| googrootsurvey.top/js/_rtc.f86a36d7.js | 188.114.97.1 | 200 OK | 6.2 kB |
URL GET HTTP/3googrootsurvey.top/js/_rtc.f86a36d7.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hash128d6eec0793a7e02c314d2f6245f260 c9f09311c3f229b770f38d0cc69b422430f1c748 bf1606ac64db254cc565a094e7162a96f31f7e48ddece56fc92c654559e5abb8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_rtc.f86a36d7.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-2fbe"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b52mZnV2cTdjJPEaBwE14UCPkO0Wl8C5j5w4GNZ6QetCO75ndwlcfqevGmfFI82FsVgchC7wIUMYAMZ91yCPOfMaY%2B2nOHcMIYMR0MOPWBH5Gx%2B5f5MZUgZha4fnij73q%2FZ5YxM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe385856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-redux-toolkit.esm.js.fe3487ca.js | 188.114.97.1 | 200 OK | 5.8 kB |
URL GET HTTP/3googrootsurvey.top/js/v-redux-toolkit.esm.js.fe3487ca.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash5aa3676547abc9a38889c09e69ca968d d19ea919192e86f97c34c0a5959ad05c52299aec 21648e7ba668a077e403b6bd1a38f05d55d987737b959d57e3b3c53787107eb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-redux-toolkit.esm.js.fe3487ca.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-2c37"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2BS6gMSUC%2BmqRK%2FYpvTYt%2BTwKVJKjI8%2FeLQxdnq35ldIBR0CHS5WUv5AvM%2B85HkT9Z8PlG%2Bkcb1k7mghkjqYwE%2Flwd%2FHMOvZ%2FvEGuFH2Gghob4gE6rsbSRLTr1s0ju%2F2RTptyBw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe386356aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-checkSessionStorageAvailable.ts.e8412d91.js | 188.114.97.1 | 200 OK | 9.0 kB |
URL GET HTTP/3googrootsurvey.top/js/s-checkSessionStorageAvailable.ts.e8412d91.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (330), with no line terminators Hasha1707fb484c103f2351843fcfb7028c4 43d3d0c0563335d6a9ba13a8920bdf7b70cea7bd bec32703d77fa5a512dd84399bdd43cb32735e483476e66d0eeb957a403c790c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkSessionStorageAvailable.ts.e8412d91.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-14a"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gO9W%2Bu77g8MfItqkacFJoAnDwaiYGJIhxJAOpf5Z2BhoQtbqR0clVDaAOSaebrS1uMcT%2FN4%2FQ5eHOyU4%2Bfx4aWA3JDunhxaMTnHCJxLGVXxe8Wb5ocjYf68dZSrG8LjdnnUJL%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe386056aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-3.webp | 188.114.97.1 | 200 OK | 5.9 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-3.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-3.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 5938
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4310
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oHAOJ9eNOy2uxFjanFprcMB9SHaFVR2ijAbGIbKtIWpI7qi9ceYw1EF1YoO%2F9kM1OiBaPFWAbAA15WwvR5Nn%2BYICfQIrjQLwm5Y10sB6%2Ftp%2BQgESL6W21y298SfhLnmzYrXulAg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d006cdd56aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-utilities.js.d1112fc4.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3googrootsurvey.top/js/v-utilities.js.d1112fc4.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (2577), with no line terminators Hash18cb151303391373ec2138ce7f10bd7f c3d6fdc026a675d23ac14beebd3a46e3e72e9dc4 93cc28fc75a9cbc865ed918e1a8d139ecf52c3a7d9a2caef63ed7092f69ee142
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-utilities.js.d1112fc4.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9118-a11"
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FU716QXT2ZAfU2itcFUDIX8tDjgGKJ4VEBHRoRi9rNfKHvyXvCUfH%2F%2BVId4G2GriHsRN3e3PWU0MbNVeDGTtEBAeZx5iWNv15pa0FIxUGx%2BSwjtp4xYzjeYtn53b1nQ9kkb7Vw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff6b0856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/betting/sport-betting/star.webp | 188.114.97.1 | 200 OK | 246 B |
URL GET HTTP/3googrootsurvey.top/img/betting/sport-betting/star.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash01caf8f85cfefbebbb8cd3fde3f6d973 f47df1411899076e0856c75114597168e2afd8d0 7bae9821e9132aee43121502a061a55671dbc660966e0c5c3e2a88a6d48b9a84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/betting/sport-betting/star.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 246
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RUeKAG4lWa%2F%2FHIQObRltWGiNaz59kz90WtLEmy8JeQ3gIe3o%2F7VfKT6xDumjFGi6Eahf7jpWpnYDW7OZDYOY3PQHsuQ3xLixrfffmaXW6vuU9rxUf%2FlDNWEYFkPHvFNausx%2Fj6w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d006ce756aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/icon/finance/man.webp | 188.114.97.1 | 200 OK | 590 B |
URL GET HTTP/3googrootsurvey.top/img/icon/finance/man.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hashd729db2f101fe611a5a74cec2fa7a7d7 5a13312a8723c57605804f07f064b5f233ea9595 929f7c5d50d2bea65039de8cf572e24c1957209c92b983eebe4c322a93ccfe87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/icon/finance/man.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 590
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-24e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vzwtyoAm3%2FewX%2Fp7hb998lSas%2FCP01dSrX%2Fi1kzVDg5UehY7PgCXoY1qLT5mTbtHbflh2f5p9WrNyghN5BHoB8bYoKTkNHqhWwnJ0wwSDExQWBM0SInjuWsm2uN%2ByaaVlR0R9Lg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d006ce956aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/_core-survey.1b09882a.js | 188.114.97.1 | 200 OK | 55 kB |
URL GET HTTP/3googrootsurvey.top/js/_core-survey.1b09882a.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators Hash0190c361e1a4f2f7239f497544c5e616 27a6eae98d28880bd36f9024c7bdae0f41623a5c de932ff55d7e505890689d887ac80b2ca7bcfbd491f49445d0314c982bcb99a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_core-survey.1b09882a.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=169676
etag: W/"661f9118-296cc"
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z3YJYC9%2FWZwhAZegXaiRvBzp6Tqq2Bz5GfQKkVfU84YU7QqCnV89ongJKVj5vPo7GZFgNFFe4tc5g53t6WgyVGqGRXL0f%2F%2B7y7JJPYJ1q8F6txZ4TELp2EUHAP7mAx03zelTHsY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe386f56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 749
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: b2575ad8e388938196fd47d659d2194d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 157
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 103caa9c2ac131b973e0182549a374e2
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6679107&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6679107&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest IP139.45.197.251:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679107&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-length: 0
x-trace-id: 0e9e9674248cbf1ecaa2bcef1fca624d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/img/comments/person-1.webp | 188.114.97.1 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-1.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash56441eb05774cd7ed15d829e06947346 25649e1ed3820d97bd8bcdc737974e0c65adc1aa 5be168d58cf2dc0e41bc5a9b386add0d57fee26848613ca601f0c31378a8ad02
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-1.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1122
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-462"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32I%2FxE0ys1EncfWBgpnLfz0p%2FbfJZ%2Fe7ZMdAPC6dVOIVXQt6Ee8rkG6fp3h9YGFCQSo5TvuDE8XMG0hWvsbPoW2wbzUEjDZv4IDwgC%2BYkbEwU61sqi%2Bqf1elOXHr7sJoCXP8pPw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d018f6156aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-14.webp | 188.114.97.1 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-14.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7dc8c2c56e77f2a329230f677b6e5bf8 23b56b25ef6370e93d6c070c212684ba99612fcc 49ce3d1aa6533e2c9715cdc971939ba08f7072b87d7f60dd1dc3f0ef892e44fc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-14.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1672
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-688"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ocm%2F0cWYWCfshgQLF2MFFfnH0mT3cGbqXcwS1qK7KdW%2FDoD2F%2FAINN%2FFV8Sx%2FumO7CBrK3HhpKqnResriZientas%2BTgCAyautaB0OAOVjLs%2FaaAyc7XKQLspKxRKwrR8Ogw8Igk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d018f6256aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-4.webp | 188.114.97.1 | 200 OK | 1.4 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-4.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha78233e0cf1abbb3c5c98ef32a087d96 5ac6cdfb7f9e7be828a4d01e57f10379ef173889 3854114bf0acf8bc190e93893a80429d611c1d16b61d6cde07af182c232a30d7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-4.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1356
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-54c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bzJ1pO6Wn7lzb%2FPdkTWnS5zewv7PRins0WiLmPIgq8gsR0Hu5FgYjv1IdIMn7l%2FUbIscDRwWbtSunj6q7sBpAij7W82DyZmDjowuJjQtj2EnoSkYCriW4j74lTSbxqMdCAGOrQo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d018f6656aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/config/sd/sd-9540-en.js?v=10 | 188.114.97.1 | 200 OK | 4.1 kB |
URL GET HTTP/3googrootsurvey.top/js/config/sd/sd-9540-en.js?v=10 IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeUnicode text, UTF-8 text, with very long lines (7943), with no line terminators Hash8ab509e5faf8beaa7205e4d2852e5eca c35e95ed5b6bb71a5cdf0eb2e349fae42685dac1 6a3ff31d913496a3eee3a8e0d9a544ba3399dde26b393187e24d33c27d2c63be
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/sd/sd-9540-en.js?v=10 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-1f1b"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mVxlOKFVtsmB3aiIoZ47iWmhMkJ6oSsvz56H%2F46ZPFvMKHqEc0aXCkmXq985E7rV12%2BciAGh%2BVxKn%2BfWZlmmGIHUYNQuIpKJEBNRvA%2FJpJcD5OhgZohZ%2F7Ulum2UTbsByBf4tBA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfee9e256aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-3.webp | 188.114.97.1 | 200 OK | 982 B |
URL GET HTTP/3googrootsurvey.top/img/comments/person-3.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash489a7f64f96c92f3325af92fa2af78b5 098cbcbd7ee329321d2fb7bac74535ab258a1f97 fd84809b70e4186fc2529a7ce54316e51ddf51ff8b2f099dcdb88ea91840be4f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-3.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 982
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-3d6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BOKVGFKalx%2Fd%2BV%2B8EFHWK9kU35TvaG2%2FTlFEsSr9FPU80r6G%2BP56ZmK0QcOurzz3TLGg%2Bzm5ffnAO6NdP1h2A7a6Pbkau7FxCzHcydoiWSKl3rPBLxDzdYKggXRnYaztxM9G7S4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d019f6f56aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-5.webp | 188.114.97.1 | 200 OK | 1.8 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-5.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash10f4b15b0a471e17ef598de73ffb319b e3fd3478fa27f2cce0a9b945c50d640832594594 21411e70dfd7d12a4180188a1ccf3797df346cf6cb6f477f5ecbfb505d6fa378
