Report - clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en

Report Overview

Visited public
2023-12-06 16:04:29
Tags
Submit Tags
URL
clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Finishing URL
clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
IP / ASN
52.38.176.100
#16509 AMAZON-02
Title
Manage Your Subscription

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
clt1600345.benchurl.com	unknown	2014-04-11	2023-07-21 09:55:27	2023-12-04 02:28:26	5.6 kB	150 kB	52.35.250.25
use.typekit.com	14731	2006-07-11	2012-05-23 16:28:56	2023-12-06 10:03:32	3.8 kB	123 kB	23.36.76.186
p.typekit.net	620	2010-08-02	2012-05-23 16:28:57	2023-12-06 05:11:35	558 B	371 B	23.36.76.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed
2023-12-06	medium	benchurl.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	clt1600345.benchurl.com/script/jquery-1.7.1.min.js	ScriptElement	147 kB	2023-12-06	2024-08-20
Pretty URL clt1600345.benchurl.com/script/jquery-1.7.1.min.js IP 52.10.95.150 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 17:04 Last Seen2024-08-20 16:34 Times Seen12 Hash b134b2a6f7bc33ba86c2420ba6fa6f14 113133125393229d83b01bac1f076aa7e97bfef3 13228011d6efe9843c04223041b1838d7342eb24ccc45073c2fb5f8e42dffa3a Loading...

	use.typekit.com/oai6wkl.js	ScriptElement	18 kB	2023-04-11	2024-08-21
Pretty URL use.typekit.com/oai6wkl.js IP 23.36.76.186 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 23:23 Last Seen2024-08-21 08:28 Times Seen148 Hash 1ef84ed60077f08690b8f9ccac36ad1c f7fd68d756c23da073d8bac13db8b4cbe093ba5f 70ed4bee3174c13328a52a37df0f8acc4efde9bf2ae3fc9ec2e2ae185e516386 Loading...

	clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en	ScriptElement	0 B	0001-01-01	2025-07-03
Pretty URL clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en IP 52.10.95.150 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-03 05:17 Times Seen5255605 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (17)

URL IP Response Size

clt1600345.benchurl.com/

52.35.250.25

118 B

URL
clt1600345.benchurl.com/
IP
52.35.250.25:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
118 B (118 bytes)
Hash
bad2e8579dcdb79399aac2064216a37d
7771e4d9c60e02ce2246b5d71bb23f92b9fb8a90
58bf2215b395dcac74c009aa98701854e43cbe54a1cd3a95fee6a647ca9910d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: awselb/2.0
Date: Wed, 06 Dec 2023 16:04:14 GMT
Content-Type: text/html
Content-Length: 118
Connection: keep-alive

GET clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en

52.10.95.150

200 OK

1.4 kB

URL User Request GET HTTP/2
clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
1.4 kB (1449 bytes)
Hash
1199e47090cd4000b4bb12dace330ad8
55bf68d678560722a581ded8391dc8e118606dc7
7723c2f495d31457e7df21d0d52387610ed719f0d36d3e6edb43c5d1cfc4f2d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: awselb/2.0
date: Wed, 06 Dec 2023 16:04:14 GMT
content-type: text/html
content-length: 1449
X-Firefox-Spdy: h2

GET use.typekit.com/oai6wkl.js

23.36.76.186

200 OK

6.7 kB

URL GET HTTP/2
use.typekit.com/oai6wkl.js
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (2258)
Size
6.7 kB (6734 bytes)
Hash
341d5f7ee42ae3d9b3d54b68d5318ff6
509fc3b4f8469ce3ea90ca74ff407386bb47b8c5
ae8c31c790d8028094778b6eb6e77c780eb51d6c79030ebf816b06c90b104695

HTTP Headers

GET /oai6wkl.js HTTP/1.1
Host: use.typekit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: text/javascript;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: public, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 6734
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET clt1600345.benchurl.com/script/jquery-1.7.1.min.js

52.10.95.150

200 OK

49 kB

URL GET HTTP/2
clt1600345.benchurl.com/script/jquery-1.7.1.min.js
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (33076), with CRLF line terminators
Size
49 kB (48981 bytes)
Hash
42cf237d7b8d41da174502d8f4ddfcd2
92fdfa9e11d8ab103bb22047ebab12333631bcd8
7f4f6940064931390ca6686d8a593a3038e1a6f33bb4dc9d3ae612d9b2d799c3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script/jquery-1.7.1.min.js HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 16:04:15 GMT
content-type: application/javascript
content-length: 48981
content-encoding: gzip
last-modified: Fri, 28 Sep 2012 12:59:01 GMT
accept-ranges: bytes
etag: "8058bc7799dcd1:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-xss-protection: 0
X-Firefox-Spdy: h2

