| vamtoacm.com/img/rain/dollars-2.webp |  104.21.43.180 | 200 OK | 8.1 kB |
URL GET HTTP/3vamtoacm.com/img/rain/dollars-2.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-2.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: image/webp
content-length: 8140
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 962
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLOCCyNfnb4ynTdESK2em8s3x7NDpNQ%2BIqTj1wqBLOAA7RgNEZPSWZW%2FvKzDuUWYBJKJYoVXE%2BYAf8%2Fkrv4Wf3D9FACs8Qvtt6Bk1cO0FYxYL%2BU9MBLEQCpvhWLII1c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b90e07b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js | 104.21.43.180 | 200 OK | 22 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/pages/_app-7ac21b6c354dd447.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (41515), with no line terminators Hash92ee35a274faa2df0c68f0def06a750e 8131ecf1752dbf3591bf213855896b2618f48734 47929dce053ec819a11270e42aaff07b95e02ee29513b8f5b73cf75f6cdeddd5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/_app-7ac21b6c354dd447.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-a22b"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5DD4t9G%2FWLMRNkEJb%2BDxieHcsCsNNz6jLDQ6ZDv8A%2FpkRoi2uYdDFuLIr8WQCO3iRMrP4rdPIkiPMfBfcWTqexzmFFyzSHny3Z3tls3RRpE%2BgYaYNM%2BJu5CVV2Jur7c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86d18b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/2090-519478c186a3d867.js | 104.21.43.180 | 200 OK | 9.9 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/2090-519478c186a3d867.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (10752), with no line terminators Hash37545926cc9a6e537b9f3e95d7a16c1e c3cbfe1f9737817eda25770274e97feaf6b8cc68 d3ccc772608b2a03a543da22715903e2b6e2c14c42c2f475a0f483ac3cd64b37
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2090-519478c186a3d867.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-2a00"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gH1ndJYvWmcjt1NfBTaJF3%2F3rfcbAM4idDkU8B29YSAxrS%2FT3TwZcluSnK1up1VhzyvTmSStbx2qWHo5BEZORUYf6czLRWnHmZyFSHgEfyJCxkNdqs%2FyWGlhI9DmkqI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86d22b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js | 104.21.43.180 | 200 OK | 1.0 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (925), with no line terminators Hash3d657d2d17983fccaac3b0512a0f9460 06faa560e966627855c424e23fbb0bb5aadde083 b9e3997d6a87385dd604b65dfa962fe50944dfc158c2e82c945d6b8664e2f81e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/8904.6fbc0cfd51623cbf.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-39d"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y6eXCmsQo8E9T6wwk0aNH5Q%2BCvujGN0fIzEQg%2F5XOg%2FtSEPkAXv8Np5vKgdRuXzAg4epWv2WeXkq9TM1Qh%2F2P8zFN3gw0IhVfbg2lWg9Q%2B6GaO8oZwMocY71ungEVUs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b99f0eb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=kys1obvi9ykxcsnm30ox6m6ynu7khx |  139.45.195.8 | 200 OK | 63 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=kys1obvi9ykxcsnm30ox6m6ynu7khx IP139.45.195.8:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash3a1d66879bebac897197b84d63a4764c 791064927b901b996d64d442774863647c83f593 c3bb0b9c46d41f03c0e4ca43237365154f417d7d7b03bfb02de3294a95f0f5e8
GET /gid.js?userId=kys1obvi9ykxcsnm30ox6m6ynu7khx HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vamtoacm.com/
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/json; charset=utf-8
content-length: 63
access-control-allow-origin: https://vamtoacm.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=kys1obvi9ykxcsnm30ox6m6ynu7khx; expires=Sun, 04 May 2025 19:16:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| cdntechone.com/stattag.js |  188.114.96.1 | 200 OK | 7.9 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP188.114.96.1:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3289
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4b4QMukN2Dy7L9JCT%2Bx8IgHbXVOgGnpQbUfG5UbkUCrltN5QzUGBxLlFUf0mJhpBRJ3vM%2FbnQLAnII4S4ISJycUgnZVfbP5S75X566gzwWMJU4d8T%2FyvLK5uPr%2FwPrkDUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ead2ba9f175694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| vamtoacm.com/img/comments/finance-survey-people/person-5.webp | 104.21.43.180 | 200 OK | 2.4 kB |
URL GET HTTP/3vamtoacm.com/img/comments/finance-survey-people/person-5.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash188dfcdf19da1d86ed162d54ed03536d 98b1baefbb803548b2894547091b4c7773406524 4f8251665e3cc796f127ea6cbdc00a9ec450adff16acb4ec74463c446b6f4ba6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-5.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/webp
content-length: 2384
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-950"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5365
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELXF6wOOqZqEAZR03GLZRFyyiM%2FTUBIxW9R7ODD%2BwkdIr8i2Bja6gnExX%2F%2BXhOGW4I%2FPZw%2FvVByKQ0GxtIxQXCgA4Dixp04qi%2FcqpcWXfqRXi6OI%2F16SxALJZmiVy1c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bb7a75b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vamtoacm.com/
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:05 GMT
content-length: 0
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vamtoacm.com/img/comments/finance-survey-people/person-4.webp | 104.21.43.180 | 200 OK | 1.8 kB |
URL GET HTTP/3vamtoacm.com/img/comments/finance-survey-people/person-4.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash5dc160f6b521dc8f6c670b140b354fed 22e15cda82b532067b99932ec28f86ea2cc1ecbc 09c6c6de57458ec0c4e7a3d2375e0c7b9c037de9366b63e3685cc0ca94d838b4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-4.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/webp
content-length: 1798
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-706"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5374
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cpq69CoqPjvnqpc3uyel8209u0MKgBzdtKi8xX1Ha3iw4KBvjGzkOnKsf6UTeBZcL9Ik4GAFrbIDpM9QECoAb31suScVCkJg7cfEse9OqEMuruEda5S3JkIvf5QxHoM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bb7a69b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/img/comments/finance-survey-people/person-6.webp | 104.21.43.180 | 200 OK | 2.4 kB |
URL GET HTTP/3vamtoacm.com/img/comments/finance-survey-people/person-6.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7be25941ac032fcec25b1bb4ede296d2 cfc4fb3733844326076b6d7632087204c0bea34d 0ff9d28c4ab7516d2790e8df4d325cf602bc8f9eb787a7cd9b6554edd9530e4e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-6.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/webp
content-length: 2440
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-988"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5364
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jb0qXr7ymNOc%2FF1ITgMAuWH6vpcB%2FGXk71KFNl8sNdC2d21fhjveRdfzQOIiZfPu1dcTz4bvdCUVRSj%2FwFHpSqrcOltoYp%2BC%2FC%2BzliYdURPpaV4fkK0wPpLPbUvI0dk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bbaac8b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/6037.086d113a52bb6dae.js | 104.21.43.180 | 200 OK | 3.0 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/6037.086d113a52bb6dae.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (1216), with no line terminators Hashecb3413a820e90a02da866703decea54 942a5b6bace7e074d7d3f659443ccafc6bab9fdb 164d125334ef313d6b02f2935e8de09924e8df11aa5847daff03dfe893c8ced5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6037.086d113a52bb6dae.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4c0"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3MzOhZZ5oWnMNPPUpWf4VMc8MT8o1S3JvlJtFH4d%2BbTw6zv9hajNixsQQnS6bO0Cp4MFZHg8wTZx2Y1kBiiRjHdyJ14k1LqqGs8qkY1JhWdy0yIcPF4p%2FoRBxCjQK7E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b9af20b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vamtoacm.com/
Content-Type: application/json
Content-Length: 413
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 78e859a34a417cc6fa91cf29fab816e6
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vamtoacm.com/img/comments/finance-survey-people/person-3.webp | 104.21.43.180 | 200 OK | 1.5 kB |
URL GET HTTP/3vamtoacm.com/img/comments/finance-survey-people/person-3.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha747d227c2e10b5178fd942484301d7a b3c5cf90dd5fd2c26c7b17dcb2d35b6dd47065be 9f4fb1281b7141b9dd48925953f7b039b6c411ea0e6e5b158d3e000d75316e9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-3.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/webp
content-length: 1454
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-5ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8SqtJhEUFsSQh4pBGwqpuBGZfg5TZE95xE6ptriKqAQWRrsjFdIJXct4GtWNXQ4Y2BMDQShaphGAKlAbH4gWENeSbkEx4tLhXHoppZAkWNUZW%2Faqa0jzXwVCuYxXmlc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bb7a70b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/3091.8141ef861c4fae96.js | 104.21.43.180 | 200 OK | 2.6 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/3091.8141ef861c4fae96.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (2385), with no line terminators Hash8de4ecfc18371e9af83a020ad48a4839 f4cfd9509facd189f8e3487426a36cecfc77c090 954601b08c55f3c2e1c2a0a766e31a55e18b3ee0f6213cd1761decd4e4715f64
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3091.8141ef861c4fae96.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-951"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wFyLXJFu89%2Bcaj1DaHkbj9cdbpAAHkQxZIPTm17hor0w9IHAz%2Bn7xbbuCunIpowC268KVzUzqWJ3INN4J%2B59YyOc%2Bp%2FfUqrgZruvpSNFRgheotMFuxW9yL78VEhvSm4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b9af14b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/img/comments/finance-survey-people/person-7.webp | 104.21.43.180 | 200 OK | 2.4 kB |
URL GET HTTP/3vamtoacm.com/img/comments/finance-survey-people/person-7.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash0d91c465f6e704113b3a499440a0f525 a138134744c1f316d7aefc9500d573210c35cc46 5f20fc611eeb4669a12f237e22c403afc79c7646d9c0fec719d2a14890bfd530
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-7.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/webp
content-length: 2386
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-952"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5364
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ux8S0vGiBZ7esn61d6C3LlKL9wlct8DlvAkdoqRkuVypoBPngJEgICg4WtTxM6ZH5mmgAu%2BBk%2BFgsstd5Mhf%2FMKQhg45vSM60OJoZJLkaDbHC9WJ8d5Odkf4aftuZa8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bc3bbeb4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vamtoacm.com/
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:05 GMT
content-length: 0
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vamtoacm.com/
Content-Type: application/json
Content-Length: 433
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 00d1971aeaecec219a2bf944438d98d8
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| vamtoacm.com/_next/static/chunks/1754.983ed55293c299ce.js | 104.21.43.180 | 200 OK | 2.4 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/1754.983ed55293c299ce.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (12711), with no line terminators Hashaaadd1fe7166e1641b80d4a871e91a77 44dd71230caa2b99dbe1a804fb3e444fa2dd8255 918408a27b1ee2472daf8940c82be10db3c347bf9111c15eb4b23bd34600153a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1754.983ed55293c299ce.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-31a7"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zoHMR1AAs3O7RVG7UCJjNegXOyHxJsLqoRPIdoJg%2BW1nHg%2BqF%2FHHg7sEzfFRDpPQ2G0fCuoTrPZEamPR8MJQIbUE1p0ocbzZlT9UsLKHQhBzmMJ69YeBhRcxufWhA5o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bbfb5ab4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vamtoacm.com/
Content-Type: application/json
Content-Length: 161
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 52e07f8e3d5b7b4e456ad1bebe9f2320
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=06c02c53-519b-4bb9-b0c7-d01b10ed030e | 37.48.68.71 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=06c02c53-519b-4bb9-b0c7-d01b10ed030e IP37.48.68.71:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=06c02c53-519b-4bb9-b0c7-d01b10ed030e HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1500
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 May 2024 19:16:05 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://vamtoacm.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| vamtoacm.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=vamtoacm.com&var=5179080&ymid=156615&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b7452e02-47cd-4bb0-b1f4-969e39afdd43&action=prerequest | 104.21.43.180 | 200 OK | 0 B |
URL POST HTTP/3vamtoacm.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=vamtoacm.com&var=5179080&ymid=156615&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b7452e02-47cd-4bb0-b1f4-969e39afdd43&action=prerequest IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679100&is_mobile=false&domain=vamtoacm.com&var=5179080&ymid=156615&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=b7452e02-47cd-4bb0-b1f4-969e39afdd43&action=prerequest HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-length: 0
x-trace-id: 1bdfd320dc1dec8d222686e1bcebaa76
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZLwuRjOYF0wuGk4ztpgST0I%2F3fng23%2BvKVk%2BtZHmpA1VyUTNF3z3L0ekBqAN%2FA7cWaS7vUeOIKpHxZGC48Odzq%2Fdz1wDF4HuekDYw%2Fmh44GulzdoLIztP23a1OyfVU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2be2effb4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/framework-8940d626f3bfb7e9.js | 104.21.43.180 | 200 OK | 10 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/framework-8940d626f3bfb7e9.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (25995), with no line terminators Hash33a34c525e2bee14a166fe1289835308 4afb650772181930d19dca9a41490beea5087932 bebac61ce044debeb2025b1fbf1c95f1b9a4bc97d0702676dea22b0bb689b555
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/framework-8940d626f3bfb7e9.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-658b"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVLEIbR8%2B6Xa5rsTXwIy0wSDXM6sbi72ZChnRQaH8KS0fC3ATAzUAPtuJIJBuHFZEEfdBPtdD6xGXv7kX1w1nLrolhM4BynktPLIXddI9wg6B9F5PF2X6BiZmSV0B8U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86d08b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vamtoacm.com/
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:05 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd63fafa4ac80349d95fad78d8500227d 4f50f53d66ee8cc1780aaad1ef50094b1df9a1d5 47439f55773cfda4973aa2ff156a5ec48cf9b7c52b4351f9bc8728acd3b5f9df
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vamtoacm.com/
Content-Type: application/json
Content-Length: 2058
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| vamtoacm.com/favicon.ico | 104.21.43.180 | 204 No Content | 0 B |
IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Sat, 04 May 2024 19:16:05 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mQZeCTumUXDX%2BhO0LCctOxQkTSau9%2BRANav7WDTDz8WxjE55qQ6jz9sK5faIomf4BvREWkKsWReBNzAOgjTazL2bF6BRqlBo5srXt%2Bvjo4c%2FQ4JLsHoDmjvcbDa%2B%2B%2B0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ead2bf68ccb4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/rotate?zz=4292518%3B5128285%3B4326653%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5179080&ymid=156615&ab2r=1858111&var_3=&var_4=&os_version=&uid=kys1obvi9ykxcsnm30ox6m6ynu7khx | 104.21.43.180 | 200 OK | 5.2 kB |
URL GET HTTP/3vamtoacm.com/rotate?zz=4292518%3B5128285%3B4326653%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5179080&ymid=156615&ab2r=1858111&var_3=&var_4=&os_version=&uid=kys1obvi9ykxcsnm30ox6m6ynu7khx IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (5243), with no line terminators Hash8c148b671c95b008def73e8103d0f8a3 37272a2df133a3de5df56f7c3b4594ab9011fea0 b27dd7ace1fb16c5257d75558a1489ea3215783dcbe7f4d08b300dd289f8a7e7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=4292518%3B5128285%3B4326653%3B4949467%3B5381241%3B5381316%3B5381307%3B5381339&var=5179080&ymid=156615&ab2r=1858111&var_3=&var_4=&os_version=&uid=kys1obvi9ykxcsnm30ox6m6ynu7khx HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
DNT: 1
Connection: keep-alive
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: 7639329ea49b70a0a58268cd258cf074
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
access-control-allow-origin: https://vamtoacm.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; expires=Sun, 04 May 2025 19:16:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSZYk96YtR6vGvcHcJ733jBNjh8cyA2jabJNYwzik%2FNM2YTpePa8G9aLLbMzplI5xsOd8zAQzz8S078HRj3dpE9ehP947xieRkpugeEBUj7akP4Xkv%2BNYXbezg1hEhk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bd0cffb4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/3183.fd81600fd1ec408a.js | 104.21.43.180 | 200 OK | 20 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/3183.fd81600fd1ec408a.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (19691), with no line terminators Hash7d35150b72e355e4ea7f1b364b4574fd 93a57b00bfe34fc0b09a4f2fefc438b699855144 17fef67045896f5900aea086d8c13b5a07409942fbac3180c6a8bfe66e86fea9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3183.fd81600fd1ec408a.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4ceb"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0yBlPi%2FRDH1y8ItLRoH8xEgNuZQBzM9617wMwmWmH3InGTr5zRikST4QQj0QdEzqeF%2FDuSQ1KolEWkY1U8E%2B5hT7vN5h6qN0BIrXFwrX7SoD6VhBAizaCg%2FNTzJAyE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86cf6b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/810.3c8446ab4166aeac.js | 104.21.43.180 | 200 OK | 3.0 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/810.3c8446ab4166aeac.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (3075), with no line terminators Hash89aad15398a24ec92ac08d6463d4908a 2d0cb315034a49a9911b5e2944032eebd24dd191 4ca508ccfb1bf3aecb96b235882533a777359352dad1ddf4f13e6986bc548870
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/810.3c8446ab4166aeac.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-bb5"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ai9wzw6jWY3Df6g2HzJcy868gd%2Bi5QwBon6XpRZkFYmlmDy4PQauZjk%2Fna8Ck%2B0AbrFqvpk2pPYL%2BTgU%2BGRBuvUrhHrKe6SemNNPggWgAFdmmxAZEd7PHmlxqb1R5Uk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b99f0bb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/webpack-c63afe4326372fa8.js | 104.21.43.180 | 200 OK | 6.3 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/webpack-c63afe4326372fa8.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (6507), with no line terminators Hashb4f4daa4446e65050b8af39fb465e9cc c922010fabb2e409bf1ac29f10563652f06f55aa 318ebdbd0768c4e17a59236e31a5a86a05769131d5e5637d55f78eb3f153d720
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/webpack-c63afe4326372fa8.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-1875"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuuAx0QKQN6BhgFdNp3BuTFhJ92exscNCATIkF5vvWglAtLdh%2F3uIoIZpzxew0vW06PnQiJpheHqjAEmoIWSdAVvmHMGYcYjxQP33n%2Fj%2Bes7aCgSND44qSg6ap4Muos%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86d03b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/5356.cd117ab77e87aa94.js | 104.21.43.180 | 200 OK | 1.3 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/5356.cd117ab77e87aa94.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (1340), with no line terminators Hash928a78a6ff2acfdfc2b133e09c23a898 80992f60be4eeaa5e9ee31c4912fc8fd15806007 af03ac8ae373bd61c0ac2106d2837e74bf0f3c2d02682c018909684f3e6af5bf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/5356.cd117ab77e87aa94.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-512"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5374
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJqnSc9iu8iLSeiO%2FGFliP0i0Lv2jdSspO5qbzgBPX9gy4k5wBDRAM8Gqom8vBAOkaHfvBbG9ebu1Lg3BZUxb1F7cDgGlEV7PLCXXt5TT9BP6URiFHQ6bqz5UP7s2I0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b9af1ab4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5179080&ymid=156615&b=20839589&campaignid=5756270&click_id=810702624694473023&ab2r=1858111&rhd=1&var_3=&oaid=kys1obvi9ykxcsnm30ox6m6ynu7khx&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=vamtoacm.com&ab2=1858111&ab2_ttl=5184000 | 104.21.43.180 | 200 OK | 37 kB |
URL GET HTTP/3vamtoacm.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5179080&ymid=156615&b=20839589&campaignid=5756270&click_id=810702624694473023&ab2r=1858111&rhd=1&var_3=&oaid=kys1obvi9ykxcsnm30ox6m6ynu7khx&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=vamtoacm.com&ab2=1858111&ab2_ttl=5184000 IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=5179080&ymid=156615&b=20839589&campaignid=5756270&click_id=810702624694473023&ab2r=1858111&rhd=1&var_3=&oaid=kys1obvi9ykxcsnm30ox6m6ynu7khx&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=vamtoacm.com&ab2=1858111&ab2_ttl=5184000 HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: max-age=1800
pragma: no-cache
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnKoq3LQx0GGnhgEWoeyTZzGZU87mt19rWYyaFbBW7V4YcSipfUEdsA9SgFiuN%2BhU1HpfDkEYpOQn4rkM2ggfGN%2Fhm3NQ%2Fta5VP9rflf6ke6A19X0%2F0QHWuOfX3P4R8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bd0d03b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/4981.3c1daeeee82e08ea.js | 104.21.43.180 | 200 OK | 22 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/4981.3c1daeeee82e08ea.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (21617), with no line terminators Hashe5a18eccb2797e5391d6ce697f63eaba fd0cfa9d1d8af22b690973928c5d65b6be83389b 865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/4981.3c1daeeee82e08ea.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-5471"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ql4gS2WLtw3q%2BdJdGXWnLS5wbIXVy0gSBSEiKcOBdkm5Hk4PoNjMekzANcUu5NOAdkPM8MZB05L504rFn8N6smR23639G7o8Qa4My4S%2FZQknihJonZMaT93yIg8cmyM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86cf2b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/img/comments/finance-survey-people/person-1.webp | 104.21.43.180 | 200 OK | 1.4 kB |
URL GET HTTP/3vamtoacm.com/img/comments/finance-survey-people/person-1.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashc5da2ea294623650bae71fc84401cf60 f1f62ea011cf81953cefe28254c134e992453b91 09a846c5b1af2c6100ff3193789be1e0e21ba9fc45c268f76f2007c78f1e4ac1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-1.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/webp
content-length: 1402
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-57a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNj3ty6eG5JiZ%2FCNjopbI5IRCJeLM67zMYVVdHYsTAylJv4iHjDek3936%2F4f5hUJ0qaLfB6fijbNKBXvh7zKcE2fOxonrbRJoApooyIRdgjHeS0KnczrFXtd4w36zr4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bb7a6eb4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/2734.6269ca0cf725ea17.js | 104.21.43.180 | 200 OK | 4.1 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/2734.6269ca0cf725ea17.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (4219), with no line terminators Hash98132c6c771aec065d3ab61e5c8c0f53 56484dafed6218ea17ef047fc8cd4c5a342c1890 ae09486720d6d4764b5126f0e26414962ee83eeebdc05db588bb7d86855e8b23
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2734.6269ca0cf725ea17.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-1033"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYN1zIWKXh2F%2FOnnz6JhhhxSiK%2B8ozd55DG8YhwDjYJrlVaywuM7W4OxvZNTsUcWXpQVDZhUkdvQ5HO1Wtskx6iv454uttN2Eu3czRMt1kj4fNd28ZHZ4jR5t9P3oNw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b99f01b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/7903-dd238946c7924507.js | 104.21.43.180 | 200 OK | 32 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/7903-dd238946c7924507.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (31896), with no line terminators Hashb5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-7c98"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uyE5RWOoedRiiCdRj7s0O6oAi1MMIqFf3psXxEvBSYGsJLzNfsnAEn2hEjNjJc%2FAR%2BKIs5SmX9qwErOWHaoKR%2F13eeIv4hD%2FJJJCclYVUQdYJqU07Zg3GnVW%2Fec7jTw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86d1eb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js | 104.21.43.180 | 200 OK | 1.6 kB |
URL GET HTTP/3vamtoacm.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeASCII text, with very long lines (1696), with no line terminators Hash543651efa338e66f345fe8c6095592e0 6108342c3f5cdd637443746d0c07a5b7a528aa36 8d80f5e899864f3590935e867f8814fe3bb8eb6b87ab6d84c3e1d609d971583c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/pCw5QzD_EB0_mbmsqIUh2/_buildManifest.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-644"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 962
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4W0q8awtaC6boHaDFSs98XGPrvIv8IgNoQtH%2BK8bfKF7cHK0WMormdb2XLA%2BSseVguET42QhcUI5ztG7O%2BPXTrtwk9m7aTY1eiwNB3pcMbAtYGDqIJtgvXonS9Br9s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b87d2fb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js | 104.21.43.180 | 200 OK | 661 B |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (665), with no line terminators Hashf8e52c06430c8d613af8c236a1972a4a 8ac071e6c0908ee068e453ae47a6598d733d9a1a 7f75dbe159ba344bd4495842a3c902c147703b5f4835885f3a9e13f879cdcddc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-f51e2daac4d078b4.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-295"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XPvlGp%2BfifgNYHj9usmCWoQH5mn7Ovzc2Fmt%2Fzok93OG3AjTE4OxlN%2BcoTLHPHusbCNrHNS04QPrS%2B%2BOViBYvq2zehldRD%2F5UhdOXUvjKiSrzCS8TadGd4%2BdshVV3x4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b87d2ab4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/finance-survey/icon-survey.svg | 104.21.43.180 | 200 OK | 2.7 kB |
URL GET HTTP/3vamtoacm.com/finance-survey/icon-survey.svg IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeSVG Scalable Vector Graphics image Hasha000ba4d0e7570d810feafb22bc50bef af8fce44a683d3dfebe69cbe856e747739c9a666 9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /finance-survey/icon-survey.svg HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/svg+xml
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: W/"6631038c-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2BaCDY7ZvA5BwSqNUK8LF63fdEC1d%2FjpxiFLdOr6S7noLggpBB5ayw6xB1qio1oJvESHjWQkt4cVJcPXsfgOntsLUHmss8lxdhPOrJjpTrVmgJVSCqe6x8xKcJoKv6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bbaabbb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/track?dry=true&request_var=156615&oaid=kys1obvi9ykxcsnm30ox6m6ynu7khx&os_version=&var=5179080&var_3=&var_4=&variable2=810702624694473023&ymid=156615&z=5179080&ab2=1858111 | 104.21.43.180 | 200 OK | 182 B |
URL GET HTTP/3vamtoacm.com/track?dry=true&request_var=156615&oaid=kys1obvi9ykxcsnm30ox6m6ynu7khx&os_version=&var=5179080&var_3=&var_4=&variable2=810702624694473023&ymid=156615&z=5179080&ab2=1858111 IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashe6246b04b7d99b675f7086e756e1f242 9f3b5f5cb9b34830dc20448a0acc83bcce5d2727 5ecadcf1c19edd16643f48e47f530b024c97a5653f98a47e14c61d5270dd7881
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /track?dry=true&request_var=156615&oaid=kys1obvi9ykxcsnm30ox6m6ynu7khx&os_version=&var=5179080&var_3=&var_4=&variable2=810702624694473023&ymid=156615&z=5179080&ab2=1858111 HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
DNT: 1
Connection: keep-alive
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 03451bd4b24ab121463d1386ce9e356b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VBEyouHhM%2F2WAkfB8%2FxDgZTVUemYlYc%2Bpip9rWYkbNlliXlg0wf8afMWG7fY%2F%2B%2BcDaubdInhT%2FhDfM9gkykuCnX2alPe3vk2nGWvnGbG%2BBRYklvM0zOFUf3Po6O0U9I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bcfcd4b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/5927.37a5338b8ac59a08.js | 104.21.43.180 | 200 OK | 19 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/5927.37a5338b8ac59a08.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (18708), with no line terminators Hasha385421104bc74c949dc4c6191ef7df9 30827209462e4ce7b901e71b238109574cc117ba 441f4699276f051e940137c231a4d48a7d4a0958ceeae78958482cd8a89663be
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/5927.37a5338b8ac59a08.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-4914"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTqG8zaVo1u7UL7UmSbcCBPG2Tk5nqYvMuBoC5cZDUwIutNeZ%2Bm72m%2BTbD5X1hJ9Z%2BqNlcfUfO8gTxCs5CyCFAa%2Fgzd7z3%2BW6wnEX7OyTmvtlG%2Fw3O0PKkzekjMdJCo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b9af29b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/main-beb6af9e60a8e042.js | 104.21.43.180 | 200 OK | 109 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/main-beb6af9e60a8e042.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size109 kB (108886 bytes) Hash49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"6631038c-1a957"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hiCD%2FIpc%2BSZGfG24dGv3tZEiyxuocFgUW0P0SVB75qa0XEAVJ%2BWROy7QI384Dl4kRBuwlsDVqcmKR7Ncf4rP0Otj0PgXvHgVgEIZm3BuiCeuBsVgs8DkLnRGFHfbrMg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86d0eb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js | 104.21.43.180 | 200 OK | 67 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/802-3e1f59b7c0fe3ef9.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash8288efc1729193ab69e39ae227fb924b b6cda864edfa8126c902b5de80229790a6f9be15 070ce71e2510a99695b81a839821823ddf3b49213f166212641fcf98adfef3f4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/802-3e1f59b7c0fe3ef9.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-10749"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4426
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfoMKFx9dG2XwnjA76AxaFcDYFtynTfdrtPCvsS8q%2BWx5gtzjlhy3SlgpxyR8eYJnwDiJ2xZd5tKwx1ITVv3nWO5JyiIK62BX1Orsqf75Re%2B8aIftQr%2FDYYvvI0pjic%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b87d28b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js | 104.21.43.180 | 200 OK | 182 B |
URL GET HTTP/3vamtoacm.com/_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeASCII text, with no line terminators Hashca6aa05f78eb6859347a61db067f16dc 444e70f53eb809f0920de921925d854baccdd251 11ca6f5cc9bc3b5e4021fe0fdad57091b6e8b54a5018672cf9d8b6a7e4f0e229
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/pCw5QzD_EB0_mbmsqIUh2/_ssgManifest.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-b6"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5374
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d5ljtfhZxT%2F7GaiQG8r9%2BYrw6zio3Zu5LF2KB9%2FpzUqw9LNuDGj4zMvqoYyeUEF1SsarcjJFb6cWx47ldeoLaivq5aV4lMD4X23RVtvBurB2lJvvDZ2eoBM6UmVCPP8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b87d30b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/812.72b1b2774f5e091e.js | 104.21.43.180 | 200 OK | 13 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/812.72b1b2774f5e091e.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (13123), with no line terminators Hash4746cb9c76676e766e71dc6aecb5136f bb22c941272fd23ba014218396b7f9eed51e84de faa62724f265c4355b761202cf48980bedbbfa4a8c8c044468e0024ddf1d0059
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/812.72b1b2774f5e091e.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-3343"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3apXQcwTUosYYeHT8kgfRoCTnobDiDlos55rXdzXcOpdvqfTWjRgEqhzP%2BY75%2FytEyTyNot3rG87%2FbRg423bpXCpgMfyrWBUjp7vyjo%2Bf1e%2B00DBDIixlWhFAxhAv6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86ceeb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/sw/universal.js?var=5179080&ymid=156615&ab2=1858111&ab2_ttl=5184000&zoneId=6679100 | 104.21.43.180 | 200 OK | 1.5 kB |
URL GET HTTP/3vamtoacm.com/sw/universal.js?var=5179080&ymid=156615&ab2=1858111&ab2_ttl=5184000&zoneId=6679100 IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeASCII text, with very long lines (1540), with no line terminators Hash5edd43e1c6126829925eb36cdbaf7af3 e1baae48011f9077aa37e6ab31d4604d41aec303 38945b2621b28329b93e77cc757db7e8def95dd4f4ba1c13862018da2df83411
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /sw/universal.js?var=5179080&ymid=156615&ab2=1858111&ab2_ttl=5184000&zoneId=6679100 HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/javascript
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: W/"6631038c-5b2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JU2vCeyYYheBRPrboY4W4qdyLyk9diEjtpv8rgMgF0W9F8yRVcsiU4FBtuDWU%2BJ1AAVLitfXtXPE4dQqlOg811YhRp7zw6XcD9JpQcLCi7iazpfV92jQP5xh5sZ5iSU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2be2efbb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 | 104.21.43.180 | 200 OK | 39 kB |
URL User Request GET HTTP/2vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 IP104.21.43.180:443
CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: text/html
last-modified: Tue, 30 Apr 2024 14:43:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31EUcoFy2X%2BiVrrHB1LiLKoOh9bFe%2F2cnWGPxhzRO0EcM9bkl1rzo6%2BW%2F1CFwJxDGEi6ccK6JbdIDoNGL5NEhtxrAz9WYo37ky%2BygJ8PjRYyD7uE%2FEEO4%2Bl5UIjgCv4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b5a83a712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| vamtoacm.com/_next/static/chunks/6223.36a8be3b6724c1ee.js | 104.21.43.180 | 200 OK | 3.8 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/6223.36a8be3b6724c1ee.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (3870), with no line terminators Hash1d892f4ab084b8290d79dcf9ec65b79a 17b0c18b7201dd8eb4bbd3db5be2f1d784000948 77e68c0c19f773bcf939398361c922509f29268cea7afe93f3f7050183115e14
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6223.36a8be3b6724c1ee.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-eee"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5374
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ZMenY%2FTL7VGUyUfEfiLp38waqGpXl2HgfL77zHrEm%2FFYOptIXZZESIy6haMesHn1VXYI4H7Y8oDbczDnRAjvnP%2FpqT7bSdpYFh1FuwTSm3IntljOcRU%2Fq7RTl6BL7E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b99f11b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/86.1605512c42332a2f.js | 104.21.43.180 | 200 OK | 2.8 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/86.1605512c42332a2f.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (2908), with no line terminators Hashf7cb4f746f2cabc625d1ab452426c2e5 32f7f8a18c1d477a41291637019374bd4d722df9 6e3c489f8505040ae3a765d615dd63b8e385d2baeecd0ba58a2da9bf079b1a9a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/86.1605512c42332a2f.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-b1e"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5374
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bAVqUkKLG9e8SJcjEBPKkWN7se4CkTOQur2CAbRys2I6vyL2%2F91eZNEW4c1rXqqfL2N3p%2FMq%2FSf0M7OunhqW1O6bKFNvZTZakioOy6xEY4ffGOq%2BewBDBhfySQQqiwo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b99f06b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/custom | 104.21.43.180 | 200 OK | 39 B |
IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashc16023891530fbce40f0a1244c3af01c e15d9dff768d82673e5e797a8395d1fa7d9049b7 c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 436
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: f1d89064c033d560b4687fcd6b86bbff
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BBuTYNA5lRFDxhvIGLKaBi1gZUKL2BwX4Zk8%2Bf4KtXDRXgVFfN6BKmDwkwXt9UCVM7Qff4kqpX50hqIQlXCoXE%2F6WVthlqtVn9BU%2BgSAZutUKFsOf%2FhADhVx%2BAgG7s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2be2efeb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/img/rain/dollars-1.webp | 104.21.43.180 | 200 OK | 10 kB |
URL GET HTTP/3vamtoacm.com/img/rain/dollars-1.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-1.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: image/webp
content-length: 10546
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 962
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sbpEmmbIlSn7keSIZCDxy2s%2Fplc7N1IY4Z0jMHwxlqc7Ss05RB1GURmYa0pp%2F8aRZHfHjQgrF9JP%2BXTj9mKeHVkKalvUlO%2Br6Nt8ZkG4VlLh6QzGtLaGwPORDWKe7u8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b90e06b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/chunks/6335.0b3b79af795b69d6.js | 104.21.43.180 | 200 OK | 41 kB |
URL GET HTTP/3vamtoacm.com/_next/static/chunks/6335.0b3b79af795b69d6.js IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeJavaScript source, ASCII text, with very long lines (41407), with no line terminators Hash3dfda233d90a10b7c5cc845a44c2eba5 34507226ff3ec0131f1ce7330cf0423172a98aa6 e8507bf3364ac0352dfd4c6e204bc8c7d79e300182f53dd573d433708f7851d9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6335.0b3b79af795b69d6.js HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6631038c-a1bf"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ah%2B3h5tQDri4EbYC9owwGEpWshJqa1pH5CjKXM0pVj3aCweILQul1IXaHAbdM0jsT64c%2F1e3c%2B2jp%2BYSrV5kKFqxgaGebf0jb1cU%2B%2BgAhNM%2F47T7klBaMznrv8Pnm5U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b86cfdb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/img/rain/dollars-3.webp | 104.21.43.180 | 200 OK | 5.9 kB |
URL GET HTTP/3vamtoacm.com/img/rain/dollars-3.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-3.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: image/webp
content-length: 5938
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 962
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PXlWQ9JZB5%2FIbZPnJLd1FVkc9WBVpwfnwb5K8R8t5rdvpgyWLbKw5D26fbHi%2Fd3lLKu%2F0Q8dRnTqoEtdbu61GzSYPvotkyDzZCJ%2FDWPRCBJS8NGjS7tz%2FbQnz3T1kwA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b90e08b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/_next/static/css/0bc0cde260d08b97.css | 104.21.43.180 | 200 OK | 1.8 kB |
URL GET HTTP/3vamtoacm.com/_next/static/css/0bc0cde260d08b97.css IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeASCII text, with very long lines (1841), with no line terminators Hashff1d3d5d24ca0172d59b02e7505ddaa1 41e83ee08e21f369886b0fdad0ba01d8b20897b6 939b17f98d9d3585510edafa70c73c6619ea20d9b401b4396041272bed67ecf6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:04 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1843
etag: W/"6631038c-733"
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqjYyegEPCeR1p70NZPQMDBrzQ%2FIMInjAZ7fb2hzYu%2F9U8avmAHiZ7W3pajoF5cbtFXnDatpc2R%2Brft%2BN9wyUqYoVyE3qlsx%2FRxCkfRGRvfVLB%2BitCAhxmEjAQyi1zY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2b85cecb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/img/comments/finance-survey-people/person-2.webp | 104.21.43.180 | 200 OK | 2.2 kB |
URL GET HTTP/3vamtoacm.com/img/comments/finance-survey-people/person-2.webp IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash8f8ffbb278de1342e5cf44cd0c677c23 1b4b4428e409479cc8a8acfce6f537c2aeea7556 ac4284ed6941963c4fa0db306537f42f3a0b1fa18710bc7b9e1e62188961d83a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-2.webp HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: image/webp
content-length: 2220
last-modified: Tue, 30 Apr 2024 14:43:24 GMT
vary: Accept-Encoding
etag: "6631038c-8ac"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZWhuxV3%2BLQEv%2Fx%2BdsvFIfDDvAUav%2FkzuYT1IlWyn7kmN7byKQ%2FcsdwHXM3gLLgxtQw4a5CTbpnbl%2FUSfqvkkN0ilQB%2F%2Fl3FfnTo64eS0SfAhS%2BSk%2Fr68iJU%2F25ld%2BaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2bb7a73b4eb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/custom | 104.21.43.180 | 200 OK | 39 B |
IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashc16023891530fbce40f0a1244c3af01c e15d9dff768d82673e5e797a8395d1fa7d9049b7 c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 433
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 49b04fbb2fd0eb6df5516bb05e1092f3
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6net5mrT0LYY31XFNiyF7DDPcczeXnBYnMtG7YeP40FSQIgBIrN3WsFmpQwvimXyBKLxUs58nlrvMtigrfdzonUuQG5H%2BlxJC%2FKqhf6rHy4CjVkKK%2FhI%2BjpxticLYlI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2be1ef0b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| vamtoacm.com/custom | 104.21.43.180 | 200 OK | 39 B |
IP104.21.43.180:443
Requested byhttps://vamtoacm.com/finance-survey/40/?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111 CertificateIssuerLet's Encrypt Subjectvamtoacm.com Fingerprint8F:EF:46:DF:33:00:3B:87:D4:D3:05:C4:B9:1B:47:7D:A4:39:DA:F9 ValidityFri, 19 Apr 2024 10:22:31 GMT - Thu, 18 Jul 2024 10:22:30 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashc16023891530fbce40f0a1244c3af01c e15d9dff768d82673e5e797a8395d1fa7d9049b7 c7d0061f2d2b9eb7b65b547c4bdf03f5f332cf34021bc972f64b6ad58d3a121a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /custom HTTP/1.1
Host: vamtoacm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 435
Origin: https://vamtoacm.com
DNT: 1
Connection: keep-alive
Referer: https://vamtoacm.com/finance-survey/40?s=810702624694473023&z=5179080&var=156615&campaignid=5756270&b=20839589&ymid=810702624694473023&designId=[2,1]&abtest=1858111
Cookie: OAID=kys1obvi9ykxcsnm30ox6m6ynu7khx; syncedCookie=true; oaidts=1714850165
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/3 200 OK
date: Sat, 04 May 2024 19:16:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: e4e2e6a8ec71c347d6dc21ca3ed8fe02
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vamtoacm.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5lrVVxiF%2F1S0azeQrg9E3FaHkh%2B9hnjv%2BMfqJU60EiTm2jY6aszS1iG6dVSEviacpHL%2FX5mgOvgkvCP1NJnFtn2F8MwfwggY3jSrH57FqlDlUbMombGrkbFGHNkbNB0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ead2be2f01b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
172.67.182.169