{"report_id":"6eba5720-0aba-4e14-809a-5fca8bb6dfcf","version":6,"status":"done","tags":[],"date":"2026-01-04T15:59:59Z","url":{"schema":"http","addr":"register-fafo.live","fqdn":"register-fafo.live","domain":"register-fafo.live","tld":"live"},"ip":{"addr":"104.21.53.171","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"register-fafo.live/","fqdn":"register-fafo.live","domain":"register-fafo.live","tld":"live"},"title":"$FAFO Airdrop","dom":{"size":262549,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"d771dbbe6a1baad209ccf6320315aae9","sha1":"f60d86e88aaeeb6e961861a7345db6fa03973be2","sha256":"97f83e250b1c10173479773ff3d7711b545102752ed39b64fa8d5906dc1710c0","sha512":"ff21667e412e8756ee55424e4b88e7ce800fe34fa405d3b783844844bc50aab93cae8e8d63fc6db3b6803ddd2010137cfbdee4adc8ff8c36a269702b777d2f8e","ssdeep":"1536:FlnkwVjyouo6NvHAO6pFKo00pJPzuwgh/kPxhw3RyATcuQZrG+PFhtYvJitqZUqI:Fln5youo6NqVnzIkPxhgRyqcuwG+/","tlshash":"fa44d92a167315547a1bc11c1bfd17c5e220594bee8adc6c7ade2e804fc72bcb496ec8","dom_hash":"domhash0e80e654f7c1938fcf15890c50e7ce06","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"register-fafo.live","fqdn":"register-fafo.live","domain":"register-fafo.live","tld":"live"},"ip":{"addr":"104.21.53.171","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-08T15:59:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":1,"received_data":10794,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"likely-food.fontmaxplugin.cc","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":12,"request_count":4,"received_data":678866,"sent_data":1942,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"register-fafo.live","ip":{"addr":"104.21.53.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-04T16:00:00.528007Z","last_seen":"2026-01-04T16:00:03.349699Z","alert_count":0,"request_count":1,"received_data":316163,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"register-fafo.live/","fqdn":"register-fafo.live","domain":"register-fafo.live","tld":"live"},"ip":{"addr":"104.21.53.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"261fa5f948bd99fdf005f80595805744","sha1":"51d57156b1974322b3ba8542f48893082199d5e1","sha256":"1dcf3b0e1f92d593867169c5ee26771d2f3b77f552eee6c73beba961b91d61b7","sha512":"532ff30dfdd593068e7afc5f98cb1bc72408e594f297911c0a7c590c97a2ed6be6b91981322dfe3b3e90f21241404ae8692139732372f119279dbdf29f3ae429","ssdeep":"","tlshash":"a6015927222233707ce9d5dca8b6dd8e39bb501ae40a0090a09f944d1834bc644f7bec","size":847,"data":"","first_seen":"2023-03-07T01:03:07Z","last_seen":"2026-06-07T04:19:30.117869Z","times_seen":3602,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"likely-food.fontmaxplugin.cc/_nuxt/assets/index.js","fqdn":"likely-food.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"89abe9488d4f35cb12db177dc2630fa6","sha1":"8c38409f6e0c487b93ba9189f8e4e0344f4e11d9","sha256":"03c05f06e89bafa8807ca12537fffe4ed84bd0ab5dc88a86da15c9dc4ca05493","sha512":"796781dd8143c251e10eecbc685bd2b56da45acf2e8ef5584436c538772315eb4ccdbb773d3efa9f9ebf852eb253ee3f635b291f695e979fff9d3156affc1758","ssdeep":"12288:+u5Oe9uZs/7WS9+OQvR/THhNspgSqGPHKnjWJQt:h5p9u6/v+eiVnjWJG","tlshash":"37e4f9b3d06660e435757ed9ace02cb20def6470c80a1876a14fd9f7ef2286563e2e51","size":674454,"data":"","first_seen":"2025-12-31T23:15:32.728486Z","last_seen":"2026-01-05T03:38:25.622957Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"register-fafo.live/","fqdn":"register-fafo.live","domain":"register-fafo.live","tld":"live"},"ip":{"addr":"104.21.53.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"9954e43674af578668a6e7b70192de02","sha1":"81ac1165ee69ecf84d725b6139165db25020e227","sha256":"0429402c6513f8388d21119f3a44b48b23ff427de091821ee1661a99d85ecfc4","sha512":"4114b4445bd29316e45e15d19d39fc794b559dc19228a83af89895266ba9a39c6322e4864c5239e607bd2bd855b4de7f9ef62d75a46951802bb4816a3dfacc7c","ssdeep":"12288:Mr3BaFzmHp/5iqGd/hlZNi/a/s0mNyJVwlRQ:Mr3Ba0H3i6AJJVwlRQ","tlshash":"e9d41835e06624e9347a51ee7cc424c65e2f6870c4ce1e7ae19cd1f7ef22d6252a6f20","size":645721,"data":"","first_seen":"2025-12-31T23:15:32.740933Z","last_seen":"2026-01-05T03:38:25.622152Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://register-fafo.live/","date":"2026-01-04T15:59:35.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://register-fafo.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 04 Jan 2026 15:59:35 GMT\r\ndate: Sun, 04 Jan 2026 15:59:35 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-06-13T17:36:49.813069Z","times_seen":30185,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":78,"dns":1,"connect":7,"send":0,"wait":19,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"likely-food.fontmaxplugin.cc/api/is-banned","fqdn":"likely-food.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://register-fafo.live/","date":"2026-01-04T15:59:35.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 11:56:15 GMT","end":"Tue, 31 Mar 2026 12:53:57 GMT"},"fingerprint":{"sha1":"D6:83:D3:47:74:B7:E6:E8:64:9F:3A:41:17:FB:3D:04:E3:31:CD:3A","sha256":"B2:34:93:2F:CD:A1:EE:01:BA:D9:22:2A:A0:39:00:C1:F8:DB:B3:73:29:23:8A:62:B5:3B:7A:FB:4B:52:53:83"}}},"request":{"raw":"GET /api/is-banned HTTP/1.1\r\nHost: likely-food.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://register-fafo.live/\r\nOrigin: https://register-fafo.live\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 15:59:35 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncache-control: private, max-age=300\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FzKOnezEgB0JJcOH5CN8V84VizvAnIP7QXL700GhyAJs0qaJhZcWOU7NXQPVd7kSjzbf%2FrSjq%2FsNmVqz%2FZK1FiOAHnUa7yxQ0X6%2FOLmlC0DH3li429U0rDC6\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8bf1a52c90569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"application/json","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-06-13T17:06:50.048921Z","times_seen":114860,"resource_available":true,"data":null}},"time_used":289,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"likely-food.fontmaxplugin.cc/api/config","fqdn":"likely-food.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://register-fafo.live/","date":"2026-01-04T15:59:35.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 11:56:15 GMT","end":"Tue, 31 Mar 2026 12:53:57 GMT"},"fingerprint":{"sha1":"D6:83:D3:47:74:B7:E6:E8:64:9F:3A:41:17:FB:3D:04:E3:31:CD:3A","sha256":"B2:34:93:2F:CD:A1:EE:01:BA:D9:22:2A:A0:39:00:C1:F8:DB:B3:73:29:23:8A:62:B5:3B:7A:FB:4B:52:53:83"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: likely-food.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://register-fafo.live/\r\ncontent-language: en-US,q=0.8;en\r\nOrigin: https://register-fafo.live\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 15:59:35 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B1zp%2F7LdpwzzAUQTrghuefPO7xRMyzcNrjCfWHrL6mUruy4KJ3PTMCLYSPq4d%2B5mGWXJEO9ekHtlLueWhj4WFtFWcWwjke82Tfh%2Feip6eYTRBN%2BlXFbVLJkh\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b8bf1a52c91569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":211,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"b92840d7505dabb30b324bb69ee6cb81","sha1":"61cdaeb0f17fb8ecad7cc34af5890a58b1ff56d3","sha256":"8b9a684d32b09e9769f21f7fa4f25ba574ff351669f721a266e8d42c25df64c9","sha512":"3f523e2eefdbd1797984de852f1f6ce8fabcc682e060c4f4a22e9c150083cd5991c2268d36623b8076d8faed82f60c3776f0b2ea9bcbff343238db7f73fa5c41","ssdeep":"","tlshash":"c6e0260e99836b6a96e94573aa261589918747c43e34b888912fc222fc2fd0460bc920","first_seen":"2026-01-04T16:00:06.609847Z","last_seen":"2026-01-04T16:00:06.609847Z","times_seen":1,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"likely-food.fontmaxplugin.cc/api/visit?origin=register-fafo.live","fqdn":"likely-food.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://register-fafo.live/","date":"2026-01-04T15:59:35.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 11:56:15 GMT","end":"Tue, 31 Mar 2026 12:53:57 GMT"},"fingerprint":{"sha1":"D6:83:D3:47:74:B7:E6:E8:64:9F:3A:41:17:FB:3D:04:E3:31:CD:3A","sha256":"B2:34:93:2F:CD:A1:EE:01:BA:D9:22:2A:A0:39:00:C1:F8:DB:B3:73:29:23:8A:62:B5:3B:7A:FB:4B:52:53:83"}}},"request":{"raw":"POST /api/visit?origin=register-fafo.live HTTP/1.1\r\nHost: likely-food.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://register-fafo.live/\r\nOrigin: https://register-fafo.live\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 04 Jan 2026 15:59:36 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7Dmx6Yv0%2FTVf1sfRTUToTmUYb3u5WlgwgqI2O7PJRUzmB6uvEtPyPlbA9tCgZ0fFDjIuaPoUsTfO8bn73ON2i6HmOs%2BLcFxRc%2BCecPvYzwXZt1DDH5gkS2WJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b8bf1a61da256b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-06-13T17:32:07.172553Z","times_seen":425336,"resource_available":true,"data":null}},"time_used":788,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":787,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"register-fafo.live/","fqdn":"register-fafo.live","domain":"register-fafo.live","tld":"live"},"ip":{"addr":"104.21.53.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-04T15:59:33.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"register-fafo.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 04 Jan 2026 00:45:54 GMT","end":"Sat, 04 Apr 2026 01:44:25 GMT"},"fingerprint":{"sha1":"25:F1:7D:84:B0:82:53:1F:90:D6:6D:67:DC:5F:75:18:39:F4:7C:BD","sha256":"F5:E8:DD:1B:CE:3B:7D:1F:2F:CB:A8:62:EC:FB:CE:D2:E0:CD:46:18:42:75:17:F1:22:F4:28:9C:E2:18:93:21"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: register-fafo.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 15:59:34 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Sun, 04 Jan 2026 01:37:17 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aFQND%2BXE9dMNOsgDRbEwxTNPl8XEyutj6ykBe7t7XB4lKRSAO4%2FJRY%2F8rMHoce2GfhX54bwF7iIO7fCNoSyI3E1gRnFn10rXIPD8tQEg3ygq0A%3D%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9b8bf19d3fcb35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]}],"data":{"size":315319,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (7596)","md5":"0678d754374f5e4e214476368763971c","sha1":"d190285347fdb465ba1c35797f6bb5b2739db097","sha256":"f6fac9237b0e32c46c05586747913bff0af75d2241470d8d22e7f11fd1d48b59","sha512":"7f2b2df6be1f8aa435672d5a38e7c5073ca9b14006fb21373e3ee9a1314c202b8ad94452a8e187986f78119094e8ba153c79d3da3aa6d48a5378b5edffec0f10","ssdeep":"3072:ucfceAEs2c6cJZj5yoCo6NKVnzIkPxhgRyqcuwG+D:ucfceAEs2c6cUoRzIkPxhgRyqcuw/D","tlshash":"af641a2d16731554ba1fd11c1bfe17c4e2244a47ee86dd9c7ace2a804fd62acb493ec8","first_seen":"2026-01-04T16:00:06.613417Z","last_seen":"2026-01-04T16:00:06.613417Z","times_seen":1,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":46,"dns":24,"connect":5,"send":0,"wait":269,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"likely-food.fontmaxplugin.cc/_nuxt/assets/index.js","fqdn":"likely-food.fontmaxplugin.cc","domain":"fontmaxplugin.cc","tld":"cc"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://register-fafo.live/","date":"2026-01-04T15:59:34.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontmaxplugin.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 11:56:15 GMT","end":"Tue, 31 Mar 2026 12:53:57 GMT"},"fingerprint":{"sha1":"D6:83:D3:47:74:B7:E6:E8:64:9F:3A:41:17:FB:3D:04:E3:31:CD:3A","sha256":"B2:34:93:2F:CD:A1:EE:01:BA:D9:22:2A:A0:39:00:C1:F8:DB:B3:73:29:23:8A:62:B5:3B:7A:FB:4B:52:53:83"}}},"request":{"raw":"GET /_nuxt/assets/index.js HTTP/1.1\r\nHost: likely-food.fontmaxplugin.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://register-fafo.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://register-fafo.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 04 Jan 2026 15:59:34 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Wed, 31 Dec 2025 17:16:51 GMT\r\netag: W/\"69555a83-a4fc6\"\r\ncache-control: public, max-age=300, must-revalidate\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1G3yr0r%2BuElUxsTbiyTT3Fsh2Omu8rtSwM7FkS4uEnUfQYmu6sKq8pwd14KIh%2BU4pEGRB3bQbGPdV1MirlChx%2B1Ep447V%2FWgFg3LkL1nLDFx%2BJXCOGfoQ9dO\"}]}\r\ncf-ray: 9b8bf1a0b899569d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":675782,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (57266), with no line terminators","md5":"ae90828f993d3076f992aef878301270","sha1":"3945b23ce3b1491912879a1595ba77a3cc6c3ee1","sha256":"e55e79be1e40318fcaf9280d5bde76b215de0fa643bf95b227b905d5d05b0231","sha512":"a52cbe9c83cab338ab8d207c6610604cd925e9a4ff353bd799f4105e14280b5f4c057886542e87cc96269ee75c91bca1e2faf86a5e4bc2bbb017d372232d6fbe","ssdeep":"12288:+vE5qkLe9uZs/7hS9+OQvR/THhNspgSqGPHKnjWJQt:9C9u6/C+eiVnjWJG","tlshash":"5ae4eab3e05662e434717ed9acd02cb21cfe68b0c80a5d76a24bd9f6df11c6163e2e51","first_seen":"2026-01-04T16:00:06.61541Z","last_seen":"2026-01-04T16:00:06.61541Z","times_seen":1,"resource_available":false,"data":null}},"time_used":388,"timings":{"blocked":53,"dns":42,"connect":1,"send":0,"wait":271,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-04","alert":"Sinkholed","trigger":"likely-food.fontmaxplugin.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}