| vaushaugremu.com/js/v-redux-toolkit.esm.js.fe3487ca.js | 104.21.62.103 | | 4.8 kB |
URL vaushaugremu.com/js/v-redux-toolkit.esm.js.fe3487ca.js IP104.21.62.103:0
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash5aa3676547abc9a38889c09e69ca968d d19ea919192e86f97c34c0a5959ad05c52299aec 21648e7ba668a077e403b6bd1a38f05d55d987737b959d57e3b3c53787107eb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-redux-toolkit.esm.js.fe3487ca.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-2c37"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BA51mCaSHsfX7tm1NOuQwV2BHiQd5cs%2F0g%2B5l6WzCo5uWwUeJsEgo6vdITaljqhySoirV8mNe3Rw%2BnP5eRZ61jCf6fHdR5gkqreV7G3qoOoaUZI4ms5gQpjhb9WiXhvYM4F%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa2b07b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=1251lp43n2ycgi5ooi352zcjpas3wrwb | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=1251lp43n2ycgi5ooi352zcjpas3wrwb IP139.45.195.8:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashc2b3a1bb4145e6bb8dc557ab6aa81f5c d52271d434d22bc31951e1c8de443318f65c68c5 9faa570cc663bac5d901c1d1d54aabe1105082d94c493cf5ab5abdf71cc3ab73
GET /gid.js?userId=1251lp43n2ycgi5ooi352zcjpas3wrwb HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1251lp43n2ycgi5ooi352zcjpas3wrwb; expires=Sat, 26 Apr 2025 07:28:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vaushaugremu.com/css/_core-survey.d3ac2ee0.css | 104.21.62.103 | 200 OK | 574 B |
URL GET HTTP/3vaushaugremu.com/css/_core-survey.d3ac2ee0.css IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeASCII text, with no line terminators Hash30d726a40ffe74d794b282ca1795b44c b43155653a1b9cc8d257687df9a75e0f204db348 4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"661f9116-54"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=76DbbnSGAK2sg9CH3WnvYl3RN%2B1tDFwyB716wO16IrUzojtrc4TXh0Tq28PfF67U7aJxKhuS%2B3UYcEpBfrZyjyH8ubCYxdM4qisjdcX40LB3CVHJGnv2n9jQYGSoOm5m2Xfi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa3b23b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/sweeps-survey.724f05c4.js | 104.21.62.103 | | 3.0 kB |
URL vaushaugremu.com/js/sweeps-survey.724f05c4.js IP104.21.62.103:0
File typeJavaScript source, ASCII text, with very long lines (5840), with no line terminators Hashafcbdd30c40158232aa9fd35cadd736d 182fca86a5225bb13e7bef3900f162997ee3688a 9f2d46ca99b67007947391db6e07142120b0ed2d0a4746f0ad3f1edc7c75c9e3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/sweeps-survey.724f05c4.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-16d0"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=axnavv6%2BHTJMFS2kKly44K7oV3yhaH2VxXTFjrHlqbg%2Fo6mYP%2BWyKG4y1mpnRFWUG69IdxQ9afxZaiyFM%2FH7N1mxlQANJqEwHV1eSRniTqxXmVN%2BYAmeGsprTtqHsXYxTp%2BH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa3b1bb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-12.webp | 104.21.62.103 | | 668 B |
URL vaushaugremu.com/img/comments/person-sweep-12.webp IP104.21.62.103:0
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashc57b8a772545ee6e05fedb58c143beb1 6cb5aef79f86275a725cfdd406c7038b24d80aa9 03389ef007f0fd3486a5c71848fd2b67cc05341cf449bcdd34a81a1d4048b090
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-12.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 668
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-29c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LAoW5yKs3dYjKz4Hsxib6MhxpkAMbR3S%2BJo3lXpXQpLd9w%2BmPZVTB4DPBs2jr8zVBOPZaTYk07Fk9OXH3Yp%2BzPNgfxWzmtzCV5UNgNpOo7Nyox7u2NGMkKMDAHaMhjGreYJ4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e1ab51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-15.webp | 104.21.62.103 | 200 OK | 576 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-15.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash6c0726564aa84c5f1161bd0051e0c5e0 6df7e7122e0d007e7ea187c3c35fbc869f8ef8e5 98ff0218f67c0bce5c834a0145c686f56d3a7ca1b948341a3181739da66883b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-15.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 576
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-240"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1AoXY7ykMzBrRdFKap70zOGj6PdPCEFxgW3EsUgOler%2FtBEcSo6EvgbOBg6F4So3BrNOAc7YYLb5CEDtirZU5zeYVafAr3BJQIp7iqMDzFR641aSF1gaDSdYt861vNEjGYtf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad5e21b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-length: 0
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/zone?&pub=0&zone_id=5866071&is_mobile=false&domain=vaushaugremu.com&var=7359383&ymid=694025&var_3=807625068294447976&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest | 139.45.197.251 | | 0 B |
URL ofklefkian.com/zone?&pub=0&zone_id=5866071&is_mobile=false&domain=vaushaugremu.com&var=7359383&ymid=694025&var_3=807625068294447976&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest IP139.45.197.251:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=5866071&is_mobile=false&domain=vaushaugremu.com&var=7359383&ymid=694025&var_3=807625068294447976&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-length: 0
x-trace-id: dafcfd23123b5f376bd812fac1c48730
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| vaushaugremu.com/js/SweepHeader.b279c2bf.js | 104.21.62.103 | 200 OK | 1.4 kB |
URL GET HTTP/3vaushaugremu.com/js/SweepHeader.b279c2bf.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (1009), with no line terminators Hash0fe439de7df51eacd129903e89a15baa cd04958d3fa581e73b01c27ea41d97d5a430d75f b79bec35661387c45718f5592adf5634587c228d85d45c3b5139bac73214bdf9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/SweepHeader.b279c2bf.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-3f1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BbEmdBWnneF4s02R14URhVQDuN7BCzXZBu05NGFDd9Z9Ckj5uU5GqX%2B1ROyV6VR3W3xap%2BoS7H4Plt6djTzvsrG7R1uuvbuMxbS7OwugsrMyHbxT7iUTVw%2Bqvz1%2BFaYPoM2X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac6d25b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-attributes-to-props.js.a2e7cd04.js | 104.21.62.103 | | 1.0 kB |
URL vaushaugremu.com/js/v-attributes-to-props.js.a2e7cd04.js IP104.21.62.103:0
File typeASCII text, with very long lines (702), with no line terminators Hasheb57bdb06e45aff1918587283bf415aa 27d660f01e5c888c9d38a6f784ee2f4458d7d89f ecdd5f30b2bd16e4aa0274c6fce3d598419837aa257c285f2e6d18ac5df9ce0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-attributes-to-props.js.a2e7cd04.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-2be"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOuVcP1VTIXI%2FF43n1jY%2FCvisXixhsXiOknf9RTMmAOCQEpSPxYMVdBz%2B%2B0LZbDfPBl3KbWg4rjN%2BIxaMSl%2FDIORq%2BWGIS9Pl53r9yW%2F%2Bu9W5eJMKiLDWt4uEKxF2PgY8MCk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac8d48b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/SurveyContainer.e2959212.js | 104.21.62.103 | 200 OK | 15 kB |
URL GET HTTP/3vaushaugremu.com/js/SurveyContainer.e2959212.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (57003) Hash1716bf0d79004adf0eb2cdcd64159891 67852b096bcc8817fb0b9b98abf264e40a59310c 56cd17eb9def743ef4bc4909a6eacb77266b749181cfcaec4d478336b1c6ff21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/SurveyContainer.e2959212.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-defd"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6sRoXUSWkI4nE9WJOTLD5JHWS5dH1xsf6jG%2BHg%2F%2FBbE%2FHowwT9jf4sTq6D0O%2FFyzkMlRN8Yq1OfRYwPqaVetk1EQyurXEjUNzjHHSZslWpuOgfIaQutvtYuwlPCihwnEWcja"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac8d53b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-4.webp | 104.21.62.103 | 200 OK | 800 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-4.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashb1c95558f71bd6614c52433c225b6a28 7c903c12b48199ac1e1b3c8846baf12693b97a28 8e5987af9fd886b03617f6e4980035a877697b9ccdeb9f002c41baa1d6ee8912
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-4.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 800
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-320"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uLv1KCOF4r80AUHlOL88Grlfx5TkvkDkBdPgfVFFRkybVm82bNpmj8nos4DkTh6EpiolyifkjPfxOh3fkBqshBQFUs1a8wSGF33P2r5Bq1Nv7%2FBbNIFYqRrcEPdjwe3Ocng9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e0db51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/config/sd/sd-95600223-en.js?v=10 | 104.21.62.103 | 200 OK | 2.1 kB |
URL GET HTTP/3vaushaugremu.com/js/config/sd/sd-95600223-en.js?v=10 IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (3614), with no line terminators Hash2e64d351b8602f4045f7cf72772aa34b 889f86bc5605c63312bb4700eb61ecf2f30d7301 dcc2b1a957a8270e7013089038ad6a29e69a0f92a0cc81ed291307f29ea3d44e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/sd/sd-95600223-en.js?v=10 HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-e20"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9uQSBaoTUe9rplfNl181qeN7k7g7Zt9xpmHWyT6WIOA4pkp1xfcrKCnFRrFjXeXdMRW4TiAfqNol0xLbGcUxdN3IK%2F7wyJX5Xnnowc8Fk7NDIXPnvQVuzQnbykXrDrLBSW90"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daab5c2ab51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-7.webp | 104.21.62.103 | | 610 B |
URL vaushaugremu.com/img/comments/person-sweep-7.webp IP104.21.62.103:0
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hasheb52e160b8ea5a1e0de8b2453f46d642 4d28311b4ca822a0a74e318c9d1f54def088b509 2e9c67781abf2cfbabb240bfd08ca836658063849f3303b85027203eec1d37c5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-7.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 610
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-262"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KTe%2FrMAXe1Dt8%2FL20m3jjXKEGgaI%2F7lZucKG%2BeSNuMReTIw6r%2BZpG95jbLB%2FFq4I9UiUmVcuPGDbdvHVpArVwmJe1%2FzVNfYPlZOOzpBvfFLcgO2dVzCRyWwX2%2B1YInYfWJIv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e14b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-6.webp | 104.21.62.103 | | 462 B |
URL vaushaugremu.com/img/comments/person-sweep-6.webp IP104.21.62.103:0