GET clt1600345.benchurl.com/css/header.css

52.10.95.150

200 OK

13 kB

URL GET HTTP/2
clt1600345.benchurl.com/css/header.css
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (419), with CRLF line terminators
Size
13 kB (13271 bytes)
Hash
96ff5db6547f62ab1273cba92d9c9eed
eb7442bb2f5f83966156bd288ea4953c4a7d5a4c
e2c4aab64c2c89ea7280cf53346f8fc9e051de8f8acf01e0d75d57217169db11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/header.css HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 16:04:15 GMT
content-type: text/css
content-length: 13271
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 18:41:16 GMT
accept-ranges: bytes
etag: "06e3947261cd71:0"
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-xss-protection: 0
X-Firefox-Spdy: h2

GET use.typekit.com/af/8c5f68/00000000000000003b9ad1b1/27/l?subset_id=2&fvd=n7&v=3

23.36.76.186

200 OK

19 kB

URL GET HTTP/2
use.typekit.com/af/8c5f68/00000000000000003b9ad1b1/27/l?subset_id=2&fvd=n7&v=3
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), CFF, length 19056, version 1.0\012- data
Size
19 kB (19056 bytes)
Hash
dddf341025f47901da49cc060730048c
83dc9cee8403778310f2fb5bd0e675192ddddf21
3b361d49881277ab3b92b0d7edc9f781f8f8ccb6738487b927140fee462aec1d

HTTP Headers

GET /af/8c5f68/00000000000000003b9ad1b1/27/l?subset_id=2&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clt1600345.benchurl.com
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 19056
etag: "518c5f781d51642b3cf2290d365b9b8257de6e1f"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET use.typekit.com/af/b4e997/00000000000000003b9ad1bb/27/l?subset_id=2&fvd=n6&v=3

23.36.76.186

200 OK

19 kB

URL GET HTTP/2
use.typekit.com/af/b4e997/00000000000000003b9ad1bb/27/l?subset_id=2&fvd=n6&v=3
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), CFF, length 18692, version 1.0\012- data
Size
19 kB (18692 bytes)
Hash
39f53d4a2d3741ca8ae973750256c214
cc904f0c5a3e1a9530798207091ea974155b4c1c
f1c1ae1a41ae40e40b10aa9c031ae6850548fe43a736725051753aa6c411668d

HTTP Headers

GET /af/b4e997/00000000000000003b9ad1bb/27/l?subset_id=2&fvd=n6&v=3 HTTP/1.1
Host: use.typekit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clt1600345.benchurl.com
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 18692
etag: "80987524f2c82c2a36d727971941de8401d3f316"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET use.typekit.com/af/dcab3a/00000000000000003b9ad1b2/27/l?subset_id=2&fvd=i7&v=3

23.36.76.186

200 OK

20 kB

URL GET HTTP/2
use.typekit.com/af/dcab3a/00000000000000003b9ad1b2/27/l?subset_id=2&fvd=i7&v=3
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), CFF, length 19524, version 1.0\012- data
Size
20 kB (19524 bytes)
Hash
fcb5c1dd5b07e3786979f619d8af41eb
8142eae602abd9abb15f886673773480082cb2ed
12f57218818734d0c49ab72316a2b415d984f309d217c8d79bed4ed0a0eca1af

HTTP Headers

GET /af/dcab3a/00000000000000003b9ad1b2/27/l?subset_id=2&fvd=i7&v=3 HTTP/1.1
Host: use.typekit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clt1600345.benchurl.com
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 19524
etag: "c85de2b0c8d27e8ecb10964d9c709a0e5397550c"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET use.typekit.com/af/aa8afb/00000000000000003b9ad1b9/27/l?subset_id=2&fvd=n4&v=3

23.36.76.186

200 OK

18 kB

URL GET HTTP/2
use.typekit.com/af/aa8afb/00000000000000003b9ad1b9/27/l?subset_id=2&fvd=n4&v=3
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), CFF, length 18504, version 1.0\012- data
Size
18 kB (18504 bytes)
Hash
5cf4886debc81650fb7f6d93f03a503f
06e254aa32bcf2b5aa8bf1cea25568da56cf0495
e0ed483bba0a14e9fe3b33939500515282721fedb70a8ebad014233c02df57c2

HTTP Headers

GET /af/aa8afb/00000000000000003b9ad1b9/27/l?subset_id=2&fvd=n4&v=3 HTTP/1.1
Host: use.typekit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clt1600345.benchurl.com
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 18504
etag: "f9e85be3f0c8dcdcbd6f0a8471a46280ab7bf664"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET use.typekit.com/af/3b47e3/00000000000000003b9ad1bc/27/l?subset_id=2&fvd=i6&v=3

23.36.76.186

200 OK

19 kB

URL GET HTTP/2
use.typekit.com/af/3b47e3/00000000000000003b9ad1bc/27/l?subset_id=2&fvd=i6&v=3
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), CFF, length 19048, version 1.0\012- data
Size
19 kB (19048 bytes)
Hash
c58007eb95f4647b0fec64ff9429d800
252e0416e4b297e09b4d9244efa79cd9a3c72d43
1d4797f8814994226060d66485b71446067211dbdf5d1799c437c3ee63258d21

HTTP Headers

GET /af/3b47e3/00000000000000003b9ad1bc/27/l?subset_id=2&fvd=i6&v=3 HTTP/1.1
Host: use.typekit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clt1600345.benchurl.com
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 19048
etag: "131c73b236b0a451c55436b26d3b7857d5a10680"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET use.typekit.com/af/9cba47/00000000000000003b9ad1ba/27/l?subset_id=2&fvd=i4&v=3

23.36.76.186

200 OK

19 kB

URL GET HTTP/2
use.typekit.com/af/9cba47/00000000000000003b9ad1ba/27/l?subset_id=2&fvd=i4&v=3
IP
23.36.76.186:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), CFF, length 19188, version 1.0\012- data
Size
19 kB (19188 bytes)
Hash
2052aabaa0038dd2e272016311a0e54b
fddfd48f49a13dee5e2f311d412ce837fdbe6faa
6d52e211ba98d5b5348088d0a9a42b3bc015f6f4ab8bee236f702cd09ba72b9d

HTTP Headers

GET /af/9cba47/00000000000000003b9ad1ba/27/l?subset_id=2&fvd=i4&v=3 HTTP/1.1
Host: use.typekit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clt1600345.benchurl.com
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 19188
etag: "8887aa07a5e31ddeba60d1317cef52532c1e4862"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET clt1600345.benchurl.com/images/apple-icon-touch.png

52.10.95.150

200 OK

4.0 kB

URL GET HTTP/2
clt1600345.benchurl.com/images/apple-icon-touch.png
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
PNG image data, 120 x 120, 8-bit colormap, non-interlaced\012- data
Size
4.0 kB (3973 bytes)
Hash
8af45137d382b5063c8768af7526cf62
7cbff95a75254816d988a6867eb18b3af8b3f7f5
e51cd97d39afb1437022f77609690597d7c593c8e90517a296f85f6055b44e2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/apple-icon-touch.png HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 16:04:15 GMT
content-type: image/png
content-length: 3973
last-modified: Fri, 24 Mar 2017 22:54:46 GMT
accept-ranges: bytes
etag: "497472a2f1a4d21:0"
server: Microsoft-IIS/10.0
x-xss-protection: 0
X-Firefox-Spdy: h2

GET clt1600345.benchurl.com/images/favicon.png

52.10.95.150

200 OK

1.1 kB

URL GET HTTP/2
clt1600345.benchurl.com/images/favicon.png
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1077 bytes)
Hash
98afef26b0752d4e1c796cd7e224d300
26e39cc4862b2955012e3912d1749392969f80e0
56339793ef6148fdf17378abccd5ac5b1714e3eb639a272919e3c34272d5da41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/favicon.png HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 16:04:15 GMT
content-type: image/png
content-length: 1077
last-modified: Mon, 04 Feb 2019 16:12:19 GMT
accept-ranges: bytes
etag: "57dda267a4bcd41:0"
server: Microsoft-IIS/10.0
x-xss-protection: 0
X-Firefox-Spdy: h2

GET clt1600345.benchurl.com/css/fonts/MessinaSans/MessinaSansWeb-Regular.woff2

52.10.95.150

200 OK

26 kB

URL GET HTTP/2
clt1600345.benchurl.com/css/fonts/MessinaSans/MessinaSansWeb-Regular.woff2
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26116, version 7.0\012- data
Size
26 kB (26116 bytes)
Hash
a3f4bf30367a861f8a16f8c3a9029720
fc2b32c0f6c90e3119dd5e68dd86b062dcbc142a
6953e91532c8a4027421f3ec28b38ff4a2d03a7ab9f60a0a686a0eecbc0cf3e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/fonts/MessinaSans/MessinaSansWeb-Regular.woff2 HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/css/header.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 16:04:15 GMT
content-type: application/font-woff2
content-length: 26116
last-modified: Wed, 21 Mar 2018 23:21:12 GMT
accept-ranges: bytes
etag: "0e4ea4c6bc1d31:0"
server: Microsoft-IIS/10.0
x-xss-protection: 0
X-Firefox-Spdy: h2

GET p.typekit.net/p.gif?s=1&k=oai6wkl&ht=tk&h=clt1600345.benchurl.com&f=139.140.173.174.175.176&a=536444&js=1.21.0&app=typekit&e=js&_=1701878661871

23.36.76.184

200 OK

35 B

URL GET HTTP/2
p.typekit.net/p.gif?s=1&k=oai6wkl&ht=tk&h=clt1600345.benchurl.com&f=139.140.173.174.175.176&a=536444&js=1.21.0&app=typekit&e=js&_=1701878661871
IP
23.36.76.184:443
ASN
#20940 Akamai International B.V.

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
81144d75b3e69e9aa2fa3e9d83a64d03
f0fbc60b50edf5b2a0b76e0aa0537b76bf346ffc
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

HTTP Headers

GET /p.gif?s=1&k=oai6wkl&ht=tk&h=clt1600345.benchurl.com&f=139.140.173.174.175.176&a=536444&js=1.21.0&app=typekit&e=js&_=1701878661871 HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: image/gif
content-length: 35
last-modified: Sun, 15 Oct 2023 12:43:11 GMT
etag: "652bde5f-23"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Wed, 06 Dec 2023 16:04:15 GMT
X-Firefox-Spdy: h2

GET clt1600345.benchurl.com/css/fonts/MessinaSans/MessinaSansWeb-Bold.woff2

52.10.95.150

200 OK

26 kB

URL GET HTTP/2
clt1600345.benchurl.com/css/fonts/MessinaSans/MessinaSansWeb-Bold.woff2
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26268, version 7.0\012- data
Size
26 kB (26268 bytes)
Hash
19ebcf5625bb72dc4ab22f9190b17a5a
c7fd59a75bafab683587ecd2829662a137e88d93
da4b872cba131f9b516b0f3512a1799358568c7961df90d134ffe6aa10c4b5d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/fonts/MessinaSans/MessinaSansWeb-Bold.woff2 HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/css/header.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 16:04:15 GMT
content-type: application/font-woff2
content-length: 26268
last-modified: Wed, 21 Mar 2018 23:21:12 GMT
accept-ranges: bytes
etag: "0e4ea4c6bc1d31:0"
server: Microsoft-IIS/10.0
x-xss-protection: 0
X-Firefox-Spdy: h2

GET clt1600345.benchurl.com/css/fonts/MessinaSans/MessinaSansWeb-Light.woff2

52.10.95.150

200 OK

26 kB

URL GET HTTP/2
clt1600345.benchurl.com/css/fonts/MessinaSans/MessinaSansWeb-Light.woff2
IP
52.10.95.150:443
ASN
#16509 AMAZON-02

Requested by
https://clt1600345.benchurl.com/c/opt?e=174D6F7&c=186B59&l=D5128B33&email=KzD2Xi0s6ANYUyHOXT4pdpnNPv4YQPNifMGPOVnZMlE=&relid=AFA137D/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en/c/confirmed?t=&language=en
Certificate
IssuerAmazon
Subject*.benchurl.com
Fingerprint7C:D9:3C:7C:A4:2C:9F:A1:B2:F1:6A:53:C3:CD:E6:A8:C1:F0:09:78
ValiditySat, 16 Sep 2023 00:00:00 GMT - Sun, 13 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26048, version 7.0\012- data
Size
26 kB (26048 bytes)
Hash
cf5f99a932802c3db892dc004bb7e48a
00801d6a023a2cb6bf03dfe0513d8b6721efb682
5b70004d9d7b33848a564f72ba6e3caf9d409594e59e79426733e2d6167c48ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/fonts/MessinaSans/MessinaSansWeb-Light.woff2 HTTP/1.1
Host: clt1600345.benchurl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://clt1600345.benchurl.com/css/header.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 16:04:15 GMT
content-type: application/font-woff2
content-length: 26048
last-modified: Wed, 21 Mar 2018 23:21:12 GMT
accept-ranges: bytes
etag: "0e4ea4c6bc1d31:0"
server: Microsoft-IIS/10.0
x-xss-protection: 0
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections