Report - click.email.thefortunefavor.com/?qs=41f97860efebc0e3b0c3c471256bf6b5ad8ebd5d8de158e5d18d27f3aff3de2b1ca45759ac681502f414cadbb853000bd4f18bdcbe23a133

Report Overview

Submitted URL
click.email.thefortunefavor.com/?qs=41f97860efebc0e3b0c3c471256bf6b5ad8ebd5d8de158e5d18d27f3aff3de2b1ca45759ac681502f414cadbb853000bd4f18bdcbe23a133
IP
128.245.152.51
ASN
#14340 SALESFORCE
Submitted
2024-05-10 19:56:38
Access
public
Website Title
Terms & Conditions – The Fortune Favor
Final URL
thefortunefavor.com/index.php/terms-and-conditions/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
64

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
js.cdntoswitchspirit.com	unknown	2024-04-29	2024-05-06	2024-05-06	840 B	74 kB	172.67.209.227
click.email.thefortunefavor.com	unknown	2023-03-13	2023-05-31	2024-04-17	602 B	408 B	128.245.152.51
thefortunefavor.com	unknown	2023-03-13	2023-03-28	2024-03-22	11 kB	536 kB	51.81.201.141
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	1.1 kB	3.1 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-10	2.1 kB	117 kB	216.58.207.227
bind.bestresulttostart.com	unknown	2024-03-04	2024-03-22	2024-04-26	864 B	21 kB	193.163.7.113
api.startservicefounds.com	unknown	2024-02-27	2024-02-27	2024-05-06	422 B	11 kB	45.150.67.235
jquery.restartyourchoices.com	unknown	2024-03-04	2024-05-06	2024-05-08	443 B	12 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 19:56:15	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-05-10 19:56:15	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-05-10 19:56:15	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-05-10 19:56:15	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	bestresulttostart.com	Sinkholed
2024-05-10	medium	bestresulttostart.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	thefortunefavor.com	Sinkholed
2024-05-10	medium	bestresulttostart.com	Sinkholed
2024-05-10	medium	startservicefounds.com	Sinkholed
2024-05-10	medium	cdntoswitchspirit.com	Sinkholed
2024-05-10	medium	bestresulttostart.com	Sinkholed
2024-05-10	medium	cdntoswitchspirit.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-04-02	medium	bind.bestresulttostart.com	Unknown malware
2024-04-02	medium	bind.bestresulttostart.com	Unknown malware

JavaScript (20)

	URL	Size	First Seen	Last Seen
	bind.bestresulttostart.com/scripts/statistics.js	10 kB	2024-04-30	2024-05-23
Pretty URL bind.bestresulttostart.com/scripts/statistics.js IP 193.163.7.113 ASN #204601 Zomro B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 17:38:54 Last Seen2024-05-23 04:37:31 Times Seen180 Hash 9d3a2c5feb7b6810bff5bdd9c6987a11 f96b5c4dcbed5e2abd7edb29dcefd1fb9fb28b4b c97d2621e7e098aab41dfae76dc18919579ef8c1e79dbb27d2172396da956829 Loading...

	js.cdntoswitchspirit.com/source/split.js	36 kB	2024-04-30	2024-05-14
Pretty URL js.cdntoswitchspirit.com/source/split.js IP 172.67.209.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 17:38:54 Last Seen2024-05-14 22:24:18 Times Seen425 Hash fe59aea1c787d361c69c43c46a747767 2cc61a29d05db4814718cc60450876419afc5d24 9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816 Loading...

	thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js	174 kB	2023-03-11	2024-05-23
Pretty URL thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:24:35 Last Seen2024-05-23 04:37:31 Times Seen115 Hash df1e571c2e359ec248658d4b23f43567 81ec3eac5acf28cb17d3b72b9fe004c1322973e8 b502364d386c7cec8866d76dcb7c89291bd919d1653ee64958e2078ce8495089 Loading...

