
Pretty URL thefortunefavor.com/wp-content/themes/soledad/js/main.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:24:35 Last Seen2024-05-20 15:06:53 Times Seen95 Hash 7ece9dc6157754374ea35cb63d002788 85418395dbe054b7e36ce2496d0f8f2524c6fb8e bded3da5a4b99669eb9867ec3d1d1cd11e072a52f497c8ecb79bf435e89a2a28 Loading...

	thefortunefavor.com/wp-content/themes/soledad/js/post-like.js	1.1 kB	2023-03-07	2024-05-20
Pretty URL thefortunefavor.com/wp-content/themes/soledad/js/post-like.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:31 Last Seen2024-05-20 15:06:53 Times Seen324 Hash d0ed44f72c84972b9a0be09fadd87e34 5cf54cfe4e9c3f6eb32d28af9f6a534719dfcfab 012f916c0da7df9f2f60c07ecac0fb5112fca218ae271b22f976aeb4ae811d02 Loading...

	thefortunefavor.com/wp-includes/js/comment-reply.min.js	3.0 kB	2023-03-07	2024-05-20
Pretty URL thefortunefavor.com/wp-includes/js/comment-reply.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-05-20 20:40:35 Times Seen30476 Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2 db36a77f6aaa2063bfbec02c2c0e967438c5a245 e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Loading...

	js.cdntoswitchspirit.com/source/split.js	36 kB	2024-04-30	2024-05-14
Pretty URL js.cdntoswitchspirit.com/source/split.js IP 172.67.209.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 17:38:54 Last Seen2024-05-14 22:24:18 Times Seen425 Hash fe59aea1c787d361c69c43c46a747767 2cc61a29d05db4814718cc60450876419afc5d24 9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816 Loading...

	thefortunefavor.com/index.php/privacy-policy/	280 B	2024-05-10	2024-05-10
Pretty URL thefortunefavor.com/index.php/privacy-policy/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 15:44:40 Last Seen2024-05-10 21:56:39 Times Seen2 Hash 72dab22a7f79ae3eb48fdf576696f645 8112becba10d3fbf21ac7d5ec4af969e63e0eae1 c506d17283922aa57b518d0d2b70e28a0c34d8b69e5a868d9b117015841add26 Loading...

	thefortunefavor.com/index.php/privacy-policy/	275 B	2024-05-10	2024-05-10
Pretty URL thefortunefavor.com/index.php/privacy-policy/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 15:44:41 Last Seen2024-05-10 21:56:39 Times Seen2 Hash 1835d5bc9aa0b0309c25908b6d6752c7 6646464d50a2dcf2aaf5ec83711849a907442ed4 c56fda9ab703866869955113ce3f932ee9033edd46117e43fd32a9b05fc2fd97 Loading...

	thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js	19 kB	2024-03-13	2024-05-20
Pretty URL thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02:37 Last Seen2024-05-20 20:48:07 Times Seen5555 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	api.startservicefounds.com/service/sort.js	10 kB	2024-05-01	2024-05-20
Pretty URL api.startservicefounds.com/service/sort.js IP 45.150.67.235 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 09:32:15 Last Seen2024-05-20 15:06:54 Times Seen153 Hash a4b65fe97c9c98509fb6dcb771694411 1892a394fca0d377fbecd97eee53c7f609862813 d5b3b109f4bc1b1b1c2c326e4ad30780ce6bb1cd4e38c842fb9cc082fda085ec Loading...

	jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com	10 kB	2024-04-30	2024-05-20
Pretty URL jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com IP 172.67.185.53 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 20:44:45 Last Seen2024-05-20 16:35:59 Times Seen528 Hash a670ec3dd6fa757de5d5aab7abddfe59 07efb08354a342ae821e52b60728a31945c95759 a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0 Loading...