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-5.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1846
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-736"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NK6Sx38gbXvYnws4%2Bj4VCdZbdCJg50SzHEkOkaXirOZRoEU9yFkoPX4ZOjn62JlVCuz7O0k4arywnoMQr%2BsUECR2jWXKJCBsTEuXfl798iq7qWvPi7TkDF1165sEcAu8T%2FJXyCw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d018f6856aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-10.webp | 188.114.97.1 | 200 OK | 2.2 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-10.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash9dd9074774147c349c8a5bd4760c3cfb 99675a91391516dee57d557728a8cc96257429a3 318ecbca5e7cedf56bad3a556b5c8a8fd14b22a3d536c85f0e4a646e40d8d332
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-10.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 2222
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-8ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gBT3ZoK8ihIXgl%2FWQBSWzOcPHWB6wjVTVAElb%2FBzpYy2MLK7tSVLkH%2BpYsG8D8njSRTubF4HrJdZpabGwmQ%2F3shR22gMUFmeJ%2BhDMSyFW2WVvCoqaW9YZrqH%2B16qVXtSQrSBtjY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d019f7456aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-2.webp | 188.114.97.1 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-2.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashcd20c1e86fd66d301b6e35a97af461fd 3f92712ef775681d59dfd96bb9b6429227a944e9 0d5556f5acd9a72ca66c6bfab3d813e35f504dcf73e6e6baca816da78a8fbad0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-2.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1104
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-450"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RXeWb1FDCuRqNlz2frap0Ym7TsieG%2FssFoS4YkeauU2gybO%2FO1k%2Ft%2BiwjPA8CNYt%2Fpjb6r58NURB%2B%2BuT%2BW8uZPkjt7wLGQ52IS60hemoWCKYix1xt2AjKH7hGJAO8sGQ%2ByAvIo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d018f6356aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-9.webp | 188.114.97.1 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-9.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash12f578cbef79e63d347e2c8384c03ce6 496afa2132dc6a09052596587de749aefa634975 be233e744893994063c5cc341d9f60ff9ccdaa582da7b05bcfc01a7415b7cffa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-9.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1654
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-676"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EgFlM4aUTjDVxulzghoPzgXhwY8Vw1dPZr1Qrw5Fb86qA%2FXCxtUFq8pYC3Avtr8Wr1NAL65UjBp83VLcqIfJcPIa%2FhmfpRi%2BQpy2wxYkVYRbK2PQbWOgZ66EdN78MP0ZEvWouxU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d019f7256aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-8.webp | 188.114.97.1 | 200 OK | 1.8 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-8.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash2ad9296fef7cd1f60823b80098d31c1f 145b3a66be3deb658a453963cef39a018b6f0928 82bcaa459e3d55b1f99c7154b506f5f5f464f04c5873a3e66ebaf5d064c4de6d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-8.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1802
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-70a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BL6OizVkh%2Bh8KogiNo0N3SDJqqrnvEhIJmN8OhFMwRK236Ksblh2QK8KgsTQ%2FJkwGpB6DPNdhhk7f52HxUzpq%2FsF6WYsVzJhg2G7LGKmKsVq1oiZLcmOqjVcaL9d74jXH3rEKAg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d019f6b56aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=o7m98s3f4vqlaou48bb0h00izevi1t6n | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=o7m98s3f4vqlaou48bb0h00izevi1t6n IP139.45.195.8:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashabeae4939c36e7b7f295b78ac553aa1f 370f392ac5f29d62f52cf93df569a6056cee733b 6c333a23e83b256c550970910c9771b163baf46d2de8258286edd10d1f04b213
GET /gid.js?userId=o7m98s3f4vqlaou48bb0h00izevi1t6n HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=o7m98s3f4vqlaou48bb0h00izevi1t6n; expires=Fri, 18 Apr 2025 11:48:26 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 798
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 7cb6c8bc25ee6e9bfc46c90527bf7b1d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1677
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 8460a0119c08a46bd48a6e9ed03055d4
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offpichuan.com/track?offer_id=9540&z=6070194&request_var=2256&variable2=662108754676e70001a0a288&oaid=o7m98s3f4vqlaou48bb0h00izevi1t6n | 139.45.197.237 | 200 OK | 182 B |
URL GET HTTP/2offpichuan.com/track?offer_id=9540&z=6070194&request_var=2256&variable2=662108754676e70001a0a288&oaid=o7m98s3f4vqlaou48bb0h00izevi1t6n IP139.45.197.237:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
Hash518fbbd5a95951cd6212498955368d69 f6b781a48dee7d09f5b29745c4ced1397642bbe1 f8c19e1cf3423fb386d154c3effb94bc2774d81de6af91588f731e2ce2b6a4f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?offer_id=9540&z=6070194&request_var=2256&variable2=662108754676e70001a0a288&oaid=o7m98s3f4vqlaou48bb0h00izevi1t6n HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json
content-length: 182
