Report - 80.66.79.200/newvishn/1.docx-outfile1.docx

Report Overview

Visitedpublic

2025-03-18 05:11:02

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-12	1.6 kB	326 kB	142.250.74.168
md.mozdozari.net	unknown	2024-06-19	2025-03-18	2025-03-18	9.2 kB	1.2 MB	80.66.79.200
80.66.79.200	unknown	unknown	No data	No data	936 B	3.8 kB	80.66.79.200

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-18 05:10:40	medium	Client IP	80.66.79.200	ET INFO Dotted Quad Host DOCX Request

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-18	medium	80.66.79.200	Sinkholed
2025-03-18	medium	80.66.79.200	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-NRM4XQF8	ScriptElement	324 kB	2025-03-18	2025-03-18
URL www.googletagmanager.com/gtm.js?id=GTM-NRM4XQF8 IP / ASN 142.250.74.168 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-03-18 Last Seen 2025-03-18 Times Seen 1 Size 324 kB (323781 bytes) MD5 1108a0390e44b07cba89e85d1db7cb03 SHA1 47292646519c4cd69d21507277ec4e7eb34830d1 SHA256 0a0685410c3da824c35faaca0de6f64e10868e5f26cd542145d3d0920831befe Format Code Loading...

	md.mozdozari.net/	ScriptElement	228 B	2025-03-18	2025-03-18
URL md.mozdozari.net/ IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-18 Last Seen 2025-03-18 Times Seen 1 Size 228 B (228 bytes) MD5 c4ce2ccced6974b5a2dcf34e882d875c SHA1 ca1705e1196461e6657a7edd4d37297f2c82dbc0 SHA256 6db634cb696e231f08a01a88b0525ef4bae01c213fd1de21fe0b4ec4b4ffd376 Format Code Loading...

	md.mozdozari.net/Meowly/js/live2d.js	ScriptElement	151 kB	2023-03-11	2025-07-09
URL md.mozdozari.net/Meowly/js/live2d.js IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-11 Last Seen 2025-07-09 Times Seen 6 Size 151 kB (151338 bytes) MD5 088afe3263d5fadd4dfdf941f58f4785 SHA1 86dcec89139bf72a8be0a17feaeca631721ffee7 SHA256 543776cf3b0fc618b9b288f2dc02f9081836073a45eb26a1fa7456dab235d002 Format Code Loading...

	md.mozdozari.net/Meowly/js/message.js	ScriptElement	4.3 kB	2025-03-18	2025-03-18
URL md.mozdozari.net/Meowly/js/message.js IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded false Resource Info First Seen 2025-03-18 Last Seen 2025-03-18 Times Seen 1 Size 4.3 kB (4348 bytes) MD5 e5173740bacc3d6acd69f4ced5e1b5a1 SHA1 44eaa261e62c624cbedfde653fd8eefddd9cf539 SHA256 2782acd00a77d3f4ac046fbe6f80f48c17403c91f6ee093f8b68e99c5b44029c Format Code Loading...

	md.mozdozari.net/	ScriptElement	374 B	2025-03-18	2025-03-18
URL md.mozdozari.net/ IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-18 Last Seen 2025-03-18 Times Seen 1 Size 374 B (374 bytes) MD5 ea24925132e7a31ad0bf051ca324dc2b SHA1 f7d0e07f60f960afdc48a27a323331a119f62af2 SHA256 dde661224f6311feef16b7e787a157cac1f6659f41352d3504284559669ab49a Format Code Loading...

	md.mozdozari.net/	ScriptElement	281 B	2025-03-18	2025-03-18
URL md.mozdozari.net/ IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded false Resource Info First Seen 2025-03-18 Last Seen 2025-03-18 Times Seen 1 Size 281 B (281 bytes) MD5 8595e50c751a36bd441b5a032e170481 SHA1 d82bf066b9f1f053d3636c8d7a7a0e6d2bffdc07 SHA256 53195a8dbb9f107e92a2d9c54d38f82cf79c9434708060e1047b5db523260948 Format Code Loading...

	md.mozdozari.net/	ScriptElement	129 B	2025-03-18	2025-03-18
URL md.mozdozari.net/ IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-18 Last Seen 2025-03-18 Times Seen 1 Size 129 B (129 bytes) MD5 2a4ef7dcb9172974fe925e6fd477f171 SHA1 e80a1f31a0b5017c4ee102637bd82948faadd8ea SHA256 2982e7e27936614addf84b5a0ed76ec6323dd6bc5d7721851684e240d62aded2 Format Code Loading...

	md.mozdozari.net/Meowly/js/main.js	ScriptElement	86 kB	2023-03-07	2025-08-03
URL md.mozdozari.net/Meowly/js/main.js IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-03 Times Seen 192484 Size 86 kB (85578 bytes) MD5 2f6b11a7e914718e0290410e85366fe9 SHA1 69bb69e25ca7d5ef0935317584e6153f3fd9a88c SHA256 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Format Code Loading...

	md.mozdozari.net/	ScriptElement	77 B	2025-03-18	2025-03-18
URL md.mozdozari.net/ IP / ASN 80.66.79.200 #60602 Inovare-Prim SRL Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-18 Last Seen 2025-03-18 Times Seen 1 Size 77 B (77 bytes) MD5 f573b0dffb0a487bd8df938c5f6c05dd SHA1 ec77be4ebec577b7975c9a224d87fa177b1bbfa7 SHA256 e0a96d839152324f7db0044b259f4c8979d61e56d6378ff84d3210136ab22a2b Format Code Loading...

HTTP Transactions (26)

URL IP Response Size

GET www.googletagmanager.com/gtm.js?id=GTM-NRM4XQF8

142.250.74.168

200 OK

324 kB

URL

www.googletagmanager.com/gtm.js?id=GTM-NRM4XQF8

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://md.mozdozari.net/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619475

Size324 kB (323781 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D

ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

HTTP Headers

GET /gtm.js?id=GTM-NRM4XQF8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 18 Mar 2025 05:10:41 GMT
expires: Tue, 18 Mar 2025 05:10:41 GMT
cache-control: private, max-age=900
last-modified: Tue, 18 Mar 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1262:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1262:0
report-to: {"group":"ascgcycc:1262:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1262:0"}],}
server: Google Tag Manager
content-length: 95898
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/message.json

80.66.79.200

200 OK

362 B

URL

md.mozdozari.net/Meowly/message.json

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeUnicode text, UTF-8 text, with very long lines (390), with no line terminators

First Seen2025-03-18

Last Seen2025-03-18

Times Seen1

Size362 B (362 bytes)

MD54a830ed6e37cdf7ef1454a881ca50660

SHA14386b4a1ead89a3b2e8894c11dbc22178662fbbc

SHA256152590920a628dbe64a4b4a50b12b021e25ec79c1ea89e91ee95210051739e63

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/message.json HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: application/json
content-length: 362
last-modified: Fri, 30 Jun 2023 12:21:02 GMT
etag: "649ec8ae-16a"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=G-ER14ML6KVS&l=dataLayer&cx=c&gtm=45He53d3v9174597081za200&tag_exp=102015666~102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719

142.250.74.168

404 Not Found

0 B

URL

www.googletagmanager.com/gtag/destination?id=G-ER14ML6KVS&l=dataLayer&cx=c&gtm=45He53d3v9174597081za200&tag_exp=102015666~102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://md.mozdozari.net/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619475

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D

ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

HTTP Headers

GET /gtag/destination?id=G-ER14ML6KVS&l=dataLayer&cx=c&gtm=45He53d3v9174597081za200&tag_exp=102015666~102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: text/html; charset=UTF-8
server: Google Tag Manager
content-length: 1753
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET md.mozdozari.net/Meowly/Tia/motions/WakeUp.mtn

80.66.79.200

200 OK

12 kB

URL

md.mozdozari.net/Meowly/Tia/motions/WakeUp.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (642), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-03-18

Times Seen1

Size12 kB (11937 bytes)

MD50557fa269bcc98570b45d208e1776f85

SHA199508a5176a2d1864fa1088f46b36d39eb9cd76c

SHA256c4f9bb45f4064859a7a4cb69cf41b3b2264429be88c502e737006e1dd537a388

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/WakeUp.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 11937
last-modified: Fri, 30 Jun 2023 12:21:14 GMT
etag: "649ec8ba-2ea1"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath2.mtn

80.66.79.200

200 OK

6.5 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath2.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (579), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size6.5 kB (6489 bytes)

MD50a25e19fe3f07893c9d5955cc577eb14

SHA11c1b35419e237327e5d6f7187b7738d2b853fa92

SHA256e073ab0c5ad4ffe4bad2ddac87433a6937e10e0c40a84e6a6c285dc2c8890d6e

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath2.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 6489
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-1959"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath5.mtn

80.66.79.200

200 OK

12 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath5.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (730), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-07-15

Times Seen5

Size12 kB (12530 bytes)

MD58b4c561e69d9b6c060dd7c4d2c2416f3

SHA1df45551eb085bd60ec0da2aa053bf50d362f8f98

SHA256c5f8f19c7cbec6a8107e742297fb4e79fd781121ad468ec30e37b058f5494556

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath5.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 12530
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-30f2"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath2.mtn

80.66.79.200

200 OK

6.5 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath2.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (579), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size6.5 kB (6489 bytes)

MD50a25e19fe3f07893c9d5955cc577eb14

SHA11c1b35419e237327e5d6f7187b7738d2b853fa92

SHA256e073ab0c5ad4ffe4bad2ddac87433a6937e10e0c40a84e6a6c285dc2c8890d6e

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath2.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:46 GMT
content-type: application/octet-stream
content-length: 6489
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-1959"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/js/live2d.js

80.66.79.200

200 OK

151 kB

URL

md.mozdozari.net/Meowly/js/live2d.js

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2023-03-11

Last Seen2025-07-09

Times Seen6

Size151 kB (151338 bytes)

MD5088afe3263d5fadd4dfdf941f58f4785

SHA186dcec89139bf72a8be0a17feaeca631721ffee7

SHA256543776cf3b0fc618b9b288f2dc02f9081836073a45eb26a1fa7456dab235d002

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/js/live2d.js HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 151338
last-modified: Fri, 30 Jun 2023 12:21:04 GMT
etag: "649ec8b0-24f2a"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-ER14ML6KVS&l=dataLayer&cx=c&gtm=45He53d3v9174597081za200&tag_exp=102015666~102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719

142.250.74.168

404 Not Found

0 B

URL

www.googletagmanager.com/gtag/js?id=G-ER14ML6KVS&l=dataLayer&cx=c&gtm=45He53d3v9174597081za200&tag_exp=102015666~102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719

IP / ASN

142.250.74.168

#15169 GOOGLE

Requested byhttps://md.mozdozari.net/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619475

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D

ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

HTTP Headers

GET /gtag/js?id=G-ER14ML6KVS&l=dataLayer&cx=c&gtm=45He53d3v9174597081za200&tag_exp=102015666~102482433~102587591~102717422~102788824~102813109~102814060~102825837~102879719 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: text/html; charset=UTF-8
server: Google Tag Manager
content-length: 1744
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET md.mozdozari.net/Meowly/Tia/motions/Breath1.mtn

80.66.79.200

200 OK

3.3 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath1.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (535), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size3.3 kB (3283 bytes)

MD5fc8a5b392a29f1a34c5d33473ecf8a0b

SHA1e9fe2ad68ba66ae2cbf8d2f4662bae9b3144b1cc

SHA25621c4df569b781c179cf31af94f160d786c7b8242bedeea5bc4e9be321c5be906

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath1.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 3283
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath1.mtn

80.66.79.200

200 OK

3.3 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath1.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (535), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size3.3 kB (3283 bytes)

MD5fc8a5b392a29f1a34c5d33473ecf8a0b

SHA1e9fe2ad68ba66ae2cbf8d2f4662bae9b3144b1cc

SHA25621c4df569b781c179cf31af94f160d786c7b8242bedeea5bc4e9be321c5be906

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath1.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:53 GMT
content-type: application/octet-stream
content-length: 3283
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-cd3"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 80.66.79.200/newvishn/1.docx-outfile1.docx

80.66.79.200

301 Moved Permanently

3.6 kB

URL

80.66.79.200/newvishn/1.docx-outfile1.docx

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619475

Size3.6 kB (3648 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
suricata	medium	ET INFO Dotted Quad Host DOCX Request

HTTP Headers

GET /newvishn/1.docx-outfile1.docx HTTP/1.1
Host: 80.66.79.200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 18 Mar 2025 05:10:40 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://md.mozdozari.net

GET md.mozdozari.net/Meowly/js/message.js

80.66.79.200

200 OK

4.3 kB

URL

md.mozdozari.net/Meowly/js/message.js

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (4484), with no line terminators

First Seen2025-03-18

Last Seen2025-03-18

Times Seen1

Size4.3 kB (4348 bytes)

MD5b1740ff34ee749ef714f63292014c79b

SHA18aafdc79f0f8a83a528e2ac93bd77f1a12e1a904

SHA256c09fbe67bd05cf843375d5bb1892d5dd10b0585ba51b4b4b15b042157ea66c7f

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/js/message.js HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 4348
last-modified: Fri, 08 Sep 2023 15:03:20 GMT
etag: "64fb37b8-10fc"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/index.json

80.66.79.200

200 OK

1.9 kB

URL

md.mozdozari.net/Meowly/Tia/index.json

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (2095), with no line terminators

First Seen2025-03-18

Last Seen2025-03-18

Times Seen1

Size1.9 kB (1874 bytes)

MD532dd1b82f862f2631b7cc0a26bea43ec

SHA172d2db6876e09f1af7bf3d51bb9c022048c4eb38

SHA2564ddd2c85283119630c91571fc77377d6f2b44ff491c73ffc99632ecd96418b80

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/index.json HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: application/json
content-length: 1874
last-modified: Mon, 31 Jul 2023 18:02:32 GMT
etag: "64c7f738-752"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/

80.66.79.200

200 OK

3.6 kB

URL

md.mozdozari.net/

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (3864), with no line terminators

First Seen2025-03-18

Last Seen2025-03-18

Times Seen1

Size3.6 kB (3648 bytes)

MD5f102996fc6e7fb26920b7ea0142a62cd

SHA1c490e99be626015a05a88f9055a2d7e597199a72

SHA256914ded5d46f5b106bf8b79c99143c520be6dc6c876a2519c4fde5c3ebb9fd500

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET / HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:40 GMT
content-type: text/html; charset=utf-8
content-length: 3648
last-modified: Sun, 16 Mar 2025 09:24:31 GMT
etag: "67d698cf-e40"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/textures/warrior-costume.png

80.66.79.200

200 OK

465 kB

URL

md.mozdozari.net/Meowly/Tia/textures/warrior-costume.png

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typePNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced

First Seen2025-03-18

Last Seen2025-03-18

Times Seen1

Size465 kB (464881 bytes)

MD50fbb04a5a8264c926996cebf3520fb45

SHA1620fcf91aa5da4a6f73bf38ced88c366f3cd1a5b

SHA25650af9eda87292308a9819f1c4988fdc8d0d87277471b890ce95b6383f16ba6ba

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/textures/warrior-costume.png HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: image/png
content-length: 464881
last-modified: Fri, 30 Jun 2023 12:21:20 GMT
etag: "649ec8c0-717f1"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath7.mtn

80.66.79.200

200 OK

9.3 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath7.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (695), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size9.3 kB (9310 bytes)

MD57b60f8716b3e0336e6025b93dbe7d79e

SHA11cfccb24f92a073e9f644caaa66d4f642695d873

SHA256d34775b817bf40359e2d9dd90749d5e32355e3ed2325700e80b90347fb65558c

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath7.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 9310
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-245e"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath8.mtn

80.66.79.200

200 OK

12 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath8.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (670), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size12 kB (12528 bytes)

MD5b45a1de9d3ffbb0333f95675f976b65c

SHA1d2b8adfbcaf107f617cd9401cf7cbac266b921c7

SHA25671958456c6d32df0e3120ab972e0caa220108f11628e65617c26b83a313b86e8

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath8.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 12528
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-30f0"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/model.moc

80.66.79.200

200 OK

101 kB

URL

md.mozdozari.net/Meowly/Tia/model.moc

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typedata

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size101 kB (101353 bytes)

MD5ba12e8c6be93e9b44c91d09cbc490938

SHA1ec4becdfb64a722a878aa69ed8429043402f7259

SHA256f19c7a20bf7eafcc1ef303b9c9c52d0face97aa0990129aeddec8d5e089d1ef5

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/model.moc HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: application/octet-stream
content-length: 101353
last-modified: Fri, 30 Jun 2023 12:21:04 GMT
etag: "649ec8b0-18be9"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath3.mtn

80.66.79.200

200 OK

9.4 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath3.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (622), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-07-15

Times Seen5

Size9.4 kB (9363 bytes)

MD59d41c08433bb59d06cb7d2fb956b0f03

SHA1848c2740a0b824a53c592c8052ce06453b1ca346

SHA2561eb42542e7f5b645f4b83ceac7bae8194d1b86fa2602385da22286fe8a330a98

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath3.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 9363
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-2493"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath7.mtn

80.66.79.200

200 OK

9.3 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath7.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (695), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size9.3 kB (9310 bytes)

MD57b60f8716b3e0336e6025b93dbe7d79e

SHA11cfccb24f92a073e9f644caaa66d4f642695d873

SHA256d34775b817bf40359e2d9dd90749d5e32355e3ed2325700e80b90347fb65558c

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath7.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:49 GMT
content-type: application/octet-stream
content-length: 9310
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-245e"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/js/main.js

80.66.79.200

200 OK

86 kB

URL

md.mozdozari.net/Meowly/js/main.js

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32065)

First Seen2023-03-07

Last Seen2025-08-03

Times Seen192484

Size86 kB (85578 bytes)

MD52f6b11a7e914718e0290410e85366fe9

SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/js/main.js HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 85578
last-modified: Fri, 30 Jun 2023 12:21:04 GMT
etag: "649ec8b0-14e4a"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 80.66.79.200/newvishn/1.docx-outfile1.docx

0.0.0.0

0 B

URL

80.66.79.200/newvishn/1.docx-outfile1.docx

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-03

Times Seen5619475

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
suricata	medium	ET INFO Dotted Quad Host DOCX Request

HTTP Headers

GET /newvishn/1.docx-outfile1.docx HTTP/1.1
Host: 80.66.79.200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET md.mozdozari.net/icon.png

80.66.79.200

200 OK

302 kB

URL

md.mozdozari.net/icon.png

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typePNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced

First Seen2025-03-18

Last Seen2025-03-18

Times Seen1

Size302 kB (301538 bytes)

MD58bfb8e632c42b59000c3eff4f653b306

SHA192fea2602075e7e2b6b8860003642e8d36138472

SHA256b2c434cc3f7b3e6e8716b8978ac6d6b039c3bf5db0112e5c60e47d9a1772dc83

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /icon.png HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:41 GMT
content-type: image/png
content-length: 301538
last-modified: Fri, 22 Dec 2023 15:51:52 GMT
etag: "6585b098-499e2"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath7.mtn

80.66.79.200

200 OK

9.3 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath7.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (695), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-06-17

Times Seen2

Size9.3 kB (9310 bytes)

MD57b60f8716b3e0336e6025b93dbe7d79e

SHA11cfccb24f92a073e9f644caaa66d4f642695d873

SHA256d34775b817bf40359e2d9dd90749d5e32355e3ed2325700e80b90347fb65558c

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath7.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:42 GMT
content-type: application/octet-stream
content-length: 9310
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-245e"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET md.mozdozari.net/Meowly/Tia/motions/Breath5.mtn

80.66.79.200

200 OK

12 kB

URL

md.mozdozari.net/Meowly/Tia/motions/Breath5.mtn

IP / ASN

80.66.79.200

#60602 Inovare-Prim SRL

Requested byhttps://md.mozdozari.net/

Resource Info

File typeASCII text, with very long lines (730), with CRLF, CR line terminators

First Seen2025-03-18

Last Seen2025-07-15

Times Seen5

Size12 kB (12530 bytes)

MD58b4c561e69d9b6c060dd7c4d2c2416f3

SHA1df45551eb085bd60ec0da2aa053bf50d362f8f98

SHA256c5f8f19c7cbec6a8107e742297fb4e79fd781121ad468ec30e37b058f5494556

Certificate Info

IssuerLet's Encrypt

Subjectmd.mozdozari.net

Fingerprint85:BB:96:ED:C8:AE:89:A0:8C:39:6A:06:3A:8B:41:43:ED:3B:37:39

ValiditySun, 16 Mar 2025 08:25:56 GMT - Sat, 14 Jun 2025 08:25:55 GMT

HTTP Headers

GET /Meowly/Tia/motions/Breath5.mtn HTTP/1.1
Host: md.mozdozari.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://md.mozdozari.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 18 Mar 2025 05:10:57 GMT
content-type: application/octet-stream
content-length: 12530
last-modified: Fri, 30 Jun 2023 12:21:12 GMT
etag: "649ec8b8-30f2"
accept-ranges: bytes
X-Firefox-Spdy: h2