HTTP Transactions (32)

URL IP Response Size

click.email.thefortunefavor.com/?qs=6b2ea3ff6d6a7c314b169b63cf9ff34b67561c492ad8ec0264c2bb7c2acd9d4f8f5a9dc068e9f64694b5c4673491b0748a6b7ae740598ff6

128.245.152.51

302 Found

170 B

URL User Request GET HTTP/1.1
click.email.thefortunefavor.com/?qs=6b2ea3ff6d6a7c314b169b63cf9ff34b67561c492ad8ec0264c2bb7c2acd9d4f8f5a9dc068e9f64694b5c4673491b0748a6b7ae740598ff6
IP
128.245.152.51:443
ASN
#14340 SALESFORCE

Certificate
IssuerDigiCert Inc
Subjectclick.email.thefortunefavor.com
FingerprintA1:25:03:96:72:F5:7F:AA:84:81:6F:07:BA:29:92:35:C1:E6:EE:A4
ValidityTue, 16 Apr 2024 00:00:00 GMT - Sat, 17 May 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
170 B (170 bytes)
Hash
56bfc65d58c12bd7d389fbd48c92e82d
b7054006e6871eba57dc390adab05b77f1c71cfa
d4c418345839fa9aefa389553487dce084ddf3292f545b7cd29f08ee91f45f6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?qs=6b2ea3ff6d6a7c314b169b63cf9ff34b67561c492ad8ec0264c2bb7c2acd9d4f8f5a9dc068e9f64694b5c4673491b0748a6b7ae740598ff6 HTTP/1.1
Host: click.email.thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://thefortunefavor.com/index.php/privacy-policy/
Date: Fri, 10 May 2024 13:44:12 GMT
Connection: close
Content-Length: 170

thefortunefavor.com/index.php/privacy-policy/

51.81.201.141

200 OK

24 kB

URL User Request GET HTTP/1.1
thefortunefavor.com/index.php/privacy-policy/
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
HTML document, ASCII text, with very long lines (30024), with CRLF, LF line terminators
Size
24 kB (23612 bytes)
Hash
340d4003ffada805e077fb8545a6b5b8
3173ffd65eb9c9f8b78673f1c2f0075752a3326c
60a82c4a79e07d94d710460a20a7dade024b2aa90af0bbf628a3254cf993b891

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.php/privacy-policy/ HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:13 GMT
Server: Apache
X-LiteSpeed-Tag: 21e_HTTP.200
Link: <https://thefortunefavor.com/index.php/wp-json/>; rel="https://api.w.org/", <https://thefortunefavor.com/index.php/wp-json/wp/v2/pages/3438>; rel="alternate"; type="application/json", <https://thefortunefavor.com/?p=3438>; rel=shortlink
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 23612
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

thefortunefavor.com/wp-includes/css/dist/block-library/style.min.css

51.81.201.141

200 OK

15 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/css/dist/block-library/style.min.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (59701)
Size
15 kB (14991 bytes)
Hash
51a8390b47aa0582cf2d9c96c5addee2
b16a640874025d085c38119a1a02a3460f83f2de
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:14 GMT
Server: Apache
Last-Modified: Wed, 03 Apr 2024 08:49:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 14991
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

fonts.googleapis.com/css?family=Raleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPT+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPlayfair+Display+SC%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap

142.250.74.106

200 OK

2.5 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPT+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPlayfair+Display+SC%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
2.5 kB (2472 bytes)
Hash
c9278a8a6c4c1b0940e535028e6ad680
6d8b48d35b474ea3f2175090541abffb0c8ef9dd
eafb8aa1761c76f0fe80ba74f50748b9cc67679b90fc0ff92daff5cf4c5a96c0

HTTP Headers

GET /css?family=Raleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPT+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPlayfair+Display+SC%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 13:44:14 GMT
date: Fri, 10 May 2024 13:44:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/css/cs-remove-version-number-from-css-js-public.css

51.81.201.141

200 OK

106 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/css/cs-remove-version-number-from-css-js-public.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text
Size
106 B (106 bytes)
Hash
e6094661d8923e95b233019ebff7c8f0
cfd836d385d475baffee45d85cfeb9bb36e70d9e
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cs-remove-version-number-from-css-js/public/css/cs-remove-version-number-from-css-js-public.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:14 GMT
Server: Apache
Last-Modified: Wed, 20 Sep 2023 11:37:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 106
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-includes/js/jquery/jquery.min.js

51.81.201.141

200 OK

30 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/jquery/jquery.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30368 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Wed, 08 Nov 2023 17:01:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 30368
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css

51.81.201.141

200 OK

7.1 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (30855), with CRLF line terminators
Size
7.1 kB (7070 bytes)
Hash
27dc6bf6c0bf71a70f3910eeb2dfe8e7
aeb8553011faafc83939c174836ea021ccffcfa4
582c413cbd7988d2047f667ccda947fcb5b1df3505ff0506fe9fd90188236b1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7070
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-content/themes/soledad/css/weather-icon.swap.css

51.81.201.141

200 OK

471 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/css/weather-icon.swap.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (1218), with CRLF line terminators
Size
471 B (471 bytes)
Hash
62ed523657bd32db433f2451f217a8e5
d90f0fc500c6c787e94c4fee021c6a84fa624950
2ab07a1e0cc7ae9a58af3aec47b945353d1fca8f4f5c1816416c82dfa1cf543b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/css/weather-icon.swap.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 471
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-content/themes/soledad/style.css

51.81.201.141

200 OK

425 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/style.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with CRLF line terminators
Size
425 B (425 bytes)
Hash
94f1ee2e30e2f6522242a1f4d21b8b57
4dde5d3a47f5e7f74d1cf04ecd2747d6412a14e7
323649208b05bbef8b8ae4f36a831272b342b05f0112d41a0f3fd6d33fb9939e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/style.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 425
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-content/themes/soledad/css/penci-icon.css

51.81.201.141

200 OK

1.2 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/css/penci-icon.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (5610), with no line terminators
Size
1.2 kB (1216 bytes)
Hash
f541e761d531c9a6b593132342cbe9db
486e193ae3bc07fc0705a8ab0f0e47d89342ec5f
6ec085016ccde0baf74503229d9f4ba44dd6dba50941274789ce7f5e52b75b51

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/css/penci-icon.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1216
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js

51.81.201.141

200 OK

5.2 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
5.2 kB (5233 bytes)
Hash
5de2a20d5a46388809b0a501126f87dc
b5cabce8a888f89c2fe63fd619d47d06a5267128
47dece01ed661572ab893a23cfa868df1074e86378fc3dc2bc534c5610e144b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Sat, 06 Apr 2024 11:05:40 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 5233
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js

51.81.201.141

200 OK

479 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text
Size
479 B (479 bytes)
Hash
49cea0a781874a962879c2caca9bc322
72c1650de2b93ef320d2db873fbb473fe360269c
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Wed, 20 Sep 2023 11:37:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 479
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/js/post-like.js

51.81.201.141

200 OK

465 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/js/post-like.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with CRLF line terminators
Size
465 B (465 bytes)
Hash
d0ed44f72c84972b9a0be09fadd87e34
5cf54cfe4e9c3f6eb32d28af9f6a534719dfcfab
012f916c0da7df9f2f60c07ecac0fb5112fca218ae271b22f976aeb4ae811d02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/js/post-like.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 465
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/js/main.js

51.81.201.141

200 OK

12 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/js/main.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (479), with CRLF line terminators
Size
12 kB (12381 bytes)
Hash
7ece9dc6157754374ea35cb63d002788
85418395dbe054b7e36ce2496d0f8f2524c6fb8e
bded3da5a4b99669eb9867ec3d1d1cd11e072a52f497c8ecb79bf435e89a2a28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/js/main.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 12381
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-includes/js/comment-reply.min.js

51.81.201.141

200 OK

1.4 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/comment-reply.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (2946)
Size
1.4 kB (1351 bytes)
Hash
492f2c1a7ea7eb83fe42e0ff7cb51aa2
db36a77f6aaa2063bfbec02c2c0e967438c5a245
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/comment-reply.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1351
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/main.css

51.81.201.141

200 OK

102 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/main.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (55616), with CRLF line terminators
Size
102 kB (102220 bytes)
Hash
1acc261569c5cec11d1f9405830487eb
bcd34889124c1bff09c42d814a3fab635df32e3e
b76ea70b21511dc3f590a762d9542426f9792bf5d3e50ac10c8b8d25d5bbb09a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/main.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

thefortunefavor.com/wp-content/uploads/2023/03/the_fortune_favor-1.png

51.81.201.141

200 OK

22 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/uploads/2023/03/the_fortune_favor-1.png
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
PNG image data, 644 x 188, 8-bit/color RGBA, non-interlaced
Size
22 kB (21803 bytes)
Hash
f97e915a7d89b35dd4d81413664ed567
7c22f23e92802f758de6465f32396403e6e23ee3
4613d51b9d453589fc683c83b280a77d67701dbc7704dfc0b726b22f6a4a2371

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/03/the_fortune_favor-1.png HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:50:57 GMT
Accept-Ranges: bytes
Content-Length: 21803
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png

thefortunefavor.com/wp-content/themes/soledad/images/penci-holder.png

51.81.201.141

200 OK

125 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/images/penci-holder.png
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
PNG image data, 6 x 4, 8-bit colormap, non-interlaced
Size
125 B (125 bytes)
Hash
39e5ebeccbad32a5f86755ab32bcb536
28010c803b52aec8f3b68bf5ffef0961996fccac
5afae4fdead31c173a0ae121f7cb84909b3f7729fd7235930f22758f297910f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/images/penci-holder.png HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 126686
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

thefortunefavor.com/wp-content/themes/soledad/fonts/penciicon.ttf

51.81.201.141

200 OK

21 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/fonts/penciicon.ttf
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
TrueType Font data, 11 tables, 1st "GSUB", 16 names, Macintosh, type 1 string, flaticonRegularflaticonflaticonVersion 1.0flaticonGenerated by svg2ttf from Fontello project.htt
Size
21 kB (21311 bytes)
Hash
4c6e308841bc70c7c86a8473f340c7b4
8c580e1197646670370de2cfa11c5e7802f930e6
14d58600f8072475498254d3d389a0522150add829da0f109178137c43286cf5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/fonts/penciicon.ttf HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/wp-content/themes/soledad/css/penci-icon.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:16 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 21311
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/ttf

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 126686
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 126686
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 126686
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js

51.81.201.141

200 OK

5.1 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
5.1 kB (5062 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:16 GMT
Server: Apache
Last-Modified: Wed, 03 Apr 2024 08:49:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 5062
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0

51.81.201.141

200 OK

77 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:16 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Content-Length: 77160
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: font/woff2

thefortunefavor.com/wp-content/uploads/2023/03/Favicon_the_fortune_favor.png

51.81.201.141

200 OK

78 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/uploads/2023/03/Favicon_the_fortune_favor.png
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
Size
78 kB (78494 bytes)
Hash
2056c538d3f269c9d768dc16873e9524
6695d526cafb02deca9e249feb43312cd2c70e20
a474e822725ede4e9c789076a9a9be5a2e54f186b3c5085148d6d9ead0f64946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/03/Favicon_the_fortune_favor.png HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:16 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:51:51 GMT
Accept-Ranges: bytes
Content-Length: 78494
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

js.cdntoswitchspirit.com/source/split.js

172.67.209.227

200 OK

93 kB

URL GET HTTP/3
js.cdntoswitchspirit.com/source/split.js
IP
172.67.209.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectcdntoswitchspirit.com
FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD
ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT

File type
gzip compressed data, from Unix
Size
93 kB (92836 bytes)
Hash
01c8f064af48320d424cd1acfb0bfe9d
5b5ef9af2ba0f77abbc6c7468781afcb19586c44
42b0a059460a0924d48217df96f9b6b47b808806bb223d2d8903bcbb8215406e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 13:44:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 188254
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uzu2jz%2Bdqfa3raUSFMPmRdJmumrvjKBWIRYBpgs6bnl0Nj%2BQN6W%2B4OHmY97YFg9nd75AKxPjWCt0cqIV0Cg6pvEQNd4ysNNKDhpmU9ABWZKmbeiL99QxvAP57JD6PpTHftSdFDH7CBR9hsc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a5cef0bdeb51e-OSL
alt-svc: h3=":443"; ma=86400

bind.bestresulttostart.com/scripts/statistics.js

193.163.7.113

200 OK

26 kB

URL GET HTTP/2
bind.bestresulttostart.com/scripts/statistics.js
IP
193.163.7.113:443
ASN
#204601 Zomro B.V.

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectbestresulttostart.com
FingerprintF4:4C:F5:1D:A8:B6:9F:52:11:56:EC:A1:D7:C6:98:DF:2E:96:E0:4C
ValidityMon, 08 Apr 2024 08:36:22 GMT - Sun, 07 Jul 2024 08:36:21 GMT

File type
gzip compressed data, from Unix
Size
26 kB (26332 bytes)
Hash
33de8a624b9d40d4123f41fe8b1e4505
145d2b8d2b839f1a1ac771901f12c0d02b74bea5
ed6a3c5dd1969520a02620bc8c00287a47fd91e29be5eb350a1a82b0c9adab3f