x-trace-id: 68b48665c9661b15f059340a0985ccd9
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/pfe/current/stattag.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3googrootsurvey.top/pfe/current/stattag.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (19053), with no line terminators Hash3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/stattag.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=o7m98s3f4vqlaou48bb0h00izevi1t6n; syncedCookie=true; oaidts=1713440906; ID=o7m98s3f4vqlaou48bb0h00izevi1t6n
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-4a6d"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yFhBzaV%2BXmkfxeHb3XY3nkum3%2BZkjYHnCl6INGqE0sZSwuBfE%2BxTrYCVmrgS6CgYsbzg90ldDLr83a8EpGyCFVk%2F%2FupFTSTXlInybKAphytYvTj6JYhjz5mpjXrM6oTPJCOYVII%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d032ae856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ed26ae0f-f761-411b-9515-f8d4b887869b | 139.45.195.253 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ed26ae0f-f761-411b-9515-f8d4b887869b IP139.45.195.253:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ed26ae0f-f761-411b-9515-f8d4b887869b HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1486
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 18 Apr 2024 11:48:27 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://googrootsurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js | 142.250.74.163 | 200 OK | 203 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js IP142.250.74.163:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeJavaScript source, ASCII text, with very long lines (554) Size203 kB (203369 bytes) Hashe9ccb3dbde79ba5ffdf9cad4b32d59fd 3a8cd67adc7c885bdf683f1e7f491e6a4a50679f 8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137
GET /recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 203369
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 12 Apr 2024 15:10:08 GMT
expires: Sat, 12 Apr 2025 15:10:08 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 29 Mar 2024 04:30:36 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 506299
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/sw/sw6679107.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 | 188.114.97.1 | 200 OK | 346 B |
URL GET HTTP/3googrootsurvey.top/sw/sw6679107.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
Hash186e71baa862c659934cab36e06d3adc 253db82c256bee980426d53c74b5570dfb18f1c9 4fc8c90994b3e63840560e42eabfaeeb78490a1797b3da05ee15222a69c6f838
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/sw6679107.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=o7m98s3f4vqlaou48bb0h00izevi1t6n; syncedCookie=true; oaidts=1713440906; ID=o7m98s3f4vqlaou48bb0h00izevi1t6n
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:27 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LC6yGyPuyxgUWCiZrx1vYNoTzC%2BPYn7LVAIwGkfkg%2BXpMzC1z5GN7dk6f8aTufFnNFFBoXlHy8bISbsBY5ElQTyjItPmG9X2ceP6o9XWtUJDnEIQAlSkaaTby8H1U%2BXxxyXC0Qs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d0729df56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 850
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:27 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: f771fbf81a47c839f52505e59c0d5d61
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/favicon.ico | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3googrootsurvey.top/favicon.ico IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=o7m98s3f4vqlaou48bb0h00izevi1t6n; syncedCookie=true; oaidts=1713440906; ID=o7m98s3f4vqlaou48bb0h00izevi1t6n
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:27 GMT
content-type: image/x-icon
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fgU1hooFCNfe%2BO54WTRcs3DsKqCsXn8B7IHBYh6OpngXAT31SbXrRUT5Vz5CVDOtTvR6xP%2Bngwam0f2LmuE49YEfzQl18%2FzzBFimq19kyVK57mZmLIBcZvzpupzkA1P%2B%2FIBBfHI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d051e3e56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-attributes-to-props.js.a2e7cd04.js | 188.114.97.1 | 200 OK | 702 B |
URL GET HTTP/3googrootsurvey.top/js/v-attributes-to-props.js.a2e7cd04.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (718), with no line terminators Hash4f868b7a0330d32e1450766a54886355 4b5952301185e7b02e2cdcba80f4aea3de700c47 2435c4b396d0b35fca9f618a201479cdcd64e84d43a386eec071a4082d7a781f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-attributes-to-props.js.a2e7cd04.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-2be"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vYjVBFZbuUC6Opl%2BnJJ7uJ%2F%2B2KBbmTaQ4W%2Ft3vKlxasOtGbvijo%2F098TB1nxFZ0JIlBA45SUHriEKMXWn448AQKsa4fpVS8UVmaMNvso%2BDdMMIAl%2BNcn29bNdbf304qcx%2By5t60%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff6b1156aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 | 188.114.97.1 | 200 OK | 8.1 kB |
URL User Request GET HTTP/2googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeHTML document, ASCII text, with very long lines (8372), with no line terminators Hash3e86a70a35618360c2df233e263df4ba 9b83fa70828f424462d19d46b049022e0798d741 9009045517321fa001c7bbc14ac1565ea448221bb8a7f3f887f104064c990ef2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: text/html
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6u46LnLnkvS6b9iNY9DVJ6oXK0Ap1BA7HFwbzVbcwhTIU2p62lSvrmUZ4jcDnLLCA2FabTS2NR5AISvG05LIou03xgMDEBgGrT9hjghILNkn0Rtc0hQZ7WEcwrWN1fOKqXa%2FNXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfce97556b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/img/icon-survey.svg | 188.114.97.1 | 200 OK | 2.7 kB |
URL GET HTTP/3googrootsurvey.top/img/icon-survey.svg IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeSVG Scalable Vector Graphics image Hasha000ba4d0e7570d810feafb22bc50bef af8fce44a683d3dfebe69cbe856e747739c9a666 9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/icon-survey.svg HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHocJyf1UWMGrFZkD19aCQgKSB4d2hLpzch%2B4x4MMANUj6YS4EU2rwUNyNdFGxJTnEIToLR6F8uEBoM76%2BfiUHwfGg95b8Sr2%2F7GdTFESzR%2FersGyWCzuM%2BMyOeWBdFaZiNGdog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe487e56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/icon/finance/woman.webp | 188.114.97.1 | 200 OK | 2.4 kB |
URL GET HTTP/3googrootsurvey.top/img/icon/finance/woman.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash590fd4a60be002011c4d09a32b3dee9e 45dbb90f6edd9dd9b777e5b3fc98b82ca18eaaf2 12f0bfe3db63dff3314b64cb12871681258a87bfcec40db1bc7712d4a32620e7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/icon/finance/woman.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 2356
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-934"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kd7i9WNTkE9wzQ%2FIIfdTXBzIjCQjHeKlulSZ06%2BPGG58NMpQowRI0tT6rPY%2FyuuGOw%2FB6svuzYVvQjblO9AhWvU%2BCDp%2FJjSVoDWavap3XH78ChgRvtOwEqqxZDYba3u9oQlOI84%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d006cea56aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/_each-land-config.3299fec3.js | 188.114.97.1 | 200 OK | 72 kB |
URL GET HTTP/3googrootsurvey.top/js/_each-land-config.3299fec3.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash0ba3468fb169d838d511e11b5b33eaef fb53785cd4dcc6e5cf0fcebfcafed46a3968cbe9 6de414b4180a6f11c4f5a9ba570d5e97ac8e596b1f9c1bb86872a11ecd416384
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_each-land-config.3299fec3.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=72043
etag: W/"661f9116-1196b"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8QYhZhrwOBG1M2CMYt1phyvu72d0cbqZCHq0CocbVMdgBLMqt7QSWeokBXzxzuitKN1b%2Bq6b%2FPuAh4prWdFxnsX4pSjPHrOUgZ%2FJL3wjy7IOVnQeBEO%2BzdRvhMCRJLnwHB2F3hU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe386656aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/survey.1ad1decb.js | 188.114.97.1 | 200 OK | 6.7 kB |
URL GET HTTP/3googrootsurvey.top/js/survey.1ad1decb.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (6885), with no line terminators Hash57f91299803086e8f6423e2eab698843 e4ce738ef3f77e882c6064d86acf96099b1a955a 96f55c89bc96f23f53a8b1b730734649a63862359a02ddcc88c58392c8015d36
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/survey.1ad1decb.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9118-1a0b"
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFNzXuZqmauPD3U%2BZMdZM5CqrRZmOrk27MtVkn7szkX%2FJf92rV7aAWaPiEQdSZg5FDQ%2FvZVP5EsPhaWxzOWYy6p9ZAXxkRfBqEG9NJLJ9ez8SrXdP6FJx6KI9khVxDLYBd3c%2FB0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe387356aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/css/survey.3b7d0b23.css | 188.114.97.1 | 200 OK | 72 kB |
URL GET HTTP/3googrootsurvey.top/css/survey.3b7d0b23.css IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashb73782889f162bcbf6cb45913f540ec3 27cd8e6d8b4159b1a4f3e466b845b7d0a7e61d67 ea6df993a607e008f434e5e950a08da1397044cbc442cb76d25f02cf3499c77b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/survey.3b7d0b23.css HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=71475
etag: W/"661f9116-11733"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2FA9tIuCtmK9lmW8xposb8%2FraaElygHBUA0D0yCmoMgFVXQYRjuAik6p5xBVrB2a9tcCS4%2FktEanBTk%2BN%2BoyB23hHo1F3vk20GPLaNnUj0cEQRIbpKPY%2BonaFXVLPvbaSZBf3TU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe487c56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/rating.b794a6e6.js | 188.114.97.1 | 200 OK | 5.3 kB |
URL GET HTTP/3googrootsurvey.top/js/rating.b794a6e6.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (5550), with no line terminators Hashc4e2b0023f5c633d93d607737f7a4cf8 e9f0331805b1c8c7ef174e470397c970d8fe0358 b5845a691a478a30780f19980810f572448effa2eb1ae1e5b16992cdf1a1f772
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/rating.b794a6e6.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-14bd"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jrt4K%2BmIocnmGuxpW3jxBJP8vD2Aq4lXnmq%2BJtev6lufxYlxoc4lyU7ixY6IuuHG%2B%2FGcz%2FQIcRMY0Mm8uQteq4XBM%2BPD%2FKqrtBpN0i%2FXlL9AEdjjjsUeMrgkfVuB%2FHzIaMxirTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfffc1956aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.google.com/recaptcha/api.js?render=explicit&hl=en | 142.250.74.164 | 200 OK | 852 B |
URL GET HTTP/2www.google.com/recaptcha/api.js?render=explicit&hl=en IP142.250.74.164:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintCC:CC:99:46:65:6C:77:0B:C8:AA:AD:5E:58:B6:2D:19:B2:C7:0B:06 ValidityMon, 04 Mar 2024 07:19:07 GMT - Mon, 27 May 2024 07:19:06 GMT
File typeJavaScript source, ASCII text, with very long lines (852), with no line terminators Hash409df529d66c90236d0a55fb7a3ba580 c3f5d6562533ead92a27f8adbca22ed6c376cac0 b470266b448ff4a15daaf89f7b6c0d3311dfc0c51ebbe4c3a5203d3a7cc172fb
GET /recaptcha/api.js?render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Thu, 18 Apr 2024 11:48:26 GMT
date: Thu, 18 Apr 2024 11:48:26 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/config/comments/en.json | 188.114.97.1 | 200 OK | 4.5 kB |
URL GET HTTP/3googrootsurvey.top/js/config/comments/en.json IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeUnicode text, UTF-8 text, with very long lines (5173), with no line terminators Hash50680109e350a76b2bb8131cdaeb735e 0c14dde15f13c0deefd1ff3eb8c4608e73d133b6 a9ebf6b7ceb48bd6c63b99320183934f2b183af64cc7f27fd85ebe7191d92e42
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/comments/en.json HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-11aa"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bv3qiLIRbDooud6v8KlylVAY5Q9c2t3iWD6BYQSfvsIeZvd0EpIkccSXiNTIZcEQVyei8zQgw0DifdBLzRcb6ADmvMRql%2BIjGZgW6SaWEuSXCv%2BJpyHnaXP5tzP1gQORqGimIX4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff5afc56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-storageService.js.bb9f7a22.js | 188.114.97.1 | 200 OK | 2.2 kB |
URL GET HTTP/3googrootsurvey.top/js/s-storageService.js.bb9f7a22.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (2216), with no line terminators Hash803fe057e4762b54a284184815cfb62e e748b6c77988934fe2b458b61a93e35f22cfecbc 0552fbab13dd0597298180b4d1c5e1a8a2ca66e121e3ab892f100366c8d45d3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-storageService.js.bb9f7a22.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9118-87a"
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XS8rTiBlRo8m6ZV4hZwNqk8BldCIiu4Bmase4M7Ywm3Ng2qmFdmz5PIEWbBhLZSP7NKO24IH7%2BKth%2F6MaI1vwi6scX9bgejq4oEvni10ADRms1Q2pdyu%2F4iOm16Xdctb6Ik9%2FYo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe385d56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-possibleStandardNamesOptimized.js.205abacb.js | 188.114.97.1 | 200 OK | 7.6 kB |
URL GET HTTP/3googrootsurvey.top/js/v-possibleStandardNamesOptimized.js.205abacb.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashf80cb2aef29b4a80d135d1a598ce1dfa 0653306df1fd8d8591f84661643825e41684d3f6 43c16ae11cea687efa4ca55dec516b23257c3fcb22c9d3541041f1816aaa7b5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-possibleStandardNamesOptimized.js.205abacb.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9118-1d99"
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sXeHu4Y1skMpr3xXd3Z8M04KOdnV2A2l8PpypzzuX%2BrLIkBkVwQEIhtzzmvRjhrO9ObE2gXfl2FuszeUVBx0SLjo%2F9%2FIK2r3Ig3a5e63RElXgUOuW3%2B%2F4afUV%2FLGmBAyaq6Mkwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff5b0556aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/SurveyContainer.e2959212.js | 188.114.97.1 | 200 OK | 57 kB |
URL GET HTTP/3googrootsurvey.top/js/SurveyContainer.e2959212.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (57082), with no line terminators Hash0df7a0f05192a1af311ce45d48639a89 df29dce5914578a52af5f516ccd18d289d808951 4cde10689c1ef6c2f58585483fae6d656ccfa1d16cc282dcfbe6cb89700ae2dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/SurveyContainer.e2959212.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=57085
etag: W/"661f9117-defd"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BexnVdRZqVwWZAAap2ZTf9IOc9ypF4s4bghCDzFuSa9FR2g5rg%2FHOzqDpxC6Ck%2FujQi1iJ%2BMlRg77YQh4CKh4krXjpdclNIrKnMW4VIGdSDMhlb%2B3aibyeHMrjpoj0MQaX70kPA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff6b1c56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-1.webp | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-1.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-1.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 10546
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4310
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9OxuzcYencRItxY%2BVJhm813L8M8n3s4nOYg7dsw7cQEo0%2BpqxS6TSuw%2Fh8PEzLwSrVIHOuv7ODAaP%2BsxV5bSaTtlv6JXhJXA9TkMY5uetPf5wHOPqXsfFwzw5K1YRgfDKARavnU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d006cd956aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-index.mjs.19622407.js | 188.114.97.1 | 200 OK | 35 kB |
URL GET HTTP/3googrootsurvey.top/js/v-index.mjs.19622407.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash1de1ec2d8e7940b88970d8fbce40ed6d 510aa24127fb8bc3578d9ca4628b2eea5a84ce01 b473156bef833bcfb2e84658093f1ebc1e64011dcba904e26ccb31f1cad8b762
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.mjs.19622407.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-89d7"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A4RQO4ec5uhMXqJB%2BvdieoH8mpIHNfCvM7yjL%2BbXPNC08P5%2F0WXqU8Bs%2F9fVyzxEw3pFu8wzx5YwBInOVOl%2FIrRyr0pgQOFblIXnbqSRoYpIktsb17ssxuObK7utwYn2eD0glVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff5b0256aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-node.js.28d8082c.js | 188.114.97.1 | 200 OK | 6.3 kB |
URL GET HTTP/3googrootsurvey.top/js/v-node.js.28d8082c.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (6337), with no line terminators Hashb11cf8c1d8d8183e4d11a8f17a41189c 2f912e66ec3992d21e66e7c8e4ff40a2142a4d64 9e69f7af4cfb7fa8b5eb0d67ed8a36f5d23c276ba29b7209565faefab84b71ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-node.js.28d8082c.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-186b"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMWGFA2BGOPeIOO0RhE0MRC6Mr4LVS%2BgYIj8KgTErwLXlYHdWi6J9Ku4nQ%2BhnkwFreNwILvkRWLurlkruSRNxvEQPoCMuyItlyQANWIaiKkcbKsiHAa68LTwPJKmAmnqW1Sg8PI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff5b0356aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-6.webp | 188.114.97.1 | 200 OK | 1.9 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-6.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash0f174a9245ed9f2a0660204a8320880f fd36dc7b39c675bff5d4dff0b331d70b57f0ec7d 1cfb6cdf94c080825e93d4bff72079fdca2d8f3d9f7d2e75badf48c29d4e31c4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-6.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 1854
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-73e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u2Z39gP4Ntq08mUr%2FGjdxEAQDCt%2Bl7PhQD4ufwpUFeNMEevbl2GlTA%2FQR%2FILc48yYXi2yerBxFRMfbt2cp8PBxMdhQUlLScBgFF2ufN5P%2B66WnNhbheHa74nFsEXPbBNHlVjDNU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d018f6956aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-checkLocalStorageAvailable.ts.f2fef93d.js | 188.114.97.1 | 200 OK | 330 B |
URL GET HTTP/3googrootsurvey.top/js/s-checkLocalStorageAvailable.ts.f2fef93d.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash9a78659da737fccc89546e61f0eb6213 84e705584bdbc81715e0326742f426c2f472d3a9 bb46fe2e65cc91e5a01a8e731754fdc9b8f30813835a673bd96b48672ac82d60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkLocalStorageAvailable.ts.f2fef93d.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-14a"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tkQFPNq4vxDpW43g54%2FToEPwZ8K%2FnmjMsUCu9AjvwPi7GhfEBcAFB6%2BIubo41VYqXSD9rK9%2F%2FZzdxXNBzU4VrLzdYJoR4hlFfA0MXBabgWLUd%2FFgnOIr7Ylb%2BpdhENLlKP3d44%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe386256aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/css/_core-survey.d3ac2ee0.css | 188.114.97.1 | 200 OK | 83 B |
URL GET HTTP/3googrootsurvey.top/css/_core-survey.d3ac2ee0.css IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with no line terminators Hash30d726a40ffe74d794b282ca1795b44c b43155653a1b9cc8d257687df9a75e0f204db348 4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"661f9116-54"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q5d0WlbDIAjM%2F7XBHMO7ItWzSHgtBI1fji7KnpQkxZTC4xVifeOqGYU6Z0wHAp3feumxGsQ3rpq%2FIEshrIadDoX5f4bHRHcT8LRnz%2BGLfh4yt36%2FnGcmE%2BOodS9wRovzmxQHqjs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe487b56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/pfe/current/micro.tag.min.js?z=6679107&sw=/sw/sw6679107.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 | 188.114.97.1 | 200 OK | 27 kB |
URL GET HTTP/3googrootsurvey.top/pfe/current/micro.tag.min.js?z=6679107&sw=/sw/sw6679107.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (27174), with no line terminators Hash75c26ccd65e96e912725399ff3ce66e9 d300939979d2048844dc5ac80c51ed8121126f4e c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=6679107&sw=/sw/sw6679107.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JedrxRXgT76DfjbB6wjPYf%2FmW7bRRYUklduhBVA246TdOOdjdrL2G9Q2Jttf5dGSrAUFY%2Bz841i1ij%2F%2FV9TlRY%2Be8dP%2BhOrWvBFLiNnBwWMHquV7OU%2F677PxeHy8Ev%2B0H6JdVrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff4ae056aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-domparser.js.97173b2e.js | 188.114.97.1 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/js/v-domparser.js.97173b2e.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (1772), with no line terminators Hash46dd2964e007bc585a8f72ed695089e8 d02de9abf34cf05d707899e2562c067a8e5326bc 96d95d967e2f5ca4a1be19cf0d21f756ba2d0295ad5f4e967048054e85f6072f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-domparser.js.97173b2e.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-6b8"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wnoRkvBFyzDf6IUHNVm00yzMIxZt8kPQJPWo8WChqCRaKZe6c1EAUGYhXRE%2BObyJfVYWp8W%2BMCadPwdgiciHBPlmE0fXWxhDNR%2BGXDGrj8hu8foW1WORKswF5BGiKHidT%2FRD%2BNw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff6b0a56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-react-dom.production.min.js.c3329619.js | 188.114.97.1 | 200 OK | 129 kB |
URL GET HTTP/3googrootsurvey.top/js/v-react-dom.production.min.js.c3329619.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size129 kB (129356 bytes) Hashc53e5e3d8c5ca5f1c4edbce65426edfc 36cc2e7e0b893d82bf5f457c7a62374019d0f7aa ed83bf6bc001bd6f841c76b67aedfd3bc02cb28fb5537a1d55804f5ad0515e39
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-react-dom.production.min.js.c3329619.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=129359
etag: W/"661f9116-1f94f"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yYDNW3iZX4d7ssLj3DmpZMv3wH8G8HU6zvalRSzHqq2dYjBkGYfXNgorSMqoKkWXt1nD9%2F%2FvyfasmnmKr2M7crQNBp0%2BeVPVy6YwsHogu3HbK82EG%2BZnfzfR9m5tMGt1nlbHBeg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe386856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-2.webp | 188.114.97.1 | 200 OK | 8.1 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-2.webp IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-2.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: image/webp
content-length: 8140
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4310
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fgSku4rzL9UnkCqtrtNZQbQpLrIKmt3UsBfmquTyzx0%2B%2B4s7p7TNSARL4rf2EPjrYeO547u0dEaK6OdAG96AvaO13AsOs3rnFni6NY3jLfdkknXiJfzMYR1w6ba9GQ9BVEhmW%2B8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646d006cdb56aa-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-index.js.da9f7529.js | 188.114.97.1 | 200 OK | 41 kB |
URL GET HTTP/3googrootsurvey.top/js/v-index.js.da9f7529.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (40985), with no line terminators Hash47a5b821c80a532b5e989cf87d451283 c0f9e87128e1d7d634649fb3c7b6c08f714e79bc 2526538666fe9c7811b9afaf71794b4f8cb4f0751f62872e1a0d8c3a6c131f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.js.da9f7529.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:25 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40988
etag: W/"661f9117-a01c"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 360
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3gJFGX5BWL%2FZCd50AaLhPU9ns%2Bzu16wpsBeiI0ZeSfFaWxhHS4a1NxyJhZRIVq%2BpNEmrMwScPCvlcHZZjtgr4maATwCZwMPansGePSnQZzUTWFF8hyzIrg3kDT69O8KiSK%2Fl1d0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cfe385c56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/config/dict/cookie-consent-1.json?v=10 | 188.114.97.1 | 200 OK | 6.8 kB |
URL GET HTTP/3googrootsurvey.top/js/config/dict/cookie-consent-1.json?v=10 IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators Hash4b2ff958e811a50d2f641818590b443d 6abae297812bb55fad869e953e7fdf7469cbe1ae 9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/json
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TmXAQsAQoy%2FecywamT9AEFVqNn7%2ByEO3Fg8l4IewBev45KUVN2uuXEnT%2FvfSOyObn%2BzQH0yHIkB7ItmWoxzWZLpWrCzhuw6pAoVnDuROX7WMCr%2BAtZ27fEgTtqpn7lk54um7Vvk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff1a2256aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-dom-to-react.js.26fdf751.js | 188.114.97.1 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/js/v-dom-to-react.js.26fdf751.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (1101), with no line terminators Hash5693cb2629dd3231ce6fed788c41b150 872d71cae7dddc37389be6bae0fc4a5b611ec9c0 b312636bf1d349d818517865e89c22f8b9ef9e61d1805cf315e44241ccc05d26
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-dom-to-react.js.26fdf751.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-43d"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0w5blsfylXfUNrnOV7xMetZXzIpXC0I7cMKeGWuIDemWgU8J1%2FMteWAc9xCsxkOKlikpbPao%2FzDNZgC2c6iYPnKe0w%2FUeqgCeQFB%2FwW1DIu8U%2Bh2B%2BXI%2FX%2FhWebh8trSdHatZcE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff6b0d56aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-html-to-dom.js.ff1ae7e0.js | 188.114.97.1 | 200 OK | 364 B |
URL GET HTTP/3googrootsurvey.top/js/v-html-to-dom.js.ff1ae7e0.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (373), with no line terminators Hash57f543d4f79657dc92755e2f2031da65 4884f924743049d7812b58958633a40f65e159b5 0fcc39a4a2b765b1ed92a6093fe6dc70e0a886914746f5af6fda6e3d1dc7417d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-html-to-dom.js.ff1ae7e0.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-16c"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2FY%2BLQPAzkHNvHozLnviF%2BnmXSqGBOcqTf67VlDG7zy8qMtZHEDKASjMgyURYcxRvGgAwU5lEiQb79eZb4pwCwgW2mBm06TnwyVa4IarWcMk329iu%2F%2FmWtCuuTTo9uHwGh4MMH8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff6b1456aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-constants.js.49317f47.js | 188.114.97.1 | 200 OK | 600 B |
URL GET HTTP/3googrootsurvey.top/js/v-constants.js.49317f47.js IP188.114.97.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (664), with no line terminators Hashcf8c486ed295e4a6a30f4fb155bf9fd3 9942a3d40672242af15f2d5cc95df2c06872914f 83c4b13e336b66f673d082c8b9b2b20fb98772916cb5da52f9e48c929cafc9cb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-constants.js.49317f47.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 18 Apr 2024 11:48:26 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9117-258"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 361
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQTThe%2BdfAMgp1AL3cCZxQWTsvRk%2ByX4gT9ZrvO9ZhXUcwY4DbW%2B7yjUJ74ZGDOaqvOIBbAFFuZRbzk77M7mojMkJ%2FXjXLX%2Flx4o3JZ5K%2B4ysEEX3UFLSAGmcLbl5Twq5dQsvgY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87646cff6b1856aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offpichuan.com/rotate?zz=6543018;4326647;5128285;4949467;5381241;5381316;5381339;5381307&var=6070194&ymid=2256&uid=o7m98s3f4vqlaou48bb0h00izevi1t6n | 139.45.197.237 | 200 OK | 3.7 kB |
URL GET HTTP/2offpichuan.com/rotate?zz=6543018;4326647;5128285;4949467;5381241;5381316;5381339;5381307&var=6070194&ymid=2256&uid=o7m98s3f4vqlaou48bb0h00izevi1t6n IP139.45.197.237:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=662108754676e70001a0a288 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3695), with no line terminators Hash5250e22d3ceb54e5279cb72f50e380fa dc09b20ffd903505708c127671a99250c1e98e84 bb449c64ffa2df22f4e5cf5affbec5bd195c83b264cc399787b8a58fa6930a69
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=6543018;4326647;5128285;4949467;5381241;5381316;5381339;5381307&var=6070194&ymid=2256&uid=o7m98s3f4vqlaou48bb0h00izevi1t6n HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 11:48:27 GMT
content-type: application/javascript
x-trace-id: 00a593fea3823e2fd8df30c0fdb417b0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://googrootsurvey.top
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=o7m98s3f4vqlaou48bb0h00izevi1t6n; expires=Fri, 18 Apr 2025 11:48:27 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|