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashdfb961fdb848e75591268fde9c186902 2218e96a5c5081f5bef43fda74fd8f0cbb025003 4cf92de9b24fb1484bc1d97880c20589e113b9b1f065df1963e0648f3a38474d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-6.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 462
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-1ce"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2FZZcr%2Bm%2FFqcDmJVxKOJNvWEHsXawTWh3xh6tivc7W3%2B7e3UzUAmKU0kFHjbQ%2B4nDm%2FUjme48A90rOoSgpFi7BEVh2oe%2F1Tlsa1ZNP5WJdMN0n6raqp2CQrL0I6ov0XIhIRC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e12b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js | 104.21.62.103 | | 776 B |
URL vaushaugremu.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js IP104.21.62.103:0
File typeJavaScript source, ASCII text, with very long lines (330), with no line terminators Hashf23ca32d86f4a0e4179319172a667c74 a68d98bd989ff8804424b8b38f2104f5b562e4b4 0d92eabc50682ed456954a64fdfad12a54b3da489957e9e70479724f5503752f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkLocalStorageAvailable.ts.f2fef93d.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-14a"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aQYr2V0mLvWDJGjSocrFI0uuVDDsUQFN3CEWtWPIFXmISbOawBSochpcU06gYr8R%2BxkMZ%2FTgxZCF260SUasya2Lowtnp7ldZKRdvNjR4e8L9Y0wMKLl%2FVvlZotoOMa5LAJNf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa2b03b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-9.webp | 104.21.62.103 | | 818 B |
URL vaushaugremu.com/img/comments/person-sweep-9.webp IP104.21.62.103:0
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hasha61b1f29004e5a54130bc57051a49c0d 7f60eef07e311b3598895343111d90282a002ea0 b3de11ad2ace70aa9786af4a9e65db774466fe25aca16e16dabdfa7ec76b0a53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-9.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 818
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-332"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ajnr2FIh%2FTo5y6TvG%2FMXVxBKwHcFMqU7hU4xpdvzy0Cd92MB5d56hHoAIEI4Uv%2BmxoL6BeA0hpX0%2BOCTZqqyRKrme7KKdKqPwAxkMkZlk%2BqhvBgrKcf31N41AU5EAYxQKN%2B5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e16b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/_core-survey.1b09882a.js | 104.21.62.103 | | 45 kB |
URL vaushaugremu.com/js/_core-survey.1b09882a.js IP104.21.62.103:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators Hash0190c361e1a4f2f7239f497544c5e616 27a6eae98d28880bd36f9024c7bdae0f41623a5c de932ff55d7e505890689d887ac80b2ca7bcfbd491f49445d0314c982bcb99a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_core-survey.1b09882a.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=169676
etag: W/"661f9117-296cc"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zmrTezDQbA3gSnNBsDuP%2BN8MJm%2BWSiwdkjcnLYO2Huv6Hc5xJFjSt2hiUTrgBoY09fZmjWypv1sNKKu1YnmokZeVSuxZjTyZjvaWPuOv86NDiGY2JmHoLbT1vwjeaYRn4z1x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa3b16b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-13.webp | 104.21.62.103 | 200 OK | 640 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-13.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash8532ec97225298a9c3ae5e393f62e462 fc26fa010830045fa91a16ac9b8c89c45bb35232 9c45568c99b7782b240341ba6729ecacc59d41a8ced9b9846ca4ac51e50c5320
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-13.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 640
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-280"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DxJhcBOpRYXRIy9G9Wk4DNuTsx%2FKkbqIXLVNhtJ7CIS4JgtLuFLbUrgP%2BriGr1RTipySszNtJuAajaw1hU%2F29JU1i2QARPbM5jY2iROwNGUwek9XpVvFo3CrZrFzRUqFrtPp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e1cb51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-16.webp | 104.21.62.103 | 200 OK | 734 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-16.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash0e8c55db8fda61ba2565a293b72e36e1 ef9deaad0f8a71da57252bcf543ea369673d39ff 79b1a144ec7d571b7a155cd2852da72e89b2954affca1448001e3fed2227cb34
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-16.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 734
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-2de"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUOEP%2BuvyzGEovcYwJ9ja0ZlviL7yNCl1j9Ot%2Feg6BaXxjI8QWkHV1TOYD9Z0s79HXsgKxoSK%2FQ2lBV%2F44mZzbvdu4OelsqflmeuL802MwEUIERzkzDyIDvDCiwxo5m5PCpR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad5e24b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP139.45.197.248:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-length: 0
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vaushaugremu.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js | 104.21.62.103 | 200 OK | 899 B |
URL GET HTTP/3vaushaugremu.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (330), with no line terminators Hasha1707fb484c103f2351843fcfb7028c4 43d3d0c0563335d6a9ba13a8920bdf7b70cea7bd bec32703d77fa5a512dd84399bdd43cb32735e483476e66d0eeb957a403c790c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkSessionStorageAvailable.ts.e8412d91.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-14a"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FhHqgQorTJZ4wh%2BUWhQUr0O%2FN1iNIeLZ4UAg3NKnQ%2BXodHZ2ulWbAZ357h7tru%2B3DD5el6ol%2BwAszFexbDVT4FrwadkrksVVTsM5NKl8I8iJ%2F8gTkaLXW1B%2FNpIrgtJ8TA7I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa2b00b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/s-storageService.js.bb9f7a22.js | 104.21.62.103 | | 1.3 kB |
URL vaushaugremu.com/js/s-storageService.js.bb9f7a22.js IP104.21.62.103:0
File typeJavaScript source, ASCII text, with very long lines (2170), with no line terminators Hasha804db09269d602a8a7a50877b60fc86 7aa84eb6c94037c3bfabdf407060ba7b9ca73ff3 f5e3a988f32cdcd8ccdff165e33a1807acdde6426cecbb464c315306ff5e6f6f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-storageService.js.bb9f7a22.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-87a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XyDU0Y3OU%2FfNxmdTCyHAy589F13xoZSWYlsbzxSZF56r2V1i4YMhq9SaVX2Y0b4s7xtfQx5AEnRY3EVF0HeFp5gZKVY%2Bn120iGR3n0EUSkG17f49LzMFFTAtddgylqbhh2h9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa2afeb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 804
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 5e3af66b2eebaccad454728ed40e678e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vaushaugremu.com/img/rain/confetti-3.webp | 104.21.62.103 | 200 OK | 7.4 kB |
URL GET HTTP/3vaushaugremu.com/img/rain/confetti-3.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image Hash6ffe537f32b7be06a870808ee94dadc5 598b8776ac199d0d8737969255c81da7c2cf16f2 e0ddaa01c812e3cdc7963b53edf9a53867a1930a7a566edeb872a0f36da94f7b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/confetti-3.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vaushaugremu.com/css/sweeps-survey.f5ae42b0.css
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 7428
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-1d04"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IFXSw35D5XplFvI6SO%2BEIqG%2B3DG3xtXs8O00uH5MLl1gf2cWN1SbU%2Fhmgof7BQIIt9mH%2B3InWgSZ2X3cRNokjkqPFtMgeCaa5ct1uLD0xSjVp1VHRr48D0JrXXQbRtCW%2FPME"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daae5f45b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-utilities.js.d1112fc4.js | 104.21.62.103 | | 1.5 kB |
URL vaushaugremu.com/js/v-utilities.js.d1112fc4.js IP104.21.62.103:0
File typeJavaScript source, ASCII text, with very long lines (2577), with no line terminators Hash18cb151303391373ec2138ce7f10bd7f c3d6fdc026a675d23ac14beebd3a46e3e72e9dc4 93cc28fc75a9cbc865ed918e1a8d139ecf52c3a7d9a2caef63ed7092f69ee142
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-utilities.js.d1112fc4.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-a11"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGKJWjXC6ZohFreTtdAi3SuQNrMNX1Ba7Z9fiZJD4d8SeLbuZh3wMgNZ%2Bfk%2BpUVTCMTuhhbl8yvINC1Pf5laZA7vFjyIVOS0wS6ZnmNb9Ism6%2FS1NGxEu%2ByLga3649LY5kjQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac8d3eb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/rain/confetti-1.webp | 104.21.62.103 | | 12 kB |
URL vaushaugremu.com/img/rain/confetti-1.webp IP104.21.62.103:0
File typeRIFF (little-endian) data, Web/P image Hasheb224b5a86e8c9f478bd6f2a8c3c53ac 0bdc5a91bb1c87fe55b023ee6cef886edb64967e e910f36c92776b4e4a415316307a6cbb4d4f039bb8d66dd094c7b90d76f6fa1c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/confetti-1.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vaushaugremu.com/css/sweeps-survey.f5ae42b0.css
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 11774
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-2dfe"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwGCj5hgdHjDKsLaEAUOvoPEGxzqiEHIHUK0ixeUoIPYuyskE96ccoROVpeBYUhm9K3lvg8qL2kkohg6HFm%2FOb%2BKc%2FKfvnzj%2BWRrISkgsb6fihr8GBQEzzB9Zd44s7bkhhu9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daae5f42b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/rain/confetti-2.webp | 104.21.62.103 | 200 OK | 4.3 kB |
URL GET HTTP/3vaushaugremu.com/img/rain/confetti-2.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image Hash483d298f3477d9b9a9ed85e2997eb888 52e1956082c558621f102ba813e7bdcee3fcb31d 24763cff62c7e5d6aa028e7bc528010333a062aef7c5682c2dfdc7bfbcece822
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/confetti-2.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vaushaugremu.com/css/sweeps-survey.f5ae42b0.css
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 4258
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-10a2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CPyDQOj0u82NO87svDwd26f68K7G6hdAR51CLEu8pYjMTbKl%2BL689PjN7%2Fx7tClx8JYrP6xRhCrrPoM5vBCYv1mDpgWJ%2FuYt%2FKJYbKoCyzjaJ8JP0YPNEgZRZXkPQ3%2BTFfcg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daae5f43b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-length: 0
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 885
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: c9dc3786cd7d6b39c39f86c5fb492ec4
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=2abf9cda-c719-49b0-b7ee-3be1421d1eb7 | 139.45.195.253 | | 12 B |
URL datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=2abf9cda-c719-49b0-b7ee-3be1421d1eb7 IP139.45.195.253:0
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=2abf9cda-c719-49b0-b7ee-3be1421d1eb7 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1697
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 26 Apr 2024 07:28:07 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://vaushaugremu.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-length: 0
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 2762
Origin: https://vaushaugremu.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 413cdd8185e3f5603d6c062ccd227d39
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vaushaugremu.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vaushaugremu.com/js/config/comments/en-sweep.json | 104.21.62.103 | 200 OK | 11 kB |
URL GET HTTP/3vaushaugremu.com/js/config/comments/en-sweep.json IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
Hash34fd116cfd6400f8aa25debb57f73719 10156ab51a9c0f1b1ec1f49c4993dfe25c2c609d 4ba9996bb189c0214098e767af678c6f9ecfc70edd78543b0ecc84e7793303c1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/comments/en-sweep.json HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/json
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-12f9"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6bm0nq1woApGiae2gg3pI27jZne3PfE4MjmmvgO7VQtCJRLUr7F6BYumLm1Yn8DQRW4dzUbthUfPUXNrvu7Ot9XSW8iyrzyoZE68990NMblu0rrYrpdbXLjhsGhrMPpSR9tF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac6d23b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/pfe/current/stattag.js | 104.21.62.103 | | 15 kB |
URL vaushaugremu.com/pfe/current/stattag.js IP104.21.62.103:0
File typeJavaScript source, ASCII text, with very long lines (19053), with no line terminators Hash3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/stattag.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-4a6d"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qfscHbrZB1%2B2jOK4RjwU00rA0FQeREoKJsv%2Bq3RfnARNzBATuIgWOhzF%2FwzNAImbMvRveRpKYqkSskLDQpjSm6iXPVHifaBQUrKikEWbSOaJrjjL%2F7Gl0QGe2JBFNOU7Cpj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac6d21b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/config/dict/cookie-consent-1.json?v=10 | 104.21.62.103 | 200 OK | 6.8 kB |
URL GET HTTP/3vaushaugremu.com/js/config/dict/cookie-consent-1.json?v=10 IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators Hash4b2ff958e811a50d2f641818590b443d 6abae297812bb55fad869e953e7fdf7469cbe1ae 9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/json
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XbobOXyLbaSZN4Dm3Zr6aNAzwmnptHCk64MQGkBBlJxXr0iUsGZpriF8QX1uDV3H1sMI6hcwbQupvh1%2Fz6QJKKZbIynG2uzKPIBxfDtDsmgPptIrOOZwP7dxs3azqoPwcirP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daab7c5bb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-html-to-dom.js.ff1ae7e0.js | 104.21.62.103 | 200 OK | 364 B |
URL GET HTTP/3vaushaugremu.com/js/v-html-to-dom.js.ff1ae7e0.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (373), with no line terminators Hash57f543d4f79657dc92755e2f2031da65 4884f924743049d7812b58958633a40f65e159b5 0fcc39a4a2b765b1ed92a6093fe6dc70e0a886914746f5af6fda6e3d1dc7417d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-html-to-dom.js.ff1ae7e0.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-16c"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lR4sux%2F7MlsDJCI%2FPm%2FKwtFBQh32dcxwRGGazp8NHDpMuVs1RcsGUEktIYLZaUnflBZcWphSu62oYRsN3pAjXMQj6Hb8XS0id5gZOVxhwhtzGDurOXWWFusRINi64ad8aVJI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac8d4db51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/_each-land-config.3299fec3.js | 104.21.62.103 | 200 OK | 72 kB |
URL GET HTTP/3vaushaugremu.com/js/_each-land-config.3299fec3.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65452) Hashe50959a36d50199dd1e5357099e71a21 e9bde06c83f10ac6300701792180dc50c298e79b 231a989a44135e73887bfa3a1a56a6205e7e00a00f746976bb4bc0601125ab77
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_each-land-config.3299fec3.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1196b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zp6NKvMNIbKF3Aj4WThLr8u%2Ft0oPbpehl2mGQm3%2BgK7rkzmHWU6Drha8MDMS12LUk6ovVwSBOTcgwuGldK2NHr41shEggvaThYd45kBerzlDZ9vUfb3RpNU%2BO8zRFLyde6C5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa3b0db51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-8.webp | 104.21.62.103 | 200 OK | 696 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-8.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash6a6742fef0cd1bd74f6da94e9fb833e1 ccaae2ff48574bbb04072b2efc5864b9177017a5 96bf5ed5aa8149269a215cf19a17889c762b8cddb2fe36229849c8379c2d4aa6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-8.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 696
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-2b8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GeTx%2BfEGIyawJXv7TWSn3tqjb0Dl0HcN2JlTooFdhxvi64lhrNlRfm75leG17NGzZAntKgdx819nV%2BHron2yI8WrQyZWCSEWTPZzOo8jea4UtCBCcHIAz4hIEU8LF66F%2BG70"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e15b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/sw/sw5866071.js?var=7359383&var_3=807625068294447976&var_4=null&ymid=694025&ab2_ttl=5184000000 | 104.21.62.103 | 200 OK | 1.3 kB |
URL GET HTTP/3vaushaugremu.com/sw/sw5866071.js?var=7359383&var_3=807625068294447976&var_4=null&ymid=694025&ab2_ttl=5184000000 IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeASCII text, with very long lines (1381), with no line terminators Hashe63959722d018b2581219b678aa44d38 79925f5b237e10b914d42012d8f62431238c74a6 c0f223776cf026002462b0dc3c9653d70976828997c77008b7c135e935d31540
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/sw5866071.js?var=7359383&var_3=807625068294447976&var_4=null&ymid=694025&ab2_ttl=5184000000 HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NbOJmXMxlqyxUWYCaHQpCb71bNYgGNUde0aVkRb2sbVOn3yhvU4N%2FjX5KMhkPPORi3UvjBPwjQ%2FouZgKLB56SGP6Cvtu5sN92US%2F430GePzppP9r5yyiYcKtC935YEckz90W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad9e6fb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-constants.js.49317f47.js | 104.21.62.103 | 200 OK | 600 B |
URL GET HTTP/3vaushaugremu.com/js/v-constants.js.49317f47.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeASCII text, with very long lines (664), with no line terminators Hashcf8c486ed295e4a6a30f4fb155bf9fd3 9942a3d40672242af15f2d5cc95df2c06872914f 83c4b13e336b66f673d082c8b9b2b20fb98772916cb5da52f9e48c929cafc9cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-constants.js.49317f47.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-258"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EAMewkm0qswyoUbwSswY7pk%2BebxA5RmIZPzeS6jSIpU4IdzQGmccLIeQnBiNkkJYX5ALmrTO7iZ9ykboPVDt0%2BZoneHsS32StvbPO9uU8H2pzaHPYANDGuEGE7hJl9bFvjQM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac8d4fb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-2.webp | 104.21.62.103 | 200 OK | 538 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-2.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashe4d97f0d392aca4fa78b0928438d0168 55f713d8826a9a65e11fddf4c5fa4ea5939953b2 7058be64334990621fbc8cc06782aac5116c6e8a6d7700d892cb8b36f06c5866
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-2.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 538
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-21a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3BgJkVAXKedM7aXBTnv3AXJjrs%2FJLpR8yNL5H29MQGNIE3%2F9imI5cr6AG%2FQd9ilyW6SjvbbE%2FKmNmyQcP3jGfxCttMzpaE9jJeFjPkTNv5Vb8X5I%2FMVJC7%2Fn4GdVy%2BmTW7l8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e0ab51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-react-dom.production.min.js.c3329619.js | 104.21.62.103 | 200 OK | 129 kB |
URL GET HTTP/3vaushaugremu.com/js/v-react-dom.production.min.js.c3329619.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65440) Size129 kB (129359 bytes) Hashf5e47be85ac64238a6511377c99bef6b 14202f5ec5092ffcb622a84db5877f1c99493b4c 198b63ec93086fb7042c6052dc6558626c506852de0903547cd1b2d52780839e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-react-dom.production.min.js.c3329619.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-1f94f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4TWYTUl9uL1m2lUWaOGvqOon3zNt5JL1B%2FHj51RT7UCV%2FD9GMXZ5gkdjb2EQfix2WcZi84R5Cn2yLywzMk26oUcwvMlAnoiNfrn4%2FbZSoVWrAxXQdMdVzj%2BhgQAgmD9PSqoe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa3b11b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-possibleStandardNamesOptimized.js.205abacb.js | 104.21.62.103 | 200 OK | 7.6 kB |
URL GET HTTP/3vaushaugremu.com/js/v-possibleStandardNamesOptimized.js.205abacb.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashf80cb2aef29b4a80d135d1a598ce1dfa 0653306df1fd8d8591f84661643825e41684d3f6 43c16ae11cea687efa4ca55dec516b23257c3fcb22c9d3541041f1816aaa7b5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-possibleStandardNamesOptimized.js.205abacb.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-1d99"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6X0a%2BEFZ0C8w8xiGfoSzLeeV%2BsUR1WUA%2Bq%2BXJWQ6mqeP9kJEH3rrkuPo51ugkC0diqNXKJGwRgFKsxauK4f8blNr%2Brv1JsbyEoMt7VaUClxEv9gZmguhQmyHF2xDPhxy8JEu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac6d2ab51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-index.mjs.19622407.js | 104.21.62.103 | 200 OK | 35 kB |
URL GET HTTP/3vaushaugremu.com/js/v-index.mjs.19622407.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash1de1ec2d8e7940b88970d8fbce40ed6d 510aa24127fb8bc3578d9ca4628b2eea5a84ce01 b473156bef833bcfb2e84658093f1ebc1e64011dcba904e26ccb31f1cad8b762
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.mjs.19622407.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-89d7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6X9aLzQLrOF2P4w7yJiLJJGYqcwSMCuDfE0y3AjNz%2FbrWB%2B8lgLuCz7DNPaY3JObrmtWWXW22wQuoqtSOaKxMgGVnvggU36sfZtTSMsLnM4WDUEkQotHtloef7DXVUHqkc1h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac6d27b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-domparser.js.97173b2e.js | 104.21.62.103 | 200 OK | 1.7 kB |
URL GET HTTP/3vaushaugremu.com/js/v-domparser.js.97173b2e.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (1772), with no line terminators Hash46dd2964e007bc585a8f72ed695089e8 d02de9abf34cf05d707899e2562c067a8e5326bc 96d95d967e2f5ca4a1be19cf0d21f756ba2d0295ad5f4e967048054e85f6072f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-domparser.js.97173b2e.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-6b8"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JAhGjJScL0CLoCbvQB7W4o1d6tnTlse8KznulcplFES0esmWgmgwzP0uNFp7E52yiZaWGBoB%2B9puNrExeafm%2BC1Itzlr0iDehACetVCVzcTjjmVztWUegknsRtA%2BC%2FS1HCOg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac8d42b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-dom-to-react.js.26fdf751.js | 104.21.62.103 | 200 OK | 1.1 kB |
URL GET HTTP/3vaushaugremu.com/js/v-dom-to-react.js.26fdf751.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (1101), with no line terminators Hash5693cb2629dd3231ce6fed788c41b150 872d71cae7dddc37389be6bae0fc4a5b611ec9c0 b312636bf1d349d818517865e89c22f8b9ef9e61d1805cf315e44241ccc05d26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-dom-to-react.js.26fdf751.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-43d"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6X7%2BwIJwpT0UE8LpQwTWwmJ3ptUZzDKPjkVHv92g8VC9jIPDVbi3hEryDja0IL4L5b7kQeYFkkVKi8rMrX8ojG54AyYQHpvLtx8wPIK%2F%2FWaRt38yRIVCWAmtbWT%2F%2FMmVeskS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac8d46b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-5.webp | 104.21.62.103 | 200 OK | 588 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-5.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash25e1107a0e365082ccd6093e0073f05c 7b0d3c741f2bbabbcac99f29bee8cf2f9eaa1841 935ec86b128c0bb7bfafc5915a46c0c3709c47b90509e26e4c994d8ef5587cf2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-5.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 588
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-24c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2SwKy4gXmlQ9KRPjGMOaI7TtVdQAbetV%2F7tnbc1K8rLKC5oKFpIvpqq8UT8YUcP6ncw6Lx5a5V0lCEL8JYLwWZ25IHPkaI8%2BR2bFCALjsBEldGObUaM%2FtkQA7Uhxyihr0G0Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e0fb51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/_rtc.f86a36d7.js | 104.21.62.103 | 200 OK | 12 kB |
URL GET HTTP/3vaushaugremu.com/js/_rtc.f86a36d7.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hash128d6eec0793a7e02c314d2f6245f260 c9f09311c3f229b770f38d0cc69b422430f1c748 bf1606ac64db254cc565a094e7162a96f31f7e48ddece56fc92c654559e5abb8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_rtc.f86a36d7.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-2fbe"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zVsOrrHnmYS8%2FDCZoA2u3ctnMjgbz5ysE3VWqAWjboay12EFWN2iu294JJ7%2FgQxRGsdBAyY29CONubzFjDAndRvp0BTP7IdWOiycZs69P1JPjzKy2ShvThomqdqXEXhRdJsV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa2af7b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-node.js.28d8082c.js | 104.21.62.103 | 200 OK | 6.3 kB |
URL GET HTTP/3vaushaugremu.com/js/v-node.js.28d8082c.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (6337), with no line terminators Hashb11cf8c1d8d8183e4d11a8f17a41189c 2f912e66ec3992d21e66e7c8e4ff40a2142a4d64 9e69f7af4cfb7fa8b5eb0d67ed8a36f5d23c276ba29b7209565faefab84b71ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-node.js.28d8082c.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-186b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFlzb6H%2F847iPBpIeQdVE91sEM75pLykvJ9lvPlvKY%2B2Ef4TLxM05sr9b8F5QKQDNiYw5VO7GmPXZ7AGvvbwY8jnbPeeQmo8cjrE9b89Hj43wCBqD4gLFP0xZoDTFiw5ByCO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac6d29b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/css/SweepHeader.8e7220ee.css | 104.21.62.103 | 200 OK | 369 B |
URL GET HTTP/3vaushaugremu.com/css/SweepHeader.8e7220ee.css IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeASCII text, with very long lines (369), with no line terminators Hashb3e63dbf70b8e4ad7c5ec23726112e15 e083def5d026fb5bc171c3043f714fd5d859f82b be1433fba47a27551a04629ff55f1a1d944922016569342433d79f0200d8959d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/SweepHeader.8e7220ee.css HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=370
etag: W/"661f9116-172"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2dL2M%2B%2FnN0ZyR5yQyzve%2FXL1f%2Fs5M3U4bRK89HxEeSrXgLtzJYexzKEN%2BkGI%2Fxsnj7dnfkAhrvEO%2B9X2NroS%2B5rK6236s9MmrUH%2BoVKechHkHBv4bmYtTtTIDS94arJJr5aX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daac6d24b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-3.webp | 104.21.62.103 | 200 OK | 582 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-3.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash8347ebfbfa18beba17d356a3dbacb100 f1d66a05e07953cea27fe277e72a495a8e3de2e7 318e494a7bcf7cb28173e54feebeb44ba93b4c17a423c7036d2fcac40e4db6cd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-3.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 582
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-246"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BCpVQtjSZexptDMnNS3VLXEQeeHh%2Fy6uZcwNZK%2FFUaCDdKabX7TxnysL05pQCXtN5fnunYPi0Ymym0pK5YKwa56nytGuHmM2I4EiyYVGeKWPp1cHnglgfAJ9yfBTLO70YgX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e0bb51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-11.webp | 104.21.62.103 | 200 OK | 502 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-11.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash7ec874233fc75e1ec8df712b7ebbd7d2 cc219fb2b7e6057a8303283023dd1aa09a082455 9bb6b14a5a503d3c52bc6fc2e7c236a90e7971ceb41cb99e5245fcfc39ef328b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-11.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 502
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-1f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hsPDKwpE6GEfXPkC7RNrzrNzsg3q%2Bm2pKmEPg15RV4SWdTVC3jQB150Is1Se2b2tJ6zhuWTxgNmFFvaEoY0UK8kFc1Emnsaacrqf9JYkbtyQYFStt1lA6o7Ac9a5g72LLWxC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad4e19b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/js/v-index.js.da9f7529.js | 104.21.62.103 | 200 OK | 41 kB |
URL GET HTTP/3vaushaugremu.com/js/v-index.js.da9f7529.js IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeJavaScript source, ASCII text, with very long lines (40911) Hashf0c16b073e12930f7cbd321dd6f8f9b9 af74daaab1c8cb17152c3352d40ab89afea0b29d 9058ace69791e8a1eb5f9849c20a6dcd6e0f9018696ed0e563c3da7082aec861
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.js.da9f7529.js HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-a01c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XvyV8Lnaf1WmxGWFGyS4pKgdCWrqPhw%2FJ%2B3tIHbOmq5%2FzUnDvd2GKmYpP3J%2FFMp6utJXa%2BACUUD%2Fsiq8wODNxFof%2FiaHGDccAD7nRFIvICSYVE7A3UwgCyieOuUGsnKtNgU8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa2af8b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/css/sweeps-survey.f5ae42b0.css | 104.21.62.103 | 200 OK | 94 kB |
URL GET HTTP/3vaushaugremu.com/css/sweeps-survey.f5ae42b0.css IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash895c99e8dc2cac2fe41b6e4623314c0e aa530776c5425e3f15a8ad66ee1bc43840172ac6 bb88f272fbb80a919f86655f6cffff6d8419f09b60e279c9727d904f16d73d9c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/sweeps-survey.f5ae42b0.css HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:06 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=93694
etag: W/"661f9116-16dfe"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTWFdYnLJ%2Fd%2BtT5c0GhEGdEw6JYWtDLPUc32Ki2BYPDR9wuO5RkN76sZ5RsTWvQky526NW%2FU%2BpGPcBEzLQwWtJx0BFWz78xsy%2Fi2GQTUqCCcOEt02omeRlyVMSbAPMmg5Ueg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daaa3b29b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/img/comments/person-sweep-14.webp | 104.21.62.103 | 200 OK | 626 B |
URL GET HTTP/3vaushaugremu.com/img/comments/person-sweep-14.webp IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash7c494127025f1ec09a96c16bf0531a36 0c2f9302c41f99da9fb5eead2c364bdbdf435156 e6443a7cdcc5ee11ece88ce10824fd79851700e4bd3dc6259d1a816182b82e5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-14.webp HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/webp
content-length: 626
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-272"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NQWF4MTsMz0fI0KwIqHDcq%2BW3YxfIe9EbQCg3feO7CGaPnh7rEsd%2F9gJs8pto84Z2jKt2DSznXZfRX%2BB6rpjRPWsBUnHCUqrsMGmTI6OxYCaCmLACcn8Yc13MD5nHndyulxR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4daad5e20b51e-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vaushaugremu.com/favicon.ico | 104.21.62.103 | 200 OK | 1.2 kB |
URL GET HTTP/3vaushaugremu.com/favicon.ico IP104.21.62.103:443
Requested byhttps://vaushaugremu.com/sweeps-survey.html?offer_id=95600223&z=7359383&s=807625068294447976&b=20750729&campaignid=8091268&var=694025&ymid=807625068294447976&var_3={var_3}&geo=ID&device=other&os=android&ip=36.74.145.172&country=ID&browser=chrome&testinapp=5896608&design_id=2&utm_campaign=694025&utm_medium=7359383&utm_source=zd_8091268&utm_term=20750729&utm_content=zd_public_v2 CertificateIssuerGoogle Trust Services LLC Subjectvaushaugremu.com Fingerprint78:C5:DA:54:37:0C:87:64:90:AC:B9:E8:5F:48:51:C8:13:01:5C:C3 ValidityThu, 21 Mar 2024 09:40:34 GMT - Wed, 19 Jun 2024 09:40:33 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: vaushaugremu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=1251lp43n2ycgi5ooi352zcjpas3wrwb; syncedCookie=true; oaidts=1714116487; ID=1251lp43n2ycgi5ooi352zcjpas3wrwb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:28:07 GMT
content-type: image/x-icon
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pPZH13QeUWj3QkzkXgr4edUrXN7%2BzxK8rwtXxmcg4np3KJ5fmlFgMxXespkW4GgU7bjST%2Bjx1xaC2yqQUnk8pImFsGrnLGcjA3bacO%2FzFT3Lb1cUP0pzmrdf9dlZvVr%2FxChL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4dab08963b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|