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/statistics.js HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:44:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:15:36 GMT
vary: Accept-Encoding
etag: W/"66310b18-285b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000;
content-encoding: gzip
X-Firefox-Spdy: h2

thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js

51.81.201.141

200 OK

174 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (25374), with CRLF line terminators
Size
174 kB (173567 bytes)
Hash
df1e571c2e359ec248658d4b23f43567
81ec3eac5acf28cb17d3b72b9fe004c1322973e8
b502364d386c7cec8866d76dcb7c89291bd919d1653ee64958e2078ce8495089

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/js/libs-script.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/privacy-policy/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 13:44:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 47703
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

api.startservicefounds.com/service/sort.js

45.150.67.235

200 OK

10 kB

URL GET HTTP/2
api.startservicefounds.com/service/sort.js
IP
45.150.67.235:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectapi.startservicefounds.com
FingerprintA7:D1:75:3B:3E:DD:CD:0C:40:BE:48:98:D6:ED:B8:31:E6:CA:43:02
ValidityFri, 26 Apr 2024 22:33:59 GMT - Thu, 25 Jul 2024 22:33:58 GMT

File type
JavaScript source, ASCII text, with very long lines (10387), with no line terminators
Size
10 kB (10387 bytes)
Hash
a4b65fe97c9c98509fb6dcb771694411
1892a394fca0d377fbecd97eee53c7f609862813
d5b3b109f4bc1b1b1c2c326e4ad30780ce6bb1cd4e38c842fb9cc082fda085ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service/sort.js HTTP/1.1
Host: api.startservicefounds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:44:16 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 30 Apr 2024 15:10:04 GMT
etag: W/"663109cc-2893"
expires: Mon, 20 May 2024 13:44:16 GMT
cache-control: max-age=864000
access-control-allow-origin: *
strict-transport-security: max-age=31536000;
content-encoding: gzip
X-Firefox-Spdy: h2

jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com

172.67.185.53

200 OK

10 kB

URL GET HTTP/2
jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com
IP
172.67.185.53:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectrestartyourchoices.com
Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6
ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT

File type
JavaScript source, ASCII text, with very long lines (10370)
Size
10 kB (10371 bytes)
Hash
a670ec3dd6fa757de5d5aab7abddfe59
07efb08354a342ae821e52b60728a31945c95759
a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0

HTTP Headers

GET /cdncollect?r1=thefortunefavor.com HTTP/1.1
Host: jquery.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 13:44:16 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: Fri, 10 May 2024 13:44:16 GMT
set-cookie: _subid=376l60jj20pms; expires=Mon, 10 Jun 2024 13:44:16 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxXCI6MTcxNTM0ODY1Nn0sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE3MTUzNDg2NTZ9LFwidGltZVwiOjE3MTUzNDg2NTZ9In0.4h2XMmh-oPb79PRefFhb6id2BI8AdCM6WwsYsbGpHK4; expires=Mon, 19 Sep 2078 03:28:32 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=12cn%2BrZXYIrST2HQQaaOLK4dFJ4lzMAosnb5%2F0D71Bn8lhSvuN9WWEMDEaK%2BabIMIfkm1InRS8hXrxxO43m1vxTECM3CSdy%2BpUFzkoi6elh2F%2F9jsODYpX2k4v6KlEMMtkjEvwlAB%2BJPGrWVlFpQcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881a5ceefb43b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bind.bestresulttostart.com/scripts/statistics.js?s=7.8.2

193.163.7.113

200 OK

10 kB

URL GET HTTP/2
bind.bestresulttostart.com/scripts/statistics.js?s=7.8.2
IP
193.163.7.113:443
ASN
#204601 Zomro B.V.

Requested by
https://thefortunefavor.com/index.php/privacy-policy/
Certificate
IssuerLet's Encrypt
Subjectbestresulttostart.com
FingerprintF4:4C:F5:1D:A8:B6:9F:52:11:56:EC:A1:D7:C6:98:DF:2E:96:E0:4C
ValidityMon, 08 Apr 2024 08:36:22 GMT - Sun, 07 Jul 2024 08:36:21 GMT

File type
JavaScript source, ASCII text, with very long lines (10331), with no line terminators
Size
10 kB (10331 bytes)
Hash
9d3a2c5feb7b6810bff5bdd9c6987a11
f96b5c4dcbed5e2abd7edb29dcefd1fb9fb28b4b
c97d2621e7e098aab41dfae76dc18919579ef8c1e79dbb27d2172396da956829

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/statistics.js?s=7.8.2 HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 13:44:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:15:36 GMT
vary: Accept-Encoding
etag: W/"66310b18-285b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000;
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL