Report - askco.sa/

Report Overview

Visited public
2024-02-28 16:31:15
Tags
URL
askco.sa/
Finishing URL
expired.renderforestsites.com/
IP / ASN
35.161.126.63
#16509 AMAZON-02
Title
expired.renderforestsites.com/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-02-28 10:09:19	2.1 kB	152 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-02-28 08:50:56	1.6 kB	51 kB	216.58.207.227
static.rfstat.com	541091	2017-10-16	2017-10-26 20:28:10	2024-02-16 17:50:56	960 B	765 kB	104.26.5.228
hosting.renderforestsites.com	unknown	2018-07-10	2021-09-02 14:39:23	2024-02-16 17:50:57	497 B	58 kB	104.21.94.97
askco.sa	unknown	unknown	2022-03-29 19:49:23	2024-02-27 17:28:01	379 B	340 B	35.161.126.63
expired.renderforestsites.com	unknown	2018-07-10	2022-08-04 02:03:14	2024-01-27 18:33:06	1.8 kB	125 kB	52.40.176.255

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-02-28	medium	renderforestsites.com	Sinkholed
2024-02-28	medium	renderforestsites.com	Sinkholed
2024-02-28	medium	renderforestsites.com	Sinkholed
2024-02-28	medium	renderforestsites.com	Sinkholed
2024-02-28	medium	renderforestsites.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	static.rfstat.com/renderforest/static/icons-js/builtIcons_4.js	ScriptElement	2.9 MB	2023-10-23	2025-06-22
Pretty URL static.rfstat.com/renderforest/static/icons-js/builtIcons_4.js IP 104.26.5.228 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-23 12:27 Last Seen2025-06-22 03:00 Times Seen15 Hash d10a724455650cff2a445c209b23d637 3daa101accbe085bd5c24dfe7826c9c614d1fc05 3016c955e4fef623c3f6fe616cbd231f8245935b77437f97a810ddcc106b27a8 Loading...

	expired.renderforestsites.com/bundle.js	ScriptElement	378 kB	2023-10-23	2025-06-22
Pretty URL expired.renderforestsites.com/bundle.js IP 52.40.176.255 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-23 12:27 Last Seen2025-06-22 03:00 Times Seen15 Hash 347c483325f531f6634908c163346333 1bebe8435bab7f3e466b017d7746059bfa96bb57 dbf41624bc1f9926afe9f2d695d79cb8ce286b0afc7bdabf8cd1f162a419d231 Loading...

HTTP Transactions (13)

URL IP Response Size

GET askco.sa/

35.161.126.63

302 Moved Temporarily

138 B

URL User Request GET HTTP/1.1
askco.sa/
IP
35.161.126.63:80
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET / HTTP/1.1
Host: askco.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 28 Feb 2024 16:30:48 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://expired.renderforestsites.com

GET expired.renderforestsites.com/

52.40.176.255

200 OK

3.8 kB

URL User Request GET HTTP/1.1
expired.renderforestsites.com/
IP
52.40.176.255:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subject*.renderforestsites.com
FingerprintE3:98:89:68:B3:A2:51:F3:27:50:04:90:42:91:12:79:04:59:FA:D7
ValidityThu, 22 Feb 2024 04:29:17 GMT - Wed, 22 May 2024 04:29:16 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2330)
Size
3.8 kB (3779 bytes)
Hash
341bf0ef10785f2231db065c56bcf46c
720dba13dbabcc4435e745fa64a2dfc017884259
c89c72133d37d09da9755e78ecf0a3d0985642d797f46cbf427b1ed7767d61c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: expired.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Feb 2024 16:30:49 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 05 Jan 2022 08:42:24 GMT
ETag: W/"341bf0ef10785f2231db065c56bcf46c"
X-Cache: Miss from cloudfront
Via: 1.1 e1832834d17ab65dd955f4e68cc524e6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SEA900-P1
X-Amz-Cf-Id: tZsz9MwmoHRsjC-_fU0Dyay4nksoF7rbUqii4y3nbP4xIvYkgMEiMA==
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iVsPrMFsOHE9h3oATv5I%2F%2BRjK%2Fe6g9c4IZSJDf8HnO3phAelCyHoccA2bhFJF57RXvUjB%2B90PHe%2BG3nHs%2F%2B6jrvRn2q1wdyjWBul4h%2F79IzsIY4NDVcIT7yHat2IHGInazd%2FWQdk4AXY1mlqQ2faRw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 85ca0de7fefec374-SEA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
Hosted-By: renderforestsites.com

GET expired.renderforestsites.com/main.css

52.40.176.255

200 OK

1.7 kB

URL GET HTTP/1.1
expired.renderforestsites.com/main.css
IP
52.40.176.255:443
ASN
#16509 AMAZON-02

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerLet's Encrypt
Subject*.renderforestsites.com
FingerprintE3:98:89:68:B3:A2:51:F3:27:50:04:90:42:91:12:79:04:59:FA:D7
ValidityThu, 22 Feb 2024 04:29:17 GMT - Wed, 22 May 2024 04:29:16 GMT

File type
ASCII text, with very long lines (4024)
Size
1.7 kB (1743 bytes)
Hash
d0efd55e913f048ecedb8723385dee80
cb4658dbbeb02dd84506fdf1ce232aa8710517bc
80b6622ed09b52ddbc88c67140c7ed206f1473cb4c6b0f7c1e498968fed16bc9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.css HTTP/1.1
Host: expired.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Feb 2024 16:30:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 05 Jan 2022 08:42:24 GMT
ETag: W/"d0efd55e913f048ecedb8723385dee80"
X-Cache: Miss from cloudfront
Via: 1.1 b7e07d6a19a4c8b2e410e9c1e173548c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SEA900-P1
X-Amz-Cf-Id: ihiv_WmBWms5kCzEDGFlwwvhcW_-dhffZkGodKvcXlLoP1g15gzGLw==
Cache-Control: max-age=2678400
CF-Cache-Status: HIT
Age: 3839
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUcmMDXackroC900gXgc4f20yoNgsCUP4jggH0CCcd0TUyjwjWEWBhtrM3WjZVQyo%2FXeO%2Fj8XLKskfuIL8DcSNTA%2B%2FeLQ5kZS5S5KbsOLID2dRreEfiCL49WGXTPfhfAmpqOsV4fseHfmbZyXAOvig%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 85ca0deada20c36e-SEA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
Hosted-By: renderforestsites.com

GET fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

812 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint48:72:AA:F2:E2:69:76:76:93:18:78:2B:17:6E:20:5F:DF:87:66:5C
ValidityMon, 05 Feb 2024 08:19:19 GMT - Mon, 29 Apr 2024 08:19:18 GMT

File type
gzip compressed data, max compression
Size
812 B (812 bytes)
Hash
5600c14245ccfb3e23f72ea2949bab3c
719d5f322751dd2a96861be6addfaf310656fb5d
c24d29fab7188abb29fd038acff395181411779f45615f9eb416b643d132447f

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Feb 2024 16:30:50 GMT
date: Wed, 28 Feb 2024 16:30:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://expired.renderforestsites.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Feb 2024 06:28:43 GMT
expires: Thu, 27 Feb 2025 06:28:43 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 36127
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET static.rfstat.com/renderforest/static/icons-js/builtIcons_4.js

104.26.5.228

200 OK

703 kB

URL GET HTTP/2
static.rfstat.com/renderforest/static/icons-js/builtIcons_4.js
IP
104.26.5.228:443
ASN
#13335 CLOUDFLARENET

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintD9:80:41:E2:CD:32:96:8C:3C:A9:4C:06:01:AA:1B:5B:AC:45:D3:10
ValiditySun, 23 Apr 2023 00:00:00 GMT - Mon, 22 Apr 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65466)
Size
703 kB (702879 bytes)
Hash
d10a724455650cff2a445c209b23d637
3daa101accbe085bd5c24dfe7826c9c614d1fc05
3016c955e4fef623c3f6fe616cbd231f8245935b77437f97a810ddcc106b27a8

HTTP Headers

GET /renderforest/static/icons-js/builtIcons_4.js HTTP/1.1
Host: static.rfstat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 28 Feb 2024 16:30:50 GMT
content-type: application/x-javascript
last-modified: Wed, 08 Sep 2021 11:52:00 GMT
etag: W/"d10a724455650cff2a445c209b23d637"
cache-control: public, max-age=31536000
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CIhl9uKOnzaa5WiivRilX_FrnPHhSLYGKOa19a_KI__T5kMRdpzTvw==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2FHMh8OkocDJVByxKzdqEFI2RSyRyhhdhT2XgRYJLKK3yZVD0NWtfFDKAPcnJMwEQzbgvR8al1Upl%2FCGPvUBfAjI%2Fq8UVdpLO9jx9CPm885F086OGG7e6SgRTOP0KuYkPNb%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85ca0deaac9156b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://expired.renderforestsites.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Feb 2024 01:16:17 GMT
expires: Sat, 22 Feb 2025 01:16:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
age: 486873
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

216.58.207.227

200 OK

7.8 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://expired.renderforestsites.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Feb 2024 03:42:33 GMT
expires: Thu, 27 Feb 2025 03:42:33 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
age: 46097
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET expired.renderforestsites.com/bundle.js

52.40.176.255

200 OK

114 kB

URL GET HTTP/1.1
expired.renderforestsites.com/bundle.js
IP
52.40.176.255:443
ASN
#16509 AMAZON-02

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerLet's Encrypt
Subject*.renderforestsites.com
FingerprintE3:98:89:68:B3:A2:51:F3:27:50:04:90:42:91:12:79:04:59:FA:D7
ValidityThu, 22 Feb 2024 04:29:17 GMT - Wed, 22 May 2024 04:29:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65472)
Size
114 kB (114469 bytes)
Hash
347c483325f531f6634908c163346333
1bebe8435bab7f3e466b017d7746059bfa96bb57
dbf41624bc1f9926afe9f2d695d79cb8ce286b0afc7bdabf8cd1f162a419d231

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bundle.js HTTP/1.1
Host: expired.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 28 Feb 2024 16:30:51 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 05 Jan 2022 08:42:24 GMT
ETag: W/"347c483325f531f6634908c163346333"
X-Cache: Miss from cloudfront
Via: 1.1 59e4792b9d6184bfa491a317b36590d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SEA900-P1
X-Amz-Cf-Id: RRZSHJMsmV8461BnUSD9Tcmusq1_eVaiD3bNJ-iWSCOZqtTyTXi1dg==
Cache-Control: max-age=2678400
CF-Cache-Status: HIT
Age: 6596
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puNSivIMbolx3uk11DSCidYW4SJ1v%2FgVhVdB0%2FvyWkHBiXphtuPGy4HN%2FYnDBKCf3ly6Cm71ZHCaoRyvNI1S0y6hZ%2FzvF3bnGEvAr7KatimX%2FQMAhhKjPzcY7wiGkKQ1HB%2B3IVFPE%2FCVZHshbbmddg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 85ca0df1ce17c4c8-SEA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400
Hosted-By: renderforestsites.com

GET static.rfstat.com/renderforest/images/website_maker_images/logo/rf_logo_white_1.1.0.svg

104.26.5.228

200 OK

60 kB

URL GET HTTP/2
static.rfstat.com/renderforest/images/website_maker_images/logo/rf_logo_white_1.1.0.svg
IP
104.26.5.228:443
ASN
#13335 CLOUDFLARENET

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintD9:80:41:E2:CD:32:96:8C:3C:A9:4C:06:01:AA:1B:5B:AC:45:D3:10
ValiditySun, 23 Apr 2023 00:00:00 GMT - Mon, 22 Apr 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
60 kB (60388 bytes)
Hash
6c0a3ddf39005b22a41afe1f6a03d1d2
10a207c4665a80c215dd425fb83b49d7c7ce623b
74acdaade83568e30da4690b63c4003d77fcc20112bab4a907c29cd3ecac917a

HTTP Headers

GET /renderforest/images/website_maker_images/logo/rf_logo_white_1.1.0.svg HTTP/1.1
Host: static.rfstat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 28 Feb 2024 16:30:50 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Feb 2021 07:33:23 GMT
etag: W/"6c0a3ddf39005b22a41afe1f6a03d1d2"
cache-control: public, max-age=31536000
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5qAIdA8jt231s0-C4KtM6otWUuoJUcjbOq2XkYjmAYWZC1nI5qNccg==
age: 4417395
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eb0DZ%2FhSAc%2BgCZdiir8haTdcVDjv8%2BuSGN7Hodt4aLAJhA362D8ZG3z2BMVNTj9ylMKKnJ7iTMw6QOsxadZbJf3Wh9lrI1uIJaCVpZow1k3UT7YMZR8k7J%2FLO%2Fz%2BjgXsdB2h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85ca0deaac9356b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET expired.renderforestsites.com/favicon.ico

52.40.176.255

404 Not Found

564 B

URL GET HTTP/1.1
expired.renderforestsites.com/favicon.ico
IP
52.40.176.255:443
ASN
#16509 AMAZON-02

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerLet's Encrypt
Subject*.renderforestsites.com
FingerprintE3:98:89:68:B3:A2:51:F3:27:50:04:90:42:91:12:79:04:59:FA:D7
ValidityThu, 22 Feb 2024 04:29:17 GMT - Wed, 22 May 2024 04:29:16 GMT

File type
HTML document, ASCII text
Size
564 B (564 bytes)
Hash
393f085ca4598a740a704cdbea357dd6
b339bab576ab497ff92e70c0a1f9003b528c7df6
c640ad19b6011a792e8b9d95f13490db9101df3e5b35f348e0982dba94a88b90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: expired.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 28 Feb 2024 16:30:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 26 Jun 2019 11:47:36 GMT
ETag: W/"393f085ca4598a740a704cdbea357dd6"
x-amz-error-code: NoSuchKey
x-amz-error-message: The specified key does not exist.
x-amz-error-detail-Key: pubsites/expired/favicon.ico
X-Cache: Error from cloudfront
Via: 1.1 9257f9c4051fe8bd6cc4a09855b66350.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SEA900-P1
X-Amz-Cf-Id: YZ0EeDvdRLNbFtTalCfSX-TGPD-w9bu5TzQxSlgRo_ruNG7Br_L3Pw==
Cache-Control: max-age=2678400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fbAyJNeifaGD5IErNH1zyqUJkuOKHg6bbcjQ%2BS0AQ8Swp7vPxFlw164lprcDh1h9LEuyZyArO%2FixERP710RcrJRsyEmh2yXwhXfc7pHPdaVSXqeCr5%2Bdca%2BgcQZqLhYBno%2FTC2t49PIfWD11S9KCNg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 85ca0df7fa3927a7-SEA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css2?family=Bodoni+Moda:wght@700&family=IM+Fell+English+SC&family=Kurale&family=Libre+Baskerville&family=Prata&family=Zilla+Slab+Highlight&family=BioRhyme&family=Space+Mono&family=Staatliches&family=Fredericka+the+Great&family=Overpass&family=Caveat+Brush&family=Asap&family=Abril+Fatface&family=Alice&family=Cardo:wght@400;700&family=Chelsea+Market&family=Eczar&family=Great+Vibes&family=Lato:wght@300;400&family=Merriweather:wght@400;700&family=Monoton&family=Montserrat:wght@300;400;500;700&family=Mukta&family=Open+Sans:wght@400;600&family=Oswald:wght@700&family=Pacifico&family=Parisienne&family=Permanent+Marker&family=Philosopher&family=Playfair+Display&family=Playfair+Display+SC&family=Poppins:wght@300;400;700&family=Raleway:wght@300;400&family=Roboto&family=Roboto+Condensed:wght@700&family=Roboto+Slab:wght@700&family=Rubik:wght@300&family=Russo+One&family=Slabo+27px&family=Special+Elite&family=Titan+One&family=Ultra&family=Rubik+Mono+One&family=Amatic+SC&family=Andika&family=Josefin+Sans&family=Cinzel&family=Fauna+One&family=Sacramento&family=Yeseva+One&family=Quicksand&family=Homemade+Apple&family=Roboto+Mono&family=Rye&family=Black+Han+Sans&family=Fredoka+One&display=swap

142.250.74.106

200 OK

150 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Bodoni+Moda:wght@700&family=IM+Fell+English+SC&family=Kurale&family=Libre+Baskerville&family=Prata&family=Zilla+Slab+Highlight&family=BioRhyme&family=Space+Mono&family=Staatliches&family=Fredericka+the+Great&family=Overpass&family=Caveat+Brush&family=Asap&family=Abril+Fatface&family=Alice&family=Cardo:wght@400;700&family=Chelsea+Market&family=Eczar&family=Great+Vibes&family=Lato:wght@300;400&family=Merriweather:wght@400;700&family=Monoton&family=Montserrat:wght@300;400;500;700&family=Mukta&family=Open+Sans:wght@400;600&family=Oswald:wght@700&family=Pacifico&family=Parisienne&family=Permanent+Marker&family=Philosopher&family=Playfair+Display&family=Playfair+Display+SC&family=Poppins:wght@300;400;700&family=Raleway:wght@300;400&family=Roboto&family=Roboto+Condensed:wght@700&family=Roboto+Slab:wght@700&family=Rubik:wght@300&family=Russo+One&family=Slabo+27px&family=Special+Elite&family=Titan+One&family=Ultra&family=Rubik+Mono+One&family=Amatic+SC&family=Andika&family=Josefin+Sans&family=Cinzel&family=Fauna+One&family=Sacramento&family=Yeseva+One&family=Quicksand&family=Homemade+Apple&family=Roboto+Mono&family=Rye&family=Black+Han+Sans&family=Fredoka+One&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint48:72:AA:F2:E2:69:76:76:93:18:78:2B:17:6E:20:5F:DF:87:66:5C
ValidityMon, 05 Feb 2024 08:19:19 GMT - Mon, 29 Apr 2024 08:19:18 GMT

File type
ASCII text, with very long lines (1116)
Size
150 kB (149876 bytes)
Hash
e62c2526306ab71112199c1e5897e62e
7ef56038bc2511e6b422f5a93f5ede30972f3655
518e5882b15c0f9c8fb20c8bf111ebc78f8ce6a993ad19650ae7b28b12205f56

HTTP Headers

GET /css2?family=Bodoni+Moda:wght@700&family=IM+Fell+English+SC&family=Kurale&family=Libre+Baskerville&family=Prata&family=Zilla+Slab+Highlight&family=BioRhyme&family=Space+Mono&family=Staatliches&family=Fredericka+the+Great&family=Overpass&family=Caveat+Brush&family=Asap&family=Abril+Fatface&family=Alice&family=Cardo:wght@400;700&family=Chelsea+Market&family=Eczar&family=Great+Vibes&family=Lato:wght@300;400&family=Merriweather:wght@400;700&family=Monoton&family=Montserrat:wght@300;400;500;700&family=Mukta&family=Open+Sans:wght@400;600&family=Oswald:wght@700&family=Pacifico&family=Parisienne&family=Permanent+Marker&family=Philosopher&family=Playfair+Display&family=Playfair+Display+SC&family=Poppins:wght@300;400;700&family=Raleway:wght@300;400&family=Roboto&family=Roboto+Condensed:wght@700&family=Roboto+Slab:wght@700&family=Rubik:wght@300&family=Russo+One&family=Slabo+27px&family=Special+Elite&family=Titan+One&family=Ultra&family=Rubik+Mono+One&family=Amatic+SC&family=Andika&family=Josefin+Sans&family=Cinzel&family=Fauna+One&family=Sacramento&family=Yeseva+One&family=Quicksand&family=Homemade+Apple&family=Roboto+Mono&family=Rye&family=Black+Han+Sans&family=Fredoka+One&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Feb 2024 16:30:50 GMT
date: Wed, 28 Feb 2024 16:30:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET hosting.renderforestsites.com/5699226/619546/media/c561fde354a91788fa5ff182dd736f49.png

104.21.94.97

200 OK

57 kB

URL GET HTTP/2
hosting.renderforestsites.com/5699226/619546/media/c561fde354a91788fa5ff182dd736f49.png
IP
104.21.94.97:443
ASN
#13335 CLOUDFLARENET

Requested by
https://expired.renderforestsites.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrenderforestsites.com
Fingerprint7A:D5:30:AD:97:41:4C:65:72:71:ED:CE:65:9E:94:C7:08:DC:0F:AF
ValidityTue, 02 Jan 2024 04:50:13 GMT - Mon, 01 Apr 2024 04:50:12 GMT

File type
PNG image data, 700 x 714, 8-bit colormap, non-interlaced
Size
57 kB (56775 bytes)
Hash
46259953fce2140950c9d449faa522c7
cdc56e10afb80970021081dd35a987799b62652f
8a89d629cd0d8fe6f7fcf79ceaf0264e8904329e63b5693bb1c62b9ebf9af5c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5699226/619546/media/c561fde354a91788fa5ff182dd736f49.png HTTP/1.1
Host: hosting.renderforestsites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://expired.renderforestsites.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 28 Feb 2024 16:30:52 GMT
content-type: image/png
content-length: 56775
last-modified: Fri, 16 Jul 2021 11:53:59 GMT
etag: "46259953fce2140950c9d449faa522c7"
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lVz0eeXwpynaYx3eJKUqYgQWeW1B-VsFQ3fm55DKEX__kAmjMsN0oA==
cache-control: max-age=2678400
cf-cache-status: HIT
age: 1231
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FJj0mtkh6RO%2F49zShnsHoSS0Qfl62rAUgz%2FHc5AL%2Bn4NfYmZtoaRpuW0psqF0pJXvZQ7UKkE7u%2Bqgud539bkBKusRK%2Fm81vtgG4wsx6iSYIc0hzrkDGDYt4QjUz6nBhKQfcUcbrSscgG3WQVNc%2FNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85ca0df71c6056ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash