| my.rtmark.net/gid.js?userId=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi IP139.45.195.8:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash7f24e939175afaea6ef5a5c051472759 0bcf1db9b2b2512065a29aacd09d5ea28962bde2 d7a24c077ea6c1c293529bc8dded921d6c94b02674a4abc1b9acf8db8271b1d1
GET /gid.js?userId=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://graussoa.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; expires=Fri, 18 Apr 2025 08:57:29 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| graussoa.com/js/_core-survey.1b09882a.js | 172.67.209.9 | 200 OK | 44 kB |
URL GET HTTP/3graussoa.com/js/_core-survey.1b09882a.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65456) Hashc55db8837cff797e0b71f434711e6c67 9ed9a20f72c6f0177f1e9e8fc297b9a326451f47 83284da23d4d3e338837278b8926ceb145ed8bad7415a96ebe6a16d00c6233f3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_core-survey.1b09882a.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-296cc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2Ad8FMec3%2FtIeJtRsBdQR3L2PE5kLzgmBDHLWDruu8prgbHizvobcRcyoMoFayIWqogxxWE%2B2f812RGPovfPwJk8N%2Bx6hTqyTqgpHBWJ%2B24DBlGRd9MaQAiQUocrG8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294793856bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 730
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 9f9194771ad9b890db6d5c46d630b58a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://graussoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offpichuan.com/track?offer_id=2058&z=5638049&variable2=2qghgn84pissk&oaid=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi | 139.45.197.237 | 200 OK | 182 B |
URL GET HTTP/2offpichuan.com/track?offer_id=2058&z=5638049&variable2=2qghgn84pissk&oaid=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi IP139.45.197.237:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
Hash518fbbd5a95951cd6212498955368d69 f6b781a48dee7d09f5b29745c4ced1397642bbe1 f8c19e1cf3423fb386d154c3effb94bc2774d81de6af91588f731e2ce2b6a4f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?offer_id=2058&z=5638049&variable2=2qghgn84pissk&oaid=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/json
content-length: 182
x-trace-id: cf591078dac1a4b147cbdc05769340e0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://graussoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-length: 0
access-control-allow-origin: https://graussoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| graussoa.com/js/src_js_parts_replaceUrlTermsAndRedirect_ts.9d33b37f.js | 172.67.209.9 | 200 OK | 213 B |
URL GET HTTP/3graussoa.com/js/src_js_parts_replaceUrlTermsAndRedirect_ts.9d33b37f.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (347), with no line terminators Hashc54761b80844cd84526f61e37d288310 6b90a0b7f5736051e503868540481d4d3b42876e 1601da202b49256c8aaecfefa1b3be29213acc9fa7b02a6313a4153d2057bb8f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/src_js_parts_replaceUrlTermsAndRedirect_ts.9d33b37f.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-15b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HcrnL7U02xrDiIkaRV2%2FIpxtFAmtBOO9vNQmRRsAj38j4cWwdrPxmWJOsrjQmXERh3gl8aruDs02ESHW2oqFuG%2BDTfDOc4l5jut463ncH1tuKdhfLlZmlhLzLw3mFys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c9656bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6163304&is_mobile=false&domain=graussoa.com&var=5638049&ymid=&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6163304&is_mobile=false&domain=graussoa.com&var=5638049&ymid=&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest IP139.45.197.251:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6163304&is_mobile=false&domain=graussoa.com&var=5638049&ymid=&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-length: 0
x-trace-id: f77d1ed4106d106e69a25ffe4f13beca
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| graussoa.com/pfe/current/micro.tag.min.js?z=6163304&sw=/sw/sw6163304.js&var=5638049&var_3=null&var_4=null&ymid=&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 | 172.67.209.9 | 200 OK | 10 kB |
URL GET HTTP/3graussoa.com/pfe/current/micro.tag.min.js?z=6163304&sw=/sw/sw6163304.js&var=5638049&var_3=null&var_4=null&ymid=&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (27174), with no line terminators Hash75c26ccd65e96e912725399ff3ce66e9 d300939979d2048844dc5ac80c51ed8121126f4e c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=6163304&sw=/sw/sw6163304.js&var=5638049&var_3=null&var_4=null&ymid=&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pbchpPTA%2BtV%2FPh7m71MyuSxg854vZyDrp1QOOhFt1jZ9gA6b2PUT7Tym2EwvgGjf1Vsd9krX4nacqd5aVlJZPQw7Xuq56rd%2Bh9D4JxS%2Fm55nsSC2G4%2FcEN0FVMRB8SA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637296ec6256bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-length: 0
access-control-allow-origin: https://graussoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 811
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: a5240be77d401584734fa6f485c00af6
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://graussoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashe038f5feccc9daf849b54fcb2e2be299 d45b65b1beb71aed233f69c15151c62a45ab7470 aa70ac485ebebd44bb4024121629e67b66ff1176ed2cfb9f4a7d4ed174e0506d
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 157
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 0668a91913396ae5c5b9e8f822e572ec
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://graussoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| graussoa.com/js/v-node.js.28d8082c.js | 172.67.209.9 | 200 OK | 4.6 kB |
URL GET HTTP/3graussoa.com/js/v-node.js.28d8082c.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (6251), with no line terminators Hashf61d0e9af048cd71962dcb945f405c63 aefdc99a8057ced201da8aba0640905dd05375d8 1d383bb00e9e3a4d2f58354b41bc0ffc60516bcdcf4486516b8638236b0aeb9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-node.js.28d8082c.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-186b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3zMa3qvffg%2FXchgEwp6tbLLhdeJ4rH6S2sTX2hdVBFvj9XYuarrXRIUll4%2BrgvOdpBTx3Zr7sRjg2dtYAuHPmuWkq%2FvxCnPMn50WL0AGFj97FCKzQcg5N7rCMicZeWs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c8156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/img/betting/sport-betting/betting1.webp | 172.67.209.9 | 200 OK | 2.3 kB |
URL GET HTTP/3graussoa.com/img/betting/sport-betting/betting1.webp IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 140x140, Scaling: [none]x[none], YUV color, decoders should clamp Hashcd54542028a12acdd77d280eb13feb3e 0bbaa5c4160b215bc37b9987ec95d9b5bffd5d34 61ef8ac2711f65c63e419159da12b2fd640138153ac2503ab5f7680619a1f490
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betting/sport-betting/betting1.webp HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: image/webp
content-length: 2276
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-8e4"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROXyrlzS6XLvMixrg7VjXSofUwZwCeC1Cf73ngm5a32VpcxABnIEWKYoCF46qbdykGS1w64TNBvMyXy0eFNEnnAHhBSXm4xGHHFz%2F9A4dKSn3srhlejsY8NcBBKyb1E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637298ceb456bb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-attributes-to-props.js.a2e7cd04.js | 172.67.209.9 | 200 OK | 830 B |
URL GET HTTP/3graussoa.com/js/v-attributes-to-props.js.a2e7cd04.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with very long lines (702), with no line terminators Hasheb57bdb06e45aff1918587283bf415aa 27d660f01e5c888c9d38a6f784ee2f4458d7d89f ecdd5f30b2bd16e4aa0274c6fce3d598419837aa257c285f2e6d18ac5df9ce0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-attributes-to-props.js.a2e7cd04.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-2be"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9NLnG7zO9iebYGYINpXeXEqLQfpvbxNlJUfUUI34XmSe3irHW0hPxHHBw153sLhfL%2BcUDXrc254dD%2Fx3nj8mnqw6VVV16EtPi2Hn6KvqEWwa2Nx91TOmNIro2G%2Bdvt4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c8e56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1774
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 0dd9940efbd1403c31cfdbc6674b2d5c
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://graussoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| graussoa.com/img/betting/sport-betting/boxring.webp | 172.67.209.9 | 200 OK | 15 kB |
URL GET HTTP/3graussoa.com/img/betting/sport-betting/boxring.webp IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 594x396, Scaling: [none]x[none], YUV color, decoders should clamp Hash0e255e2d6a693f6e9a839b87a2308dbb de83ed899c718b915263078d26a6e36038c279b9 d3ad332009f256aad9f3e57c4bd627b9a95568755d87602f3a25a09767e36076
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betting/sport-betting/boxring.webp HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://graussoa.com/css/betting-survey.e1fedc09.css
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: image/webp
content-length: 15354
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-3bfa"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r6Qfiulb9RoyUbxg5bgX%2FM01ASqONML5svAfdrfu3eWePg%2FH33mo1J9DQZN8tmY9BrNldulAOTm5ysq2LX70ljOeR2bsLLzEpceapAH5yItO%2BfGNjnORG800VfdVm4w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637298bea556bb-OSL
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-react-dom.production.min.js.c3329619.js | 172.67.209.9 | 200 OK | 42 kB |
URL GET HTTP/3graussoa.com/js/v-react-dom.production.min.js.c3329619.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (65440) Hashf5e47be85ac64238a6511377c99bef6b 14202f5ec5092ffcb622a84db5877f1c99493b4c 198b63ec93086fb7042c6052dc6558626c506852de0903547cd1b2d52780839e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-react-dom.production.min.js.c3329619.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1f94f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2B3D0B5KGJiDe9ACdlZrxPHFkCzWEGeQ%2B8oGk5Ki7RYi4OEaHkzp5leo2vMEsz4MDsAE3FZdIVFxopegba5WpaG60Nv3s%2F4hTltoLQWRqCeijdf2Q6VAfXC%2BiFmU0pU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294793556bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/config/sd/sd-2058-en.js?v=10 | 172.67.209.9 | 200 OK | 5.3 kB |
URL GET HTTP/3graussoa.com/js/config/sd/sd-2058-en.js?v=10 IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with very long lines (5569), with no line terminators Hashee917c813f77acba1ff557ea4b525111 b158280c71209a9436c15c78522142cee784953e 34026ead129384c6eab29945981350cc1f82dc4cdbfc89ac7c992eafc4a49876
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/sd/sd-2058-en.js?v=10 HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-14b7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVUC%2FitSjw5fOzqkOjSRymzRlizURfaBut%2FyyofIKsq85cQK3e0MskkutArCbb00pihQcVTF6HzwNvg5fPKG6Macply0fkEKO5b28N7wEdkvQWBWpsJOcUyzgUYScwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637295bb0156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/_rtc.f86a36d7.js | 172.67.209.9 | 200 OK | 12 kB |
URL GET HTTP/3graussoa.com/js/_rtc.f86a36d7.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hash128d6eec0793a7e02c314d2f6245f260 c9f09311c3f229b770f38d0cc69b422430f1c748 bf1606ac64db254cc565a094e7162a96f31f7e48ddece56fc92c654559e5abb8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_rtc.f86a36d7.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-2fbe"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AbWBuR3mXlmoQEVt5VygJ%2F2ZTQJVjc5KHcQUjqYKNqFIjlQ3zervnPdBrhDUu8Hwhp5UVN4SpvkcPM%2BkqDI%2FnHyTHavUDw%2B6Kfw%2BNywmOsuwwJ%2F6a6kYU2RW%2BlZQmWI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294691456bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-index.js.da9f7529.js | 172.67.209.9 | 200 OK | 41 kB |
URL GET HTTP/3graussoa.com/js/v-index.js.da9f7529.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (40911) Hashf0c16b073e12930f7cbd321dd6f8f9b9 af74daaab1c8cb17152c3352d40ab89afea0b29d 9058ace69791e8a1eb5f9849c20a6dcd6e0f9018696ed0e563c3da7082aec861
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.js.da9f7529.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-a01c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vwzj0cwQhm7bmHWNXo74cLi6E%2BWgG749uVo3zKNWAEUqYTstScNcOUVcsGtEsCWFWInOfsmTA1etggxc2aOqAj71lRDc%2BVt38v0Bh7kI%2Fjm9MxaCBNuWdbtfj8%2FHB5A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294691856bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/src_js_components_Footer_Footer_tsx.412b820b.js | 172.67.209.9 | 200 OK | 1.2 kB |
URL GET HTTP/3graussoa.com/js/src_js_components_Footer_Footer_tsx.412b820b.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1224), with no line terminators Hash5127f6cbde5f1ef64abffedd42cc5f3a 22b88da4ed5ee1a1040cf551c63a2ab822dc227a 00c01c9a9cf0c66ac7e1b9faf1a3679085c27101d8cec28a4b1b162e845d7f26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/src_js_components_Footer_Footer_tsx.412b820b.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-48d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MbQJLPOsDtvZaKGIBURvgMeCXeN22T8fEziJZA%2BYIOUcnRekTdMyF8v%2B0CjSJteocKhRx8OURgnzDa2vrAFwQWREjTvGefEV6tpO8dEZOJjfd9LU%2BSnV4XsVkl%2FcgdE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372971c9e56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js | 172.67.209.9 | 200 OK | 330 B |
URL GET HTTP/3graussoa.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash6eb1ccbb769935debb74de9858287720 5302f94074f05eb22f05368dfe3464b85c89fb48 1e016cce8f09ded837e6e46c9e26d5dddccc19bbfa89c9dc583c04d85e2c7bb4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkSessionStorageAvailable.ts.e8412d91.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-14a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rDLJIeScY4ks97sD1jjMMQfNZXG1cK9PclVOr4ZsfP4Spg2CAOFCaP4PJ0CBPYrvG2vE1EDTJX6ZxNW4i2SHHweCA684ECo%2FyGkUBuaTiBt89JHQCrZkQRBJ0hYw%2FoE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294692a56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/BettingSurvey.ca3ef9f6.js | 172.67.209.9 | 200 OK | 2.2 kB |
URL GET HTTP/3graussoa.com/js/BettingSurvey.ca3ef9f6.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (2273), with no line terminators Hashae05ba2003a03f49524f07f9b5512250 8cf00a4c457e550d417223acca97a191e13f99fc 4147796684c5a6263e5990e94893d55dd21331e1679a22576f16303d9d7089a8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/BettingSurvey.ca3ef9f6.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-894"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a9gcvfrFJkZPkS4XOc5w5Y4YMNq%2BZ5DDxV0gdrZ2Ib6PrQxPYR0UxwcfNKhZn9HPPKZLsKmP5BJICE0jJDHW7dfQCO%2B7vOc%2FF1qNktL5%2BQXR92sPHEn5pkXl9WqpvWM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372971ca156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offpichuan.com/rotate?zz=4326387;5592660;5592658;5592700;5592653;5592702;5622941&var=5638049&uid=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi | 139.45.197.237 | 200 OK | 3.4 kB |
URL GET HTTP/2offpichuan.com/rotate?zz=4326387;5592660;5592658;5592700;5592653;5592702;5622941&var=5638049&uid=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi IP139.45.197.237:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3486), with no line terminators Hashd746ee3278075574693a4f7f2ca3ac87 e9e7b760ffc64ae1051012d26393394dc1f35198 b1af36f66beeeaa8ac3f79540a42e8b3f4755f2b2108e96c1406ec710d8a0b5c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=4326387;5592660;5592658;5592700;5592653;5592702;5622941&var=5638049&uid=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 08:57:30 GMT
content-type: application/javascript
x-trace-id: 34f19343621049950b5e20277f9121aa
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://graussoa.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; expires=Fri, 18 Apr 2025 08:57:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| graussoa.com/sw/sw6163304.js?var=5638049&var_3=null&var_4=null&ab2_ttl=5184000000 | 172.67.209.9 | 200 OK | 1.3 kB |
URL GET HTTP/3graussoa.com/sw/sw6163304.js?var=5638049&var_3=null&var_4=null&ab2_ttl=5184000000 IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with very long lines (1381), with no line terminators Hash3787ac5c21418ba3e7a105218766cef3 da8f800758f781c09600f221c9fae59e0d93a669 1376b9e0ea57659418877e9756c4a2443f7d3c61e972cf56e5d522ff6ce83713
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/sw6163304.js?var=5638049&var_3=null&var_4=null&ab2_ttl=5184000000 HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xKKGrDflgoAYj9M6iufHdMmChhMefhDcCO7oIqZtZxW2QHOiXM1NK4UjrrsQncNXkSy1liwEYPSbRq2uS3TmFxthxbggz4Ymc5J7y%2FQuSYKNvns4BkWJ8ZGX9ql8dt0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372989e8856bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=c7b2ed92-837b-4f8f-8e6f-b446e4916c74 | 139.45.195.253 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=c7b2ed92-837b-4f8f-8e6f-b446e4916c74 IP139.45.195.253:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash6949f52318584a4b51c719a9b84a7287 9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905 72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=c7b2ed92-837b-4f8f-8e6f-b446e4916c74 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1432
Origin: https://graussoa.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 18 Apr 2024 08:57:29 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://graussoa.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| graussoa.com/favicon.ico | 172.67.209.9 | 200 OK | 1.2 kB |
IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:30 GMT
content-type: image/x-icon
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJa2fLqHrp74tQM5HIlWRAFXVZP7wO9zB04LtWoJFbl7%2Fx4jzwpbfhwZL8F1EoEGLnNq4jUQGgsme1wkvgeOk8E6PWENqIk061%2F4lbEYyONP9JzFpz0e8z8KvEMbZhU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8763729b5a1156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-constants.js.49317f47.js | 172.67.209.9 | 200 OK | 600 B |
URL GET HTTP/3graussoa.com/js/v-constants.js.49317f47.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with very long lines (664), with no line terminators Hashcf8c486ed295e4a6a30f4fb155bf9fd3 9942a3d40672242af15f2d5cc95df2c06872914f 83c4b13e336b66f673d082c8b9b2b20fb98772916cb5da52f9e48c929cafc9cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-constants.js.49317f47.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-258"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FYn0yCgrBS4lIMmMeU0uTkAa2diT%2FP1IsEPLCuOib2TjcFI6oHJ3%2BRmokZbqZFs3ehvgr50X5Ia%2BipC85d8nKNHudiby97Jsf9tYl7tSMehMne%2B%2BPpGf08lyX%2FBv7n8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c9356bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk | 172.67.209.9 | 200 OK | 7.2 kB |
URL User Request GET HTTP/2graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk IP172.67.209.9:443
CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeHTML document, ASCII text, with very long lines (7439), with no line terminators Hashb0e40c33fa7165c750b0a6511d2b3ce3 6d40946ca3e4d9581e5d88a56523f1edea8a5319 d20dde358e53a77cedd3f0cdb63fbfb7cd99cd89ce3c8f6b4597c10f069fba74
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 08:57:28 GMT
content-type: text/html
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZKcj8NsstSrMe8yMbCPBD9ZML0y8HXoKc9dnfJdMBr0wv34gCZAPNOLQ%2FBuwVKcaRuBDETU9P0H9TY%2FjYkU4zQLu5ncYhlHZulGf3O0pB5kvLMbqs0FHNVcecKsgMA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372929d415693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| graussoa.com/js/v-domparser.js.97173b2e.js | 172.67.209.9 | 200 OK | 1.7 kB |
URL GET HTTP/3graussoa.com/js/v-domparser.js.97173b2e.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (1772), with no line terminators Hash46dd2964e007bc585a8f72ed695089e8 d02de9abf34cf05d707899e2562c067a8e5326bc 96d95d967e2f5ca4a1be19cf0d21f756ba2d0295ad5f4e967048054e85f6072f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-domparser.js.97173b2e.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-6b8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iDXP8Ud1eQnmyC5lmh4OjMl7Z6zmLp%2BLEVV0jnQRXL3yK9TP1R%2BgfJwuNKLmsv5tw49qOpFTOfZ6biORh4MF49%2BOl58rvG9ly1RcewVtPoCKff6wOT%2BcqaUPndHixTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c8956bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-html-to-dom.js.ff1ae7e0.js | 172.67.209.9 | 200 OK | 364 B |
URL GET HTTP/3graussoa.com/js/v-html-to-dom.js.ff1ae7e0.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (373), with no line terminators Hash57f543d4f79657dc92755e2f2031da65 4884f924743049d7812b58958633a40f65e159b5 0fcc39a4a2b765b1ed92a6093fe6dc70e0a886914746f5af6fda6e3d1dc7417d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-html-to-dom.js.ff1ae7e0.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-16c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iKCDYrdXPK6%2BMg8Kvf7%2Ffi75flUzBaV46qlh4ZB56l4Y%2FYE54CPN%2FFwouDaD8gM80UQr7TsKdU6MLOOKIddM%2F2FjywcBQjpeMqrgDpIWVkw1y07PSNyy1k6cn3%2BNpiE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c9256bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/betting-survey.6c005c50.js | 172.67.209.9 | 200 OK | 577 B |
URL GET HTTP/3graussoa.com/js/betting-survey.6c005c50.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (599), with no line terminators Hash92a8eb7e6933f05ba71973db5945d5f3 ab4cd9925577ca2565c41ac942044b7678fb20f4 090cbd9c1d09a8110e5d2d44441721c5cbfe036d6ef7d967b8c4e5873bfc5e70
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/betting-survey.6c005c50.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-241"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XDndsGCjUksZQImgUl3gNx382km4mstIjJRkorKNb%2BJOVkPQwVwbOyCuKXbjvTjCemCnDrqEFTFqzoY3Js%2B%2BQGpio8d701yfNcXDdw4d7ws%2BpWcONdgLlKfrrinxanc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294793c56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/css/_core-survey.d3ac2ee0.css | 172.67.209.9 | 200 OK | 84 B |
URL GET HTTP/3graussoa.com/css/_core-survey.d3ac2ee0.css IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with no line terminators Hash6a5389a102082103af302d75143e0dee 973aca6dfe59e2ffa6c60e28c38990c1eab24480 bbe86a1b8677d7959eb23b92c572e154a0067ad5263844e40f95d018857630fb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: text/css
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-54"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PujyBtCv%2Bhqbt6kv%2B5DpHXIUY2A69kIi0PWk1iXD7xYcNlcQPDiFboxbddLaylbuWuAjQw%2BzI%2BHOaKM4Y6AHPt8AnGIEPxD9lJP3iSMGkP70Pdkiq%2BhTpl2McysYkOc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294895456bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-redux-toolkit.esm.js.fe3487ca.js | 172.67.209.9 | 200 OK | 11 kB |
URL GET HTTP/3graussoa.com/js/v-redux-toolkit.esm.js.fe3487ca.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash5aa3676547abc9a38889c09e69ca968d d19ea919192e86f97c34c0a5959ad05c52299aec 21648e7ba668a077e403b6bd1a38f05d55d987737b959d57e3b3c53787107eb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-redux-toolkit.esm.js.fe3487ca.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-2c37"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3tqqKGQdEjE9U2pjDCzLnCnFfgxdSKRB4HA90VBM2UxymrTVFrk38vQaUpWy9BT4GTvbAr8ijmwXRkHind8Vw6KvjC0SCvIPddCcn31iJ5JkB8XPScL2Rh03%2ButUnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294792f56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/css/src_js_components_Footer_Footer_tsx.ae79160e.css | 172.67.209.9 | 200 OK | 384 B |
URL GET HTTP/3graussoa.com/css/src_js_components_Footer_Footer_tsx.ae79160e.css IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with very long lines (385), with no line terminators Hash96e0e3300f296423edf36d38d86618a3 85917c7d784ad37b14889c01fbf9fc8eb0cc8e72 629a53a1d8716a3d8505a2bb99ed3c249a1744cc11b7a815cde02e064dd09cba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/src_js_components_Footer_Footer_tsx.ae79160e.css HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: text/css
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-180"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5fYRfoLZ1COBLd%2FFsEaeg%2BrGwuXzs%2F6LcOYi2bN1u4nnhlESQx1ef03O7e2dXgXjpuHlZa5ZD2AvlF8sI19QDNFadgdPWofylSWq%2FakgtPux%2BfYWyNi8Xch4w4p9BcA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c9a56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-possibleStandardNamesOptimized.js.205abacb.js | 172.67.209.9 | 200 OK | 7.6 kB |
URL GET HTTP/3graussoa.com/js/v-possibleStandardNamesOptimized.js.205abacb.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashf80cb2aef29b4a80d135d1a598ce1dfa 0653306df1fd8d8591f84661643825e41684d3f6 43c16ae11cea687efa4ca55dec516b23257c3fcb22c9d3541041f1816aaa7b5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-possibleStandardNamesOptimized.js.205abacb.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1d99"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2FTB5DRSFfwV6Lc9r%2BP6fXr7HWSUhLqegBqvJ3JxJGXUS11%2FuXtzc3qv3%2FOyQj2LY2%2B5KAXTCA%2F3zXbr0lD2xLSIYXAYhv%2FAtN6Zv7BIOIuE%2BZg1ohA1nOZKOArmlHY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c8456bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-utilities.js.d1112fc4.js | 172.67.209.9 | 200 OK | 2.6 kB |
URL GET HTTP/3graussoa.com/js/v-utilities.js.d1112fc4.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (2645), with no line terminators Hash3f45699a0edf3555d230727e3e1ba866 f30b9f52153e77b9ce60a30ecb15f36657792908 1b312ac32a5c37ffe1c4bf861a048a76d807155fe494adf5dd356d067367f488
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-utilities.js.d1112fc4.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-a11"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EF3Pq2i1Znz2rfT8QCj9mLOjDbredxSQa%2FEzzUD8o6kfTGqiaxQkzcGbAv7lmrd0ldqnxTpJ34Ijj2Fjy%2FuUAYWKmpPJRvTUarFkrOH4KZx24PiOk9v6HnX7xwc%2BZ%2Fw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c8656bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-dom-to-react.js.26fdf751.js | 172.67.209.9 | 200 OK | 1.1 kB |
URL GET HTTP/3graussoa.com/js/v-dom-to-react.js.26fdf751.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (1101), with no line terminators Hash5693cb2629dd3231ce6fed788c41b150 872d71cae7dddc37389be6bae0fc4a5b611ec9c0 b312636bf1d349d818517865e89c22f8b9ef9e61d1805cf315e44241ccc05d26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-dom-to-react.js.26fdf751.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-43d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkjsCl353aWH40DF6FGcRU671kW7m6cfKf7vj0qjst2RfiY9lUEsn0hXbbrKLQxtiKkQxGkS98m2umeeXvn0BYNAUMaFPlALtq9WKO%2FsZf8jsjIDGToeSpn134uMo%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c8b56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js | 172.67.209.9 | 200 OK | 330 B |
URL GET HTTP/3graussoa.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash9a78659da737fccc89546e61f0eb6213 84e705584bdbc81715e0326742f426c2f472d3a9 bb46fe2e65cc91e5a01a8e731754fdc9b8f30813835a673bd96b48672ac82d60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkLocalStorageAvailable.ts.f2fef93d.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-14a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5gdfL4Quyh93IafEHlzOOq9DsJR7QTYtBza3957ZZ2jKeYiYk92oQlgCi1nORGUDAsBS8%2BDKScyrkJbuQkuR%2FGFyd6hpmNrK6Ob0Nxg1GA5%2FvyjMJYr9sMcuTV88y98%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294692d56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/config/dict/cookie-consent-1.json?v=10 | 172.67.209.9 | 200 OK | 6.8 kB |
URL GET HTTP/3graussoa.com/js/config/dict/cookie-consent-1.json?v=10 IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators Hash4b2ff958e811a50d2f641818590b443d 6abae297812bb55fad869e953e7fdf7469cbe1ae 9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/json
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44CKU6AQDVzlZbR8A%2FZ7avHlP6lfu9gw2aoY2yxM7A5ypjBaXVYdpwteTuXvxNdDRHUMGI4QiRIm4gEh%2F2jjozLxyKmTrtMDShEBCeyVQJbgWSSK5p0ox7bTLu0zp%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372962b8156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/v-index.mjs.19622407.js | 172.67.209.9 | 200 OK | 35 kB |
URL GET HTTP/3graussoa.com/js/v-index.mjs.19622407.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash1de1ec2d8e7940b88970d8fbce40ed6d 510aa24127fb8bc3578d9ca4628b2eea5a84ce01 b473156bef833bcfb2e84658093f1ebc1e64011dcba904e26ccb31f1cad8b762
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.mjs.19622407.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-89d7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cw%2F4%2FPCfQuH%2BZYrwjzmpIXByiuoyn9%2B9aEKG%2FHJ5e0RJavwZQHRidugEkofVVqmIQKMrp7MOG8lXxST4rX3hteuGEl9fPFEapQL8pJNZzIr3eOowHBmmzLQAhyhJ7Vw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c7f56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/pfe/current/stattag.js | 172.67.209.9 | 200 OK | 19 kB |
URL GET HTTP/3graussoa.com/pfe/current/stattag.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (19053), with no line terminators Hash3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/stattag.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-4a6d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4i%2F6jdnUOVJCnf5Y5iyQB60gRQ87egVGChP55s6qNxO9nR0u0MF5%2BT0x965DCOZ33fHprElskFjcI51If4DhNZQoaCs6rx3S44ZxrRwCl8EXRtqT0QqyBEGCFEf6D8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637298dedd56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/SurveyContainer.e2959212.js | 172.67.209.9 | 200 OK | 57 kB |
URL GET HTTP/3graussoa.com/js/SurveyContainer.e2959212.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (57003) Hash1716bf0d79004adf0eb2cdcd64159891 67852b096bcc8817fb0b9b98abf264e40a59310c 56cd17eb9def743ef4bc4909a6eacb77266b749181cfcaec4d478336b1c6ff21
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/SurveyContainer.e2959212.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-defd"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wa3yyGc2bQ%2B8bq3x9AW6RiS%2FSRtGnyqFs6%2F%2BCgiu03IUfGauL24Exnp7W5hPGAderqHt1rnRGD8lT%2B2%2F6IWU1w9uFUzLrbOF1WlNvV3RLOH8Zg4T75i%2BS1cqBpLHkSE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372970c9556bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/s-storageService.js.bb9f7a22.js | 172.67.209.9 | 200 OK | 2.2 kB |
URL GET HTTP/3graussoa.com/js/s-storageService.js.bb9f7a22.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (2216), with no line terminators Hash803fe057e4762b54a284184815cfb62e e748b6c77988934fe2b458b61a93e35f22cfecbc 0552fbab13dd0597298180b4d1c5e1a8a2ca66e121e3ab892f100366c8d45d3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-storageService.js.bb9f7a22.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-87a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M2ktjNzvpAOPAVFPFXhaek3N2kwQY9MvVsiXPJgVGqu0KytZnPG3dZxO3eyTig4wQaXbxWyq7H47n0cOgmYYSMXUuk6NBgEeJVcRnXHPHd0rRLVDG2oyczWrbN9LJWw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294692256bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/js/_each-land-config.3299fec3.js | 172.67.209.9 | 200 OK | 72 kB |
URL GET HTTP/3graussoa.com/js/_each-land-config.3299fec3.js IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeJavaScript source, ASCII text, with very long lines (65452) Hashe50959a36d50199dd1e5357099e71a21 e9bde06c83f10ac6300701792180dc50c298e79b 231a989a44135e73887bfa3a1a56a6205e7e00a00f746976bb4bc0601125ab77
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_each-land-config.3299fec3.js HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-1196b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxPX627GcjcDoeI6ls9FWkbwRj98MLB9sGutFkmkbMrhvjlo%2Bnc6CK%2BLYQIT24%2Fg0YRqB5RsBBtKU8sjrdFdYTMjg0FCtl5YEELL%2B%2Fnhxow%2Fkg60kr7dDDAjCEyNcWs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637294793456bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/css/betting-survey.e1fedc09.css | 172.67.209.9 | 200 OK | 27 kB |
URL GET HTTP/3graussoa.com/css/betting-survey.e1fedc09.css IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeASCII text, with very long lines (16783) Hash76295efc6bef5edde2a49093b9d43d78 b2a24e3cdc1f7baa36090667190d251fd2c33430 b7d11adaa402b41da5689f40a357809b0e4215e5c046544db1894c15e9433664
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/betting-survey.e1fedc09.css HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: text/css
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-6863"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OsF0KuA6CraApsewPVzsJL%2B8Qyqo4MbxFQQi%2BW1laJoPhifenrzQkEhFF9fQtDad7igDMgS2Gw73LsaQtSvgHwSi%2BNVBeBgeuiKuuxjimBkzs9ZAHfQHHF4pjHBAcs4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876372955a8e56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| graussoa.com/img/betting/sport-betting/ball.webp | 172.67.209.9 | 200 OK | 2.9 kB |
URL GET HTTP/3graussoa.com/img/betting/sport-betting/ball.webp IP172.67.209.9:443
Requested byhttps://graussoa.com/betting-survey.html?z=5638049&offer_id=2058&var=&ymid=2qghgn84pissk CertificateIssuerLet's Encrypt Subjectgraussoa.com Fingerprint45:C6:6D:F6:0D:7D:3F:96:46:45:0B:0D:43:96:09:2F:46:4C:2B:FE ValidityFri, 12 Apr 2024 14:39:05 GMT - Thu, 11 Jul 2024 14:39:04 GMT
File typeRIFF (little-endian) data, Web/P image Hash825112e52d4395f2fea6284419244dfd 319282ad0d2a1da4c6cacd67784c7ddc897b33ec 97e541db3f4df8ef84da4e7269993281662249d4f0b5f01010801c5d73dddb23
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betting/sport-betting/ball.webp HTTP/1.1
Host: graussoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://graussoa.com/css/betting-survey.e1fedc09.css
Cookie: OAID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi; syncedCookie=true; oaidts=1713430649; ID=ebd3xk4yh3q5ykl6oh3hxzynsba83tsi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 08:57:29 GMT
content-type: image/webp
content-length: 2850
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-b22"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OVfnxvPfuG12S7yqWg%2BrtsM%2BuEd2TkdaEdkvt%2Bbw8slNkLUxY0JJyR21ThyIrt%2FVvBPk1UPLeO5Il7%2F5XCAdcjNfCHmw5a1dUiNgxOLKT%2BRpo0WtBCeeMNzOJf0EnfY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87637298bea756bb-OSL
alt-svc: h3=":443"; ma=86400
|
|