	thefortunefavor.com/wp-content/themes/soledad/js/post-like.js	1.1 kB	2023-03-07	2024-05-23
Pretty URL thefortunefavor.com/wp-content/themes/soledad/js/post-like.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:03:31 Last Seen2024-05-23 04:37:31 Times Seen330 Hash d0ed44f72c84972b9a0be09fadd87e34 5cf54cfe4e9c3f6eb32d28af9f6a534719dfcfab 012f916c0da7df9f2f60c07ecac0fb5112fca218ae271b22f976aeb4ae811d02 Loading...

	thefortunefavor.com/wp-includes/js/comment-reply.min.js	3.0 kB	2023-03-07	2024-05-23
Pretty URL thefortunefavor.com/wp-includes/js/comment-reply.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-05-23 05:53:47 Times Seen30551 Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2 db36a77f6aaa2063bfbec02c2c0e967438c5a245 e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Loading...

	thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js	19 kB	2024-03-13	2024-05-23
Pretty URL thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02:37 Last Seen2024-05-23 05:32:40 Times Seen6160 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js	15 kB	2024-05-02	2024-05-23
Pretty URL thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 10:14:08 Last Seen2024-05-23 04:37:31 Times Seen43 Hash 5de2a20d5a46388809b0a501126f87dc b5cabce8a888f89c2fe63fd619d47d06a5267128 47dece01ed661572ab893a23cfa868df1074e86378fc3dc2bc534c5610e144b5 Loading...

	thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js	838 B	2023-03-07	2024-05-23
Pretty URL thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:06 Last Seen2024-05-23 04:37:31 Times Seen3941 Hash 49cea0a781874a962879c2caca9bc322 72c1650de2b93ef320d2db873fbb473fe360269c 57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37 Loading...

	thefortunefavor.com/index.php/terms-and-conditions/	3.2 kB	2024-05-02	2024-05-23
Pretty URL thefortunefavor.com/index.php/terms-and-conditions/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 10:14:08 Last Seen2024-05-23 04:37:31 Times Seen20 Hash b5cbf06cdd7d31291a0ae7b33f6af999 4619bcca668de8e35c278c08c9c50cc332159fba c9a65fd43903953256b1028fab5daeda260bfbebb1f85947803e5c37e9dcf92d Loading...

	thefortunefavor.com/wp-includes/js/jquery/jquery.min.js	88 kB	2023-11-03	2024-05-23
Pretty URL thefortunefavor.com/wp-includes/js/jquery/jquery.min.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26:43 Last Seen2024-05-23 05:53:48 Times Seen50785 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	thefortunefavor.com/index.php/terms-and-conditions/	15 kB	2024-03-02	2024-05-23
Pretty URL thefortunefavor.com/index.php/terms-and-conditions/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 02:19:59 Last Seen2024-05-23 04:37:31 Times Seen182 Hash 81931896525639787120c691a304df8c 0cf873e5d15dc39e750cf6d1d30fe13eba457ab0 41d024224aa7cec2df7b8fa2c82f9a73eaa17ad6f97cf19095b49969b11ed5fe Loading...

	thefortunefavor.com/index.php/terms-and-conditions/	802 B	2023-03-07	2024-05-23
Pretty URL thefortunefavor.com/index.php/terms-and-conditions/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:59:33 Last Seen2024-05-23 04:37:31 Times Seen276 Hash 64b75d732662f304c9be6d1ffe54a4cc 783393b78f0111acbde920564682b080500f13ab 5ec0d36782107d3ff6d39da5d848edefb025570a0049628576c4cbf30142c177 Loading...

	unknown	389 B	2024-04-08	2024-05-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-08 14:51:53 Last Seen2024-05-23 04:37:31 Times Seen74 Hash dbf40e5c99cb46a5644d1e593a901858 54cc32aeec025dfe3dc726b8adf730988d01f139 99ab894aeb59d34150f8492c3ec65fb935ad4027e6045a8d9f0ba9ef5540b82f Loading...

	thefortunefavor.com/wp-content/themes/soledad/js/main.js	62 kB	2023-03-11	2024-05-23
Pretty URL thefortunefavor.com/wp-content/themes/soledad/js/main.js IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 09:24:35 Last Seen2024-05-23 04:37:31 Times Seen101 Hash 7ece9dc6157754374ea35cb63d002788 85418395dbe054b7e36ce2496d0f8f2524c6fb8e bded3da5a4b99669eb9867ec3d1d1cd11e072a52f497c8ecb79bf435e89a2a28 Loading...

	api.startservicefounds.com/service/sort.js	10 kB	2024-05-01	2024-05-23
Pretty URL api.startservicefounds.com/service/sort.js IP 45.150.67.235 ASN #44477 Stark Industries Solutions Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 09:32:15 Last Seen2024-05-23 04:37:31 Times Seen164 Hash a4b65fe97c9c98509fb6dcb771694411 1892a394fca0d377fbecd97eee53c7f609862813 d5b3b109f4bc1b1b1c2c326e4ad30780ce6bb1cd4e38c842fb9cc082fda085ec Loading...

	jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com	10 kB	2024-04-30	2024-05-23
Pretty URL jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-30 20:44:45 Last Seen2024-05-23 04:37:31 Times Seen549 Hash a670ec3dd6fa757de5d5aab7abddfe59 07efb08354a342ae821e52b60728a31945c95759 a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0 Loading...

	thefortunefavor.com/index.php/terms-and-conditions/	717 B	2024-04-08	2024-05-23
Pretty URL thefortunefavor.com/index.php/terms-and-conditions/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-08 14:51:53 Last Seen2024-05-23 04:37:31 Times Seen73 Hash 99abe8a98b9a8c5ca15632c9b3bc22bd 3ec7b59ed1ae1a957f145c8aa1a7286b8f389d2a d4592d5f5d479bc507894ec8ab8892b6016d11cd01fb5baa0a8a9ffdf222a882 Loading...

	thefortunefavor.com/index.php/terms-and-conditions/	280 B	2024-05-10	2024-05-10
Pretty URL thefortunefavor.com/index.php/terms-and-conditions/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 15:44:40 Last Seen2024-05-10 21:56:39 Times Seen2 Hash 72dab22a7f79ae3eb48fdf576696f645 8112becba10d3fbf21ac7d5ec4af969e63e0eae1 c506d17283922aa57b518d0d2b70e28a0c34d8b69e5a868d9b117015841add26 Loading...

	thefortunefavor.com/index.php/terms-and-conditions/	275 B	2024-05-10	2024-05-10
Pretty URL thefortunefavor.com/index.php/terms-and-conditions/ IP 51.81.201.141 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 15:44:41 Last Seen2024-05-10 21:56:39 Times Seen2 Hash 1835d5bc9aa0b0309c25908b6d6752c7 6646464d50a2dcf2aaf5ec83711849a907442ed4 c56fda9ab703866869955113ce3f932ee9033edd46117e43fd32a9b05fc2fd97 Loading...

		Size	First Seen	Last Seen
	#1 Eval - e107c42e9c4c80175dc1980105298f97	165 B	2024-04-06	2024-05-23
Pretty Observations First Seen2024-04-06 15:27:35 Last Seen2024-05-23 04:37:31 Times Seen137 Hash e107c42e9c4c80175dc1980105298f97 cce1c68cd7e445fea363c23ac1375fda49d40f89 4cb6f8695c51fdbbc4e5b784c3e8d96eba2e4657c71b9f7a638fad14eee5b906 Loading...

HTTP Transactions (34)

URL IP Response Size

click.email.thefortunefavor.com/?qs=41f97860efebc0e3b0c3c471256bf6b5ad8ebd5d8de158e5d18d27f3aff3de2b1ca45759ac681502f414cadbb853000bd4f18bdcbe23a133

128.245.152.51

302 Found

176 B

URL User Request GET HTTP/1.1
click.email.thefortunefavor.com/?qs=41f97860efebc0e3b0c3c471256bf6b5ad8ebd5d8de158e5d18d27f3aff3de2b1ca45759ac681502f414cadbb853000bd4f18bdcbe23a133
IP
128.245.152.51:443
ASN
#14340 SALESFORCE

Certificate
IssuerDigiCert Inc
Subjectclick.email.thefortunefavor.com
FingerprintA1:25:03:96:72:F5:7F:AA:84:81:6F:07:BA:29:92:35:C1:E6:EE:A4
ValidityTue, 16 Apr 2024 00:00:00 GMT - Sat, 17 May 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
176 B (176 bytes)
Hash
9e409c362463db94bb898cce5672bbd3
f5c7cd2210ef0487323f3b842b2a87f0d259bbb2
d04b32899fa1e80e26fd4acd9bc75cedb6f1e45552ed7d86d8f80368408e8da4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?qs=41f97860efebc0e3b0c3c471256bf6b5ad8ebd5d8de158e5d18d27f3aff3de2b1ca45759ac681502f414cadbb853000bd4f18bdcbe23a133 HTTP/1.1
Host: click.email.thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://thefortunefavor.com/index.php/terms-and-conditions/
Date: Fri, 10 May 2024 19:56:11 GMT
Connection: close
Content-Length: 176

thefortunefavor.com/index.php/terms-and-conditions/

51.81.201.141

200 OK

22 kB

URL User Request GET HTTP/1.1
thefortunefavor.com/index.php/terms-and-conditions/
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
HTML document, ASCII text, with very long lines (29997), with CRLF, LF line terminators
Size
22 kB (22302 bytes)
Hash
4c109312ab5e36c4bba6c5766d97edc3
c05daec07806db2d0bb5876eda91d30555765068
7421832543e39400e0a295eacf9dbfa37c7b79eef73aaf64907d00930b0066d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.php/terms-and-conditions/ HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:12 GMT
Server: Apache
X-LiteSpeed-Tag: 21e_HTTP.200
Link: <https://thefortunefavor.com/index.php/wp-json/>; rel="https://api.w.org/", <https://thefortunefavor.com/index.php/wp-json/wp/v2/pages/3439>; rel="alternate"; type="application/json", <https://thefortunefavor.com/?p=3439>; rel=shortlink
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 22302
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

thefortunefavor.com/wp-includes/css/dist/block-library/style.min.css

51.81.201.141

200 OK

15 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/css/dist/block-library/style.min.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (59701)
Size
15 kB (14991 bytes)
Hash
51a8390b47aa0582cf2d9c96c5addee2
b16a640874025d085c38119a1a02a3460f83f2de
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Wed, 03 Apr 2024 08:49:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 14991
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

fonts.googleapis.com/css?family=Raleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPT+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPlayfair+Display+SC%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap

142.250.74.106

200 OK

2.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPT+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPlayfair+Display+SC%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
2.4 kB (2440 bytes)
Hash
9f5f21603dc2ed6a26a92d1a0e77aade
1cda2171e579ed1e180d125c167cb121d33798cf
b49dcbf4c2d007477948a901d3278684860457663766086550925889002a7d87

HTTP Headers

GET /css?family=Raleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPT+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CPlayfair+Display+SC%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7CMontserrat%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 19:56:14 GMT
date: Fri, 10 May 2024 19:56:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

thefortunefavor.com/wp-content/themes/soledad/style.css

51.81.201.141

200 OK

425 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/style.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with CRLF line terminators
Size
425 B (425 bytes)
Hash
94f1ee2e30e2f6522242a1f4d21b8b57
4dde5d3a47f5e7f74d1cf04ecd2747d6412a14e7
323649208b05bbef8b8ae4f36a831272b342b05f0112d41a0f3fd6d33fb9939e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/style.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 425
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/css/cs-remove-version-number-from-css-js-public.css

51.81.201.141

200 OK

106 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/css/cs-remove-version-number-from-css-js-public.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text
Size
106 B (106 bytes)
Hash
e6094661d8923e95b233019ebff7c8f0
cfd836d385d475baffee45d85cfeb9bb36e70d9e
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cs-remove-version-number-from-css-js/public/css/cs-remove-version-number-from-css-js-public.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Wed, 20 Sep 2023 11:37:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 106
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-content/themes/soledad/css/weather-icon.swap.css

51.81.201.141

200 OK

471 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/css/weather-icon.swap.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (1218), with CRLF line terminators
Size
471 B (471 bytes)
Hash
62ed523657bd32db433f2451f217a8e5
d90f0fc500c6c787e94c4fee021c6a84fa624950
2ab07a1e0cc7ae9a58af3aec47b945353d1fca8f4f5c1816416c82dfa1cf543b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/css/weather-icon.swap.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 471
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css

51.81.201.141

200 OK

7.1 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (30855), with CRLF line terminators
Size
7.1 kB (7070 bytes)
Hash
27dc6bf6c0bf71a70f3910eeb2dfe8e7
aeb8553011faafc83939c174836ea021ccffcfa4
582c413cbd7988d2047f667ccda947fcb5b1df3505ff0506fe9fd90188236b1b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7070
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-content/themes/soledad/css/penci-icon.css

51.81.201.141

200 OK

1.2 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/css/penci-icon.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (5610), with no line terminators
Size
1.2 kB (1216 bytes)
Hash
f541e761d531c9a6b593132342cbe9db
486e193ae3bc07fc0705a8ab0f0e47d89342ec5f
6ec085016ccde0baf74503229d9f4ba44dd6dba50941274789ce7f5e52b75b51

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/css/penci-icon.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1216
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

thefortunefavor.com/wp-includes/js/jquery/jquery.min.js

51.81.201.141

200 OK

30 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/jquery/jquery.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
30 kB (30368 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Wed, 08 Nov 2023 17:01:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 30368
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js

51.81.201.141

200 OK

5.2 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/jquery/jquery-migrate.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
5.2 kB (5233 bytes)
Hash
5de2a20d5a46388809b0a501126f87dc
b5cabce8a888f89c2fe63fd619d47d06a5267128
47dece01ed661572ab893a23cfa868df1074e86378fc3dc2bc534c5610e144b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Sat, 06 Apr 2024 11:05:40 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 5233
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js

51.81.201.141

200 OK

479 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text
Size
479 B (479 bytes)
Hash
49cea0a781874a962879c2caca9bc322
72c1650de2b93ef320d2db873fbb473fe360269c
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/cs-remove-version-number-from-css-js/public/js/cs-remove-version-number-from-css-js-public.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Wed, 20 Sep 2023 11:37:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 479
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/js/main.js

51.81.201.141

200 OK

12 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/js/main.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (479), with CRLF line terminators
Size
12 kB (12381 bytes)
Hash
7ece9dc6157754374ea35cb63d002788
85418395dbe054b7e36ce2496d0f8f2524c6fb8e
bded3da5a4b99669eb9867ec3d1d1cd11e072a52f497c8ecb79bf435e89a2a28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/js/main.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 12381
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/js/post-like.js

51.81.201.141

200 OK

465 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/js/post-like.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with CRLF line terminators
Size
465 B (465 bytes)
Hash
d0ed44f72c84972b9a0be09fadd87e34
5cf54cfe4e9c3f6eb32d28af9f6a534719dfcfab
012f916c0da7df9f2f60c07ecac0fb5112fca218ae271b22f976aeb4ae811d02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/js/post-like.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 465
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-includes/js/comment-reply.min.js

51.81.201.141

200 OK

1.4 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/comment-reply.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (2946)
Size
1.4 kB (1351 bytes)
Hash
492f2c1a7ea7eb83fe42e0ff7cb51aa2
db36a77f6aaa2063bfbec02c2c0e967438c5a245
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/comment-reply.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:15 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1351
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js

51.81.201.141

200 OK

48 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/js/libs-script.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (25374), with CRLF line terminators
Size
48 kB (47703 bytes)
Hash
df1e571c2e359ec248658d4b23f43567
81ec3eac5acf28cb17d3b72b9fe004c1322973e8
b502364d386c7cec8866d76dcb7c89291bd919d1653ee64958e2078ce8495089

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/js/libs-script.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 47703
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/main.css

51.81.201.141

200 OK

102 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/main.css
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
ASCII text, with very long lines (55616), with CRLF line terminators
Size
102 kB (102220 bytes)
Hash
1acc261569c5cec11d1f9405830487eb
bcd34889124c1bff09c42d814a3fab635df32e3e
b76ea70b21511dc3f590a762d9542426f9792bf5d3e50ac10c8b8d25d5bbb09a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/main.css HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:14 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css

thefortunefavor.com/wp-content/uploads/2023/03/the_fortune_favor-1.png

51.81.201.141

200 OK

22 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/uploads/2023/03/the_fortune_favor-1.png
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
PNG image data, 644 x 188, 8-bit/color RGBA, non-interlaced
Size
22 kB (21803 bytes)
Hash
f97e915a7d89b35dd4d81413664ed567
7c22f23e92802f758de6465f32396403e6e23ee3
4613d51b9d453589fc683c83b280a77d67701dbc7704dfc0b726b22f6a4a2371

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/03/the_fortune_favor-1.png HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:50:57 GMT
Accept-Ranges: bytes
Content-Length: 21803
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

thefortunefavor.com/wp-content/themes/soledad/images/penci-holder.png

51.81.201.141

200 OK

125 B

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/images/penci-holder.png
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
PNG image data, 6 x 4, 8-bit colormap, non-interlaced
Size
125 B (125 bytes)
Hash
39e5ebeccbad32a5f86755ab32bcb536
28010c803b52aec8f3b68bf5ffef0961996fccac
5afae4fdead31c173a0ae121f7cb84909b3f7729fd7235930f22758f297910f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/images/penci-holder.png HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Content-Length: 125
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 149005
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 149005
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 149005
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28512, version 1.0
Size
28 kB (28512 bytes)
Hash
16cba75f4b9969077ff30bea2f494e12
71b32a3bbcc6157da9d52accf124660a3cfc66dc
241ced7f220982f5679a64cc6db34ed42cd21274508cc5814616d9efe374afde

HTTP Headers

GET /s/oswald/v53/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thefortunefavor.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28512
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 May 2024 02:32:50 GMT
expires: Fri, 09 May 2025 02:32:50 GMT
cache-control: public, max-age=31536000
age: 149005
last-modified: Tue, 15 Aug 2023 18:44:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

thefortunefavor.com/wp-content/themes/soledad/fonts/penciicon.ttf

51.81.201.141

200 OK

21 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/fonts/penciicon.ttf
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
TrueType Font data, 11 tables, 1st "GSUB", 16 names, Macintosh, type 1 string, flaticonRegularflaticonflaticonVersion 1.0flaticonGenerated by svg2ttf from Fontello project.htt
Size
21 kB (21311 bytes)
Hash
4c6e308841bc70c7c86a8473f340c7b4
8c580e1197646670370de2cfa11c5e7802f930e6
14d58600f8072475498254d3d389a0522150add829da0f109178137c43286cf5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/fonts/penciicon.ttf HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/wp-content/themes/soledad/css/penci-icon.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 21311
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/ttf

thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js

51.81.201.141

200 OK

5.1 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-includes/js/wp-emoji-release.min.js
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
5.1 kB (5062 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:15 GMT
Server: Apache
Last-Modified: Wed, 03 Apr 2024 08:49:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 5062
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/javascript

thefortunefavor.com/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0

51.81.201.141

200 OK

77 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:15 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:07:13 GMT
Accept-Ranges: bytes
Content-Length: 77160
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: font/woff2

thefortunefavor.com/wp-content/uploads/2023/03/Favicon_the_fortune_favor.png

51.81.201.141

200 OK

78 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/uploads/2023/03/Favicon_the_fortune_favor.png
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
Size
78 kB (78494 bytes)
Hash
2056c538d3f269c9d768dc16873e9524
6695d526cafb02deca9e249feb43312cd2c70e20
a474e822725ede4e9c789076a9a9be5a2e54f186b3c5085148d6d9ead0f64946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/03/Favicon_the_fortune_favor.png HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:16 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:51:51 GMT
Accept-Ranges: bytes
Content-Length: 78494
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

thefortunefavor.com/wp-content/uploads/2023/03/Favicon_the_fortune_favor.png

51.81.201.141

200 OK

78 kB

URL GET HTTP/1.1
thefortunefavor.com/wp-content/uploads/2023/03/Favicon_the_fortune_favor.png
IP
51.81.201.141:443
ASN
#16276 OVH SAS

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectthefortunefavor.com
FingerprintFC:7B:E1:81:14:2E:1D:41:1A:2B:9A:B0:F8:76:A0:70:26:14:A7:0D
ValidityThu, 21 Mar 2024 00:06:17 GMT - Wed, 19 Jun 2024 00:06:16 GMT

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
Size
78 kB (78494 bytes)
Hash
2056c538d3f269c9d768dc16873e9524
6695d526cafb02deca9e249feb43312cd2c70e20
a474e822725ede4e9c789076a9a9be5a2e54f186b3c5085148d6d9ead0f64946

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2023/03/Favicon_the_fortune_favor.png HTTP/1.1
Host: thefortunefavor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/index.php/terms-and-conditions/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 May 2024 19:56:16 GMT
Server: Apache
Last-Modified: Tue, 28 Mar 2023 12:51:51 GMT
Accept-Ranges: bytes
Content-Length: 78494
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

bind.bestresulttostart.com/scripts/statistics.js

193.163.7.113

200 OK

10 kB

URL GET HTTP/2
bind.bestresulttostart.com/scripts/statistics.js
IP
193.163.7.113:443
ASN
#204601 Zomro B.V.

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectbestresulttostart.com
FingerprintF4:4C:F5:1D:A8:B6:9F:52:11:56:EC:A1:D7:C6:98:DF:2E:96:E0:4C
ValidityMon, 08 Apr 2024 08:36:22 GMT - Sun, 07 Jul 2024 08:36:21 GMT

File type
JavaScript source, ASCII text, with very long lines (10331), with no line terminators
Size
10 kB (10331 bytes)
Hash
9d3a2c5feb7b6810bff5bdd9c6987a11
f96b5c4dcbed5e2abd7edb29dcefd1fb9fb28b4b
c97d2621e7e098aab41dfae76dc18919579ef8c1e79dbb27d2172396da956829

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/statistics.js HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:56:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:15:36 GMT
vary: Accept-Encoding
etag: W/"66310b18-285b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000;
content-encoding: gzip
X-Firefox-Spdy: h2

api.startservicefounds.com/service/sort.js

45.150.67.235

200 OK

10 kB

URL GET HTTP/2
api.startservicefounds.com/service/sort.js
IP
45.150.67.235:443
ASN
#44477 Stark Industries Solutions Ltd

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectapi.startservicefounds.com
FingerprintA7:D1:75:3B:3E:DD:CD:0C:40:BE:48:98:D6:ED:B8:31:E6:CA:43:02
ValidityFri, 26 Apr 2024 22:33:59 GMT - Thu, 25 Jul 2024 22:33:58 GMT

File type
JavaScript source, ASCII text, with very long lines (10387), with no line terminators
Size
10 kB (10387 bytes)
Hash
a4b65fe97c9c98509fb6dcb771694411
1892a394fca0d377fbecd97eee53c7f609862813
d5b3b109f4bc1b1b1c2c326e4ad30780ce6bb1cd4e38c842fb9cc082fda085ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service/sort.js HTTP/1.1
Host: api.startservicefounds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:56:15 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 30 Apr 2024 15:10:04 GMT
etag: W/"663109cc-2893"
expires: Mon, 20 May 2024 19:56:15 GMT
cache-control: max-age=864000
access-control-allow-origin: *
strict-transport-security: max-age=31536000;
content-encoding: gzip
X-Firefox-Spdy: h2

jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com

188.114.97.1

200 OK

10 kB

URL GET HTTP/2
jquery.restartyourchoices.com/cdncollect?r1=thefortunefavor.com
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectrestartyourchoices.com
Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6
ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT

File type
JavaScript source, ASCII text, with very long lines (10370)
Size
10 kB (10371 bytes)
Hash
a670ec3dd6fa757de5d5aab7abddfe59
07efb08354a342ae821e52b60728a31945c95759
a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0

HTTP Headers

GET /cdncollect?r1=thefortunefavor.com HTTP/1.1
Host: jquery.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:56:16 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: Fri, 10 May 2024 19:56:16 GMT
set-cookie: _subid=376l60jj3nm5b; expires=Mon, 10 Jun 2024 19:56:16 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxXCI6MTcxNTM3MDk3Nn0sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE3MTUzNzA5NzZ9LFwidGltZVwiOjE3MTUzNzA5NzZ9In0.HJOg3GieSWl6XGFmV3roWDxToA5hgruh3774ecqUQpA; expires=Mon, 19 Sep 2078 15:52:32 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3fKNRYR6CcpjjqDCPyTDOpBY0VaahGxAN5oJSHa0F6r%2FRGQ%2Bu6dbVtCOoJMyacbibywBeIKSU2p2AaUy17Nz5S2tnzkIHMz9xxsrZEkv5wXAJLAYhr%2BWz%2BDA126Wft40gGwwgY8APGgbLxbDkluOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7dd83e7eb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.cdntoswitchspirit.com/source/split.js

172.67.209.227

200 OK

36 kB

URL GET HTTP/3
js.cdntoswitchspirit.com/source/split.js
IP
172.67.209.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectcdntoswitchspirit.com
FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD
ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT

File type
JavaScript source, ASCII text, with very long lines (36341), with no line terminators
Size
36 kB (36341 bytes)
Hash
fe59aea1c787d361c69c43c46a747767
2cc61a29d05db4814718cc60450876419afc5d24
9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 19:56:16 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 210574
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a1Rs%2FgeAdpsOzT9jJb7fMDJ0YBh09ncpe9GheG1YTJELgKXWi%2FlrI3st9Vles4ApA4JpVb%2BUpvaV4U%2F6ggjhSuEB3YRNNGhEvvtlUyGeiK%2FN9VJw54UdnWhJa08JOWJAqrwXqYtjzMgYGeQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7dd82d8256a5-OSL
alt-svc: h3=":443"; ma=86400

bind.bestresulttostart.com/scripts/statistics.js?s=7.8.2

193.163.7.113

200 OK

10 kB

URL GET HTTP/2
bind.bestresulttostart.com/scripts/statistics.js?s=7.8.2
IP
193.163.7.113:443
ASN
#204601 Zomro B.V.

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectbestresulttostart.com
FingerprintF4:4C:F5:1D:A8:B6:9F:52:11:56:EC:A1:D7:C6:98:DF:2E:96:E0:4C
ValidityMon, 08 Apr 2024 08:36:22 GMT - Sun, 07 Jul 2024 08:36:21 GMT

File type
JavaScript source, ASCII text, with very long lines (10331), with no line terminators
Size
10 kB (10331 bytes)
Hash
9d3a2c5feb7b6810bff5bdd9c6987a11
f96b5c4dcbed5e2abd7edb29dcefd1fb9fb28b4b
c97d2621e7e098aab41dfae76dc18919579ef8c1e79dbb27d2172396da956829

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/statistics.js?s=7.8.2 HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 19:56:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:15:36 GMT
vary: Accept-Encoding
etag: W/"66310b18-285b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000;
content-encoding: gzip
X-Firefox-Spdy: h2

js.cdntoswitchspirit.com/source/split.js

172.67.209.227

200 OK

36 kB

URL GET HTTP/2
js.cdntoswitchspirit.com/source/split.js
IP
172.67.209.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thefortunefavor.com/index.php/terms-and-conditions/
Certificate
IssuerLet's Encrypt
Subjectcdntoswitchspirit.com
FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD
ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT

File type
JavaScript source, ASCII text, with very long lines (36341), with no line terminators
Size
36 kB (36341 bytes)
Hash
fe59aea1c787d361c69c43c46a747767
2cc61a29d05db4814718cc60450876419afc5d24
9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thefortunefavor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 19:56:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 210573
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gkg7Sqdy6gpWxMjcww%2FT8oBxOC7huyxGBduYfXvNqPZ6Fv3Xdb6MynaiJfYc19pVJPgn%2BSuwYvHOVjZgxELx9oZGFNyVTRptIiVDUAnz65GMaRz3qfRK%2BfE%2F2EIVI9%2B%2BUrdb74MqdhEau0A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c7dd74ee4569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML