| mr.macgsapptrck.com/click?pid=100&offer_id=21975&sub6=1257083737&sub2=100_1315937 | 34.141.179.97 | 302 Found | 0 B |
URL User Request GET HTTP/2mr.macgsapptrck.com/click?pid=100&offer_id=21975&sub6=1257083737&sub2=100_1315937 IP34.141.179.97:443 ASN#396982 GOOGLE-CLOUD-PLATFORM
CertificateIssuerSectigo Limited Subject*.macgsapptrck.com FingerprintE1:13:28:36:A1:E8:95:BC:B6:38:55:17:C7:05:FF:CE:71:1F:F3:70 ValidityThu, 18 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=100&offer_id=21975&sub6=1257083737&sub2=100_1315937 HTTP/1.1
Host: mr.macgsapptrck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forwardtrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 01:37:16 GMT
content-length: 0
location: https://psoampoa.net/link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6628624c7dc81c00014cd2a4; expires=Thu, 24 Apr 2025 01:37:16 GMT; secure; SameSite=None
afoffers={"21975":1713922636}; expires=Thu, 24 Apr 2025 01:37:16 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| psoampoa.net/link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4 | 139.45.196.64 | 302 Found | 0 B |
URL User Request GET HTTP/2psoampoa.net/link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4 IP139.45.196.64:443
CertificateIssuerLet's Encrypt Subjectpsoampoa.net Fingerprint1A:44:D0:AB:41:1C:DD:6D:91:6F:94:75:EB:87:00:2D:68:D9:0B:CD ValidityFri, 12 Apr 2024 05:30:01 GMT - Thu, 11 Jul 2024 05:30:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4 HTTP/1.1
Host: psoampoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forwardtrk.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 01:37:16 GMT
content-length: 0
location: https://gzzvps.com/link?z=3956710&var=6422583
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
link: <https://gzzvps.com>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=04804825e4504096f11d67a49c47dbca; expires=Thu, 24 Apr 2025 01:37:16 GMT
oaidts=1713922636; expires=Thu, 24 Apr 2025 01:37:16 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| gzzvps.com/link?z=3956710&var=6422583 | 139.45.196.64 | 302 Found | 0 B |
URL User Request GET HTTP/2gzzvps.com/link?z=3956710&var=6422583 IP139.45.196.64:443
CertificateIssuerLet's Encrypt Subjectgzzvps.com FingerprintFE:B2:4C:CB:93:D5:8B:C0:E0:D6:4A:DC:14:CB:3A:B4:8A:D8:7E:4F ValidityFri, 05 Apr 2024 05:23:04 GMT - Thu, 04 Jul 2024 05:23:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /link?z=3956710&var=6422583 HTTP/1.1
Host: gzzvps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-length: 0
location: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
link: <https://eerickog.com>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=0480483d530c4d07fbd200f458c2d63a; expires=Thu, 24 Apr 2025 01:37:17 GMT
oaidts=1713922637; expires=Thu, 24 Apr 2025 01:37:17 GMT
OXCCLK=4105106.1; expires=Thu, 24 Apr 2025 01:37:17 GMT
allcnt=1; expires=Thu, 24 Apr 2025 01:37:17 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|
| eerickog.com/img/rain/dollars-1.webp | 104.21.9.170 | 200 OK | 10 kB |
URL GET HTTP/3eerickog.com/img/rain/dollars-1.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-1.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 10546
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fk6Eq79103XOqQo2qbL64N5L%2B8RZ1hAJJoyfePQO2y2JG05%2B7gBfZkocCYcGLJ4kCfO%2FKTV%2Ftknd468S%2FO%2Bn06sKZY0MElhGpG3hZYeURae5HFU7LZE9IWJI0s%2Fn848%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0498e10b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/rain/dollars-2.webp | 104.21.9.170 | 200 OK | 8.1 kB |
URL GET HTTP/3eerickog.com/img/rain/dollars-2.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-2.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 8140
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dd5I7oTRcydWunthKMHjEufELUh7EKWGLRtIm%2BQlS3jggJQxgYaPbf9UCBpJsXvz%2BmFxYM5iuJesktvr0OAerE%2FBCbF4%2Bvm8U4xoXtfyCqAIZBN%2BgeD7XK%2BtVu4IzVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0498e20b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js | 104.21.9.170 | 200 OK | 6.0 kB |
URL GET HTTP/3eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeASCII text, with no line terminators Hashd78f02cd11637a888af548f5e270c3af 9c90b573305ec9d6d2e7e74837c641a863d991b4 2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-b6"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTpb814z8M1M%2BTPPhQRBOETeyh5J%2F4fcUiVO5m%2Bo3qFTdYxqvvpc5N70F7FNhVJfNio8ERvw31OI%2BlZbuWt%2BK8FOtg9qx54VYmB2hjs9UP%2Bzix6jiSQxlI%2BaKifi5SI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0428b40b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/86.bac2ba45e7336f6e.js | 104.21.9.170 | 200 OK | 3.7 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/86.bac2ba45e7336f6e.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (3054), with no line terminators Hashe5801768f6202c7eda9d144df55580d9 38118bde241df2b929fde9bede0f6eea9a7540a2 7ecb9e6309acf74b2c6d7fefc6ae3e6a644bd68077fc94cb1cc60a29a02a5bd1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/86.bac2ba45e7336f6e.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-bee"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zyKHUJXvO8cPbR%2FMZRespC2gpCVNlgzN4YgGXbrMU%2FgPOsf9QGmt0JdwxCYtnn%2Bg7ZoJAmBa5%2Bk71wqbwRGbA5tLFHBMM5%2BGh0gL%2F68B9CZhx4poeSRc%2FovmNYwyF%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0519000b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/1706.8b7dd24879347088.js | 104.21.9.170 | 200 OK | 7.8 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/1706.8b7dd24879347088.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (19738), with no line terminators Hash7cd1db24e089a8319084d97207e5bab9 da0814161e7abc9c852b7219ad17af3db13774e7 46d44f30314f990c43945d6bc834b31b3051d68836c384244a632195e22df8e6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1706.8b7dd24879347088.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-4d1a"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6y9b1pikc8cSty5AT%2Fi5wvpfM0KrQMMTkRMsdZM8sYBr1looYi8m%2FYhMA%2F9Q3hCS4CRaGrywEQ0eivAS%2BmzQ7FV926EQ0QFjfMcQgXAlHU2OeCtBm%2BXKMCh38cDgwAM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a80b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/3978.f48a53d50c258a97.js | 104.21.9.170 | 200 OK | 1.6 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/3978.f48a53d50c258a97.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (2955), with no line terminators Hash0c60c4b03a77633fc4177d0ffaa530e1 61f40dca0463045927e933959e5f16280db6403c 2f592be0eab537bef0500f89410df1783c7cccef79e8586ba30e53e63c78247e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3978.f48a53d50c258a97.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-b8b"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NwMtzbAwsCXW7znWJHoYg50aMXrLq87V%2BNJGTawOg%2BTZv0SDLyE7gZQqriQmrq%2Bt0GbGxNohnWCEQsvuVBgFDXLiMTF36LI5ykeWrJC5KcmSGIupH7kzgpoFKQxpBKI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0519010b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/comments/finance-survey-people/person-2.webp | 104.21.9.170 | 200 OK | 2.2 kB |
URL GET HTTP/3eerickog.com/img/comments/finance-survey-people/person-2.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash8f8ffbb278de1342e5cf44cd0c677c23 1b4b4428e409479cc8a8acfce6f537c2aeea7556 ac4284ed6941963c4fa0db306537f42f3a0b1fa18710bc7b9e1e62188961d83a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-2.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 2220
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-8ac"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqGwXm6RO2I2iTWNa%2FuZ2FHz%2F53DEa0aYAHFm35n4UVDG2hSwhG5CWirokSZwy3%2BP8wdgkHQJEl0tWs0%2F1GZ9iq9KUF0cOhkGpNj1lBdNqWw%2FFyYAp0DKNtA7NOgf4Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689330b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/pages/_app-0f814bf65bb937b6.js | 104.21.9.170 | 200 OK | 14 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/pages/_app-0f814bf65bb937b6.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (39639), with no line terminators Hash649804f3281026754527e570b07d551b 54462d1b3add95899433716bcde17544f776758c e7803952bd4f44ad5a04f512815505e81c32c128aaa61eeb68e97d5ca812293b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/_app-0f814bf65bb937b6.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-9ad7"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G1IzvAJoOYy4WSuYZEC%2FHi8229RBdHWjcwBD3J10QZuDrQsscJkE%2BTnweIyUi9njVfOnDcSjrljS7C%2Fiiwe2IeNolpBcImrnc81NudeWbSkI6YiqSaaiuEjBKad67v8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418ad0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/main-beb6af9e60a8e042.js | 104.21.9.170 | 200 OK | 34 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/main-beb6af9e60a8e042.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"6627bca2-1a957"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c4fz6yXOHU9z0cKsJEEnipRdgeJ6Wts6e8xhezGpEMFWtUO%2BpfP8hhhzT935AKXlPCAapndUoJwOu3tlZEP5qeKDcSNgeWntehp7igcO8B6BTiO9CEstQ1v3FHMgLyE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418ac0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/7903-dd238946c7924507.js | 104.21.9.170 | 200 OK | 14 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/7903-dd238946c7924507.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (31896), with no line terminators Hashb5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-7c98"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QN5qakQw1fIFgjBNImnQ73lVAjnB%2F1FQlRfI6%2FN3K0TxSRLZ5yIX2vS1ZrSyM%2Fo21rtBX378OxHwy9nQuvM6HqEEWtjOJv76TKZf%2B9tTvb17rfGyzBagncFuCgv9iDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418ae0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/webpack-b5b3ca56f779a8e2.js | 104.21.9.170 | 200 OK | 4.7 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/webpack-b5b3ca56f779a8e2.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (6098), with no line terminators Hashf99df043321da0cf02f0558f6861c251 9438d401ae6b6a14ceeebf758000d0c2ea10afed 35bd27b2443f3951979888efac2b938a10fac77d78b0404d3b988f30e43622b5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/webpack-b5b3ca56f779a8e2.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-17d2"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dsz9Fw6S8nOUWd0OOU7DoUHM8A%2BsLerBPC5P3oQVeQt55bF%2FmldiC5Z7HoEJMIyAhuOywsFipxikIPcfy8RBL664YkmSHEA5%2BlliUdAvJcZhaIUkJi6uZmpsv3PHmk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408aa0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/comments/finance-survey-people/person-6.webp | 104.21.9.170 | 200 OK | 2.4 kB |
URL GET HTTP/3eerickog.com/img/comments/finance-survey-people/person-6.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7be25941ac032fcec25b1bb4ede296d2 cfc4fb3733844326076b6d7632087204c0bea34d 0ff9d28c4ab7516d2790e8df4d325cf602bc8f9eb787a7cd9b6554edd9530e4e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-6.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 2440
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-988"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qe1%2FPj60kZc1ZwVrFvDxqsAPOotrmm9%2FnxtB%2F%2Fv6Q4GpJmGG1pELIbzejcWOJzr8oy7LYBU5xJUaomLRHHGepkfx1Fj96iQk9mDhOimmA1WOMzCEeirWlXoXVwaqzEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0639240b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/825.dc2233ab620d87e2.js | 104.21.9.170 | 200 OK | 8.4 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/825.dc2233ab620d87e2.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (39469), with no line terminators Hash72ac5913c12eaedbe7594c6acf1a627f 544008497f3ce02575d0fdd1df7aeecdb0b4d08b 2b3a1eabd05bc09901c3dcfc74e0ecadce09d0d29e9ddaf90f53fe22e169f05a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/825.dc2233ab620d87e2.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-9a2d"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Po502DXlzOMs8VrQmsIj5SoZ%2FfCi0Gf2mnuCktvnIfnA9TwdI9YdeMkPMSlJXnrzBU0VfMmOR4MTDKHbUDjnj4SpJLyYgsntluyqXA%2FglPeSo2NpZorbjFkmCDP1MaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a90b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/6223.36a8be3b6724c1ee.js | 104.21.9.170 | 200 OK | 2.9 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/6223.36a8be3b6724c1ee.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (3822), with no line terminators Hashc1f7e2120e9f45cf822bbe5e23ab5711 e5ab7ffa55c8122915c064b4e81387ff71ca018c 492f9bfb9b36328df2670323687dbb0d0ac9499199fe5bac3c7eb91dde9a34aa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/6223.36a8be3b6724c1ee.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-eee"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DsNNJ5SGqTRwYRtd0Os00g1sDRtsY4gXfVl7X5IHbOMD5JwT5Cxw3tKy6vvPxxeO691%2FczMI%2BV2B%2FcmaiunwYBcSTJQ94HzX4abgBKiJECOCnNYesJp7elwa2oNTkbw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0529030b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| forwardtrk.com/show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls | 172.67.209.70 | | 792 B |
URL forwardtrk.com/show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls IP172.67.209.70:0
File typeHTML document, ASCII text, with CRLF line terminators Hash79394eb6c5aae4f49942439f24ab00fe 71ee90d06a2c0bb75253e07aefed9fe3da0b21eb cb0e579ab706f5f6cba3f691ff9254fe0c27fa44d45327cf2526354472a8d545
GET /show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls HTTP/1.1
Host: forwardtrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 01:37:16 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iIR2VqLvRymG2PkMeBNp8DgtZQSNujSWLdNqF%2FPiMjJcAes7YXfDS738RBWK8jJOvrOUnXHdaLxHbpjfGZmDwyTTWVfAaUkoy%2FN%2FGJgPMzpb8Uu6aRYQGJgBsBRgEvzL2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925dfbecc4568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| eerickog.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js | 104.21.9.170 | 200 OK | 515 B |
URL GET HTTP/3eerickog.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (925), with no line terminators Hash3d657d2d17983fccaac3b0512a0f9460 06faa560e966627855c424e23fbb0bb5aadde083 b9e3997d6a87385dd604b65dfa962fe50944dfc158c2e82c945d6b8664e2f81e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/8904.6fbc0cfd51623cbf.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-39d"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FPk2F6UFby7iePS2Qwr5pVn7jvkBlibjXp8FcK1lMvkNRGpdlUT2DTPwkORxnNtM8dtSJj3qLi0b60rYsv1pH7avUdOXt06cllLsbkrt8JtvVuMw4DPTbwUec7hjTRU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0519020b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://eerickog.com/
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-length: 0
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP139.45.197.248:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://eerickog.com/
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-length: 0
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Content-Type: application/json
Content-Length: 408
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 2ae3265f15737e3ad0225db35d2a3e62
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Content-Type: application/json
Content-Length: 428
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: df5fc6fdb39c7db331de5c662a3304e7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Content-Type: application/json
Content-Length: 161
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 46adec4ae2d35102a09f497d65e1434e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ef09a021-13b6-4335-aae6-88356aaf6ba7 | 139.45.195.253 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ef09a021-13b6-4335-aae6-88356aaf6ba7 IP139.45.195.253:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ef09a021-13b6-4335-aae6-88356aaf6ba7 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1484
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 24 Apr 2024 01:37:18 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://eerickog.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=eerickog.com&var=3956710&ymid=6422583&var_3=&var_4=&dsig=&tg=1&sw=3.1.473&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=eerickog.com&var=3956710&ymid=6422583&var_3=&var_4=&dsig=&tg=1&sw=3.1.473&action=prerequest IP139.45.197.251:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679100&is_mobile=false&domain=eerickog.com&var=3956710&ymid=6422583&var_3=&var_4=&dsig=&tg=1&sw=3.1.473&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:18 GMT
content-length: 0
x-trace-id: f67758f440576f036889994378504e89
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| eerickog.com/favicon.ico | 104.21.9.170 | 204 No Content | 0 B |
IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 24 Apr 2024 01:37:18 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ag4PeTBItVnkP2Jts7O5BjIvSKvO8HxFuaAigoXyA8rDodGTZFQTxS2U5Ko4bznZkQfnJ68mvuCxeaRiVEbH2pI639D9kCcX75ytiKUVrokyU%2FnvE1SviTumhZ%2BVQ5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87925e09d9f30b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/sw/universal.js?var=3956710&ymid=6422583&ab2_ttl=5184000&zoneId=6679100 | 104.21.9.170 | 200 OK | 9.9 kB |
URL GET HTTP/3eerickog.com/sw/universal.js?var=3956710&ymid=6422583&ab2_ttl=5184000&zoneId=6679100 IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
Hash10b28f14a4642eb75e65f9babba5b2e5 83063f314d4e3f6568f4494abc796cdcbd87e3b4 0571c36e64ce7b589721a47fba1a604ca982a0b2a3694440db526d05dfb4e5a9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/universal.js?var=3956710&ymid=6422583&ab2_ttl=5184000&zoneId=6679100 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: W/"6627bca2-5b5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sa4ReusGmT6ze8qykXC8hh9Uuw8%2Bd6ZDn83LFPzpg1vYUeJZ3jA%2BXxhfp2HmVkmpMC6eb9eOYhCszWlh72K%2Biq5MTi3KvIkGJbgavmwUc75jdlzV8BJlPL28PvhBYXI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0849bb0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js | 104.21.9.170 | 200 OK | 13 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (12011), with no line terminators Hash97a720cc805d2afba1d18c848124b92e 600abde3f10a7008dcf63a06a38ddcee64d57824 67f19c84ea29e05d552357bf00c539946706d764dbe36d184af3b711ebd663b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1754.9cd5cec6a6099ad4.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-2eeb"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHK4iR6lIPhsLEpIHrx2Aizo0Rrch3VP5B%2BGSXNFWJd9VUguaGAJdnlmttdiHUTobtKosBiodIJqb2wCWBYfKD5mBanm%2Fo6ZxKGxbI8JPdoWi1xOGdJkAOUW53bjKTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e06e96d0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/rotate?zz=6543018%3B7000967%3B4326653%3B4949467%3B5381235%3B5381316%3B5381307%3B5381339&var=3956710&ymid=6422583&ab2r=&var_3=&var_4=&os_version=&uid=1ye1ho7ain7b95njmld2s0pn2j1ksd9 | 104.21.9.170 | 200 OK | 5.1 kB |
URL GET HTTP/3eerickog.com/rotate?zz=6543018%3B7000967%3B4326653%3B4949467%3B5381235%3B5381316%3B5381307%3B5381339&var=3956710&ymid=6422583&ab2r=&var_3=&var_4=&os_version=&uid=1ye1ho7ain7b95njmld2s0pn2j1ksd9 IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (5107), with no line terminators Hash37fe7bcea9f19e11d02d31d29933bb80 a11884930a7ccd09ef6ffeec3b67b727d54b7894 f15ea4ef25ab09d2defd8712f1d837907e3c28e718ee13345e1fce10f1a0e8dd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=6543018%3B7000967%3B4326653%3B4949467%3B5381235%3B5381316%3B5381307%3B5381339&var=3956710&ymid=6422583&ab2r=&var_3=&var_4=&os_version=&uid=1ye1ho7ain7b95njmld2s0pn2j1ksd9 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
DNT: 1
Connection: keep-alive
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: 85c966d6ea73ff6fc2371f7451274932
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
access-control-allow-origin: https://eerickog.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; expires=Thu, 24 Apr 2025 01:37:18 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YL7qnRa5jjAegU63tXoC7XnO%2Ba2VV%2BmJVbcUNb7cMypfVJ3rSHbUDqc3kQVdg4GxXyTE5q2xq5lcbgiuX6yakhNRmq8OFARnEBstjp4IAYe%2BeJiBfPlA7Q5i0Ny5bQw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0749960b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/comments/finance-survey-people/person-1.webp | 104.21.9.170 | 200 OK | 1.4 kB |
URL GET HTTP/3eerickog.com/img/comments/finance-survey-people/person-1.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashc5da2ea294623650bae71fc84401cf60 f1f62ea011cf81953cefe28254c134e992453b91 09a846c5b1af2c6100ff3193789be1e0e21ba9fc45c268f76f2007c78f1e4ac1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-1.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 1402
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-57a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iMF1z8EMQkaAfOGlx6V8w48Qg3iNT3Y7VkPbbbmzMjAtM6332T2No%2FEC7PVZ1u%2BQr2tn9pjYceeRKS%2Bbd73IiFCG3BsDlbBheiRJOc%2BN3hGLhw6mHL7dxs3fL1vx9eM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689380b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 | 104.21.9.170 | 200 OK | 27 kB |
URL GET HTTP/3eerickog.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (27012) Hash4d5fdbf5a5eaf9b73b515e58aaea8ab1 af206657baadc54af340d9b32738e9797934eaff 05b026bb4f34d6fd3b5db29bffb1ba5be6f9b11d954fa44fd4d57acd997ecb2d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: W/"6627bca2-6985"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lszaf9btXkbhfTZuNWkOftRH%2Fi8MWbKb7dpjekTUdjhxaN4T3yEcx0Ze9bCRkdScE0o%2FRV2idDBXuZ%2FWIzOTRJBkDf2pZS4fyXOWVXtcC3mxDUn2LAPSxOSq9187%2BKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0789a00b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=1ye1ho7ain7b95njmld2s0pn2j1ksd9 | 139.45.195.8 | 200 OK | 64 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=1ye1ho7ain7b95njmld2s0pn2j1ksd9 IP139.45.195.8:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashe910490c78deccc487ee304de46d3738 0960b80125058b729d4f9c96c2d3014070e0bcf1 97be82c00dedcb2ab7ed1bbbdafdb287765a78131b2be72d4cb57f01ed716434
GET /gid.js?userId=1ye1ho7ain7b95njmld2s0pn2j1ksd9 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/json; charset=utf-8
content-length: 64
access-control-allow-origin: https://eerickog.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; expires=Thu, 24 Apr 2025 01:37:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| eerickog.com/_next/static/chunks/9787.32846937d0160cf7.js | 104.21.9.170 | 200 OK | 1.8 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/9787.32846937d0160cf7.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (1771), with no line terminators Hashd269bc24ab428864c8a5d9fd90d791ae ff1943ecbdb21dd40483e22778b0826bce974cde 086e81568c991bb4f9d7f9bcb854f1f2bf66b7397b1eef5b0753889ccb86cb30
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/9787.32846937d0160cf7.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-6e1"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2BIEahDFTkHFsvwN7hWsLtdX0w4iA69iddbPjQU9zOX2kaCmKz8qwzr7GI9ANPHfYIDxuRadX98%2BnJxKa1awktZM93OnaJun1Ppww4xlUApMg2tK%2FOiyzRE66HF637Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0569130b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js | 104.21.9.170 | 200 OK | 1.6 kB |
URL GET HTTP/3eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeASCII text, with very long lines (1697), with no line terminators Hashf04c2c67c01e953b9905a6d2cf3ff213 1325595e714d656cd1c55a083a38200caf7b4c37 6b48b4aa73ef1ddfbfca4feeb48bdf145394fd598bd598b8c6e762d90d8aa5b5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-645"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9Dqlm9EiKBKmHr0u8KqLieR%2FT4TlLqkL2mTzgP%2B52dmq5p3mBbmz8tdnPsv8uwNjuhxcCiFFM41VmC5YoNUPjokxjKqZrGqip4aYlS7DiGPal8yKaZtEhJP9FvN1zM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418b20b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/css/0bc0cde260d08b97.css | 104.21.9.170 | 200 OK | 1.8 kB |
URL GET HTTP/3eerickog.com/_next/static/css/0bc0cde260d08b97.css IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeASCII text, with very long lines (1841), with no line terminators Hashff1d3d5d24ca0172d59b02e7505ddaa1 41e83ee08e21f369886b0fdad0ba01d8b20897b6 939b17f98d9d3585510edafa70c73c6619ea20d9b401b4396041272bed67ecf6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1843
etag: W/"6627bca2-733"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59HskaOFSMVHqYwya3tDHqQXtBlCBX63IEs2ovxWuOhNg%2FcpdnRsN%2B9GvowhBAArT1BQB7Dg5f%2B1iUsshnWlsMhJUg6RIdCHqkWgvPfVOkzRH9FYIpHWYGnVs%2B2Zq8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a50b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/5927.10a9d67f6732d4d8.js | 104.21.9.170 | 200 OK | 18 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/5927.10a9d67f6732d4d8.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (18514), with no line terminators Hasha430ce709a2b2e9b144810c17115f6c7 b0d435157a5614b2d58efdc0f2b5d94bfbfb5c2b d2461dafb3c86b97148ce5a6fe69d9f050cfe2aba4ba5fa311ebc3349504a7e2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/5927.10a9d67f6732d4d8.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-4852"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=waa%2BC3qkY6w%2FAV0WfXJY%2BDV8VIiYHzqj9gDur6PUu8WHK5RbIRu8DBrHuglPnQCBZoRQ2Lgss%2B6sHvyOummktI3ANFzeGq3Uy4ZdsDY5JZHzf4PtK7fjA2wBp2jiVZE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e05490b0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/finance-survey/icon-survey.svg | 104.21.9.170 | 200 OK | 2.7 kB |
URL GET HTTP/3eerickog.com/finance-survey/icon-survey.svg IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeSVG Scalable Vector Graphics image Hasha000ba4d0e7570d810feafb22bc50bef af8fce44a683d3dfebe69cbe856e747739c9a666 9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey/icon-survey.svg HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/svg+xml
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: W/"6627bca2-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M0AVP3DP7uALV0NrhMN4W5hGqX191fp7rFjhMMQ%2FikimnTKG1KE4xnRihJDebqo1HkzrK3ls1CrA8JGx2NtePtKaU0kCZ%2FYsAe0V4FYo%2BG3OguvW8%2FjQI7vDTkfh1iY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0679320b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/2734.c0427a5c5baaafc8.js | 104.21.9.170 | 200 OK | 4.1 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/2734.c0427a5c5baaafc8.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (4183), with no line terminators Hash2ccceb54e595113f97529d0abcac6974 cc2193e9d9141a5e9cd10e3aa09c48ed40ffd197 e84010b7c11ac1e8a381c56e2483be7d2c48783e9356d31cf4c723338e7dd0f2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2734.c0427a5c5baaafc8.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-100f"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyX6EUPpc6iQGFIHwkfx1H4W%2Frukn2CuXtpRoVnaXB8vthNRBK1S70VlHHz1kmM7ptS2VHQKhfgri%2F3xElAZNVRiDVcroonmr3VqleMuDcQCDBcQPaf5tjaGcm4Bf2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0518fe0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] | 104.21.9.170 | 200 OK | 40 kB |
URL User Request GET HTTP/2eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] IP104.21.9.170:443
CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 13:50:28 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzfVUSuyrteOOCHu7cOyXR1KzmlcCcWfsQEuUU%2By8bYo1VpgRWk%2BPuUhZsJKDvRIaH0nIc4d7RK6OGWvB0qz1XGPKhFrEQAp6y4D0bqrn6jQLEfERwoiE1sMNk5DqLM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e02797856a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| eerickog.com/_next/static/chunks/2610.1baf2de4c8779a0e.js | 104.21.9.170 | 200 OK | 13 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/2610.1baf2de4c8779a0e.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (13124), with no line terminators Hash285f6dd54ac88cdc30a796895c98adb3 f4ff40359e70d2a28b3ba2773e180ac93ce29a37 6dff74775e02f0f3618dcd683ce01b570ed044fca2a250051e6f7e6bb0cc2974
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2610.1baf2de4c8779a0e.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-3344"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMEAe76D%2FnXgJqPqIpvpof2ibCfhxBGUjNPjyJZJpAMMKGi7rIpVN4U2Sn%2Bm8GRVAQJYW2bDg7aH2TlEPo2q1WNgGar%2BzKv3bc2cEvKXC7DOn7UsgqdDgRx97lNd0p4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a60b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/1155-583789f39fbca4d3.js | 104.21.9.170 | 200 OK | 65 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/1155-583789f39fbca4d3.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (65221), with no line terminators Hashd1b9c2180b8a1044493574202e4e6764 df3bce9ad71114de9408d34178cbcd7e8fecadbc 1b4ae3890096039116579befc0c26b8c1ff9e23f9c92553c0f69d3fc1f975fd8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/1155-583789f39fbca4d3.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-fec5"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=82foDSGzNK0UivZ7ty%2BK%2Bk4HIhxZU16TZqREstssTmmyF4dsTLURqcmREr711qFNeRnZjzUSMvb%2FG5WXQuRJEMCdTxV8uEoJpIQJGwk3dIIEdiN0FYf5iguWjU8hp6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418b00b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/3091.c21155d8b2396207.js | 104.21.9.170 | 200 OK | 2.4 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/3091.c21155d8b2396207.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (2429), with no line terminators Hash3b91a1044dbf61b756a3730050ebd45f 9336d892614e8c5ab834d493c1cc7c0aa8aacf1a 586c6e521c5ec066a20ba11265175c9c75446d1ae33fc954f14c7d4cd3be2a62
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/3091.c21155d8b2396207.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-94d"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vQ5D%2FG9bD75BC5pMBMlNmr9es%2BG0%2F9V%2FDu%2FjtXgHsHyVq9BlNkueAT9VevFGg5qIbBlPYyVZVF4AX3RSEFsp7Q1Ko6vuRojScfmi%2FdmC5FEwSndGmoKx4q6X7edc03I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0529060b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/4981.3c1daeeee82e08ea.js | 104.21.9.170 | 200 OK | 22 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/4981.3c1daeeee82e08ea.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (21617), with no line terminators Hashe5a18eccb2797e5391d6ce697f63eaba fd0cfa9d1d8af22b690973928c5d65b6be83389b 865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/4981.3c1daeeee82e08ea.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-5471"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SSF67pw9Gwqp7yvWnO%2Bkdof0ouwUVvO%2FD%2FeMyJ7LIk1dtVtfoEDBALeN9tDY9YBW92ZzNRXC%2FBlDWj8WvnnPjqY7LwcHXbtA6Wlmc1PIzCuGGWb12I0QCDUMx4ye%2Fsw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a70b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/track?dry=true&request_var=6422583&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&var=3956710&var_3=&var_4=&variable2=806812208932856583&ymid=6422583&z=3956710&offer_id=1916 | 104.21.9.170 | 200 OK | 211 B |
URL GET HTTP/3eerickog.com/track?dry=true&request_var=6422583&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&var=3956710&var_3=&var_4=&variable2=806812208932856583&ymid=6422583&z=3956710&offer_id=1916 IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash869d4bd28a00900a2f03c02593c0035f aa1e13b9c923493dbc969e13136b726e022b50ed a47c25ee66bb533638fe2c25fed9ceb47e9cc88559593763594af467b02c8f30
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?dry=true&request_var=6422583&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&var=3956710&var_3=&var_4=&variable2=806812208932856583&ymid=6422583&z=3956710&offer_id=1916 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
DNT: 1
Connection: keep-alive
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 45abd9e808ee85a4dfe08ffdbe26315b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4o%2BSJPUTG14HbnqueKWVb69vWWWL26R%2BGCr3yiaC%2FQ%2BBb7%2BewBlM%2Bb6bEiWldp%2F9f2%2FDiZNxlbWFVyx7OAa7nAyKfBJTwk%2Bi5dtYPuYoNgroYhSZjZrLzAXQlOaEAT0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0739950b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/2090-5c4f654224750f4b.js | 104.21.9.170 | 200 OK | 11 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/2090-5c4f654224750f4b.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (10772), with no line terminators Hash48a7086ede3da4d57eaa11bf2ba435dd a58e6ce70f2675ce2fdcaff04a63d33c4bc0744d 59750f2431678c96646d026ec016eeeb91df7913acfe972f7e9a3110b302dc3f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/2090-5c4f654224750f4b.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-2a14"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3TvbK5J%2FSfZGJxUItZgv4a%2BiJUI7T6EtPNtzMk2NlrlAT2jdYxdpJEBmweiAx1kY5On2uf2eP968JZizYXUu%2BSA15FPFurUONdANQcUs0RH%2FNgTYDtNzxSGmHk%2FOQXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418af0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js | 104.21.9.170 | 200 OK | 662 B |
URL GET HTTP/3eerickog.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (666), with no line terminators Hash49f9c13e383477050c867416e60b3222 eeb57b5af30601d21511ff1eb94001b86d0c6465 1430b1cd7eaade1b7ba5b3a245f9221c0f6067efd03fc812821d0762b5d10ad4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-296"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UXTw1lNpUvMY9g7ECSQfRDl4RaBlWn6PijmWdkYbs8gH5UzZCV7z5LGLudbNI8Re45WVCZ7aHJorsZbAoVhV5bQcRxWhCXReLGJfdp6MZm872SoG9D7v0EzH%2FapYHE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418b10b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/comments/finance-survey-people/person-4.webp | 104.21.9.170 | 200 OK | 1.8 kB |
URL GET HTTP/3eerickog.com/img/comments/finance-survey-people/person-4.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash5dc160f6b521dc8f6c670b140b354fed 22e15cda82b532067b99932ec28f86ea2cc1ecbc 09c6c6de57458ec0c4e7a3d2375e0c7b9c037de9366b63e3685cc0ca94d838b4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-4.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 1798
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-706"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apL%2F1GZIVZ%2BypCLMqTXBSewl1XXbOparuzkYSVis%2Fa7jR0qYIR0Nk7KU2WrgdgG8LEsEFBDywnLQ9xWQ%2BY9fjGgcFtqBkn8NSkGunHy5W82h2W51x5QG1ubBe%2FBFVEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689370b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/comments/finance-survey-people/person-3.webp | 104.21.9.170 | 200 OK | 1.5 kB |
URL GET HTTP/3eerickog.com/img/comments/finance-survey-people/person-3.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha747d227c2e10b5178fd942484301d7a b3c5cf90dd5fd2c26c7b17dcb2d35b6dd47065be 9f4fb1281b7141b9dd48925953f7b039b6c411ea0e6e5b158d3e000d75316e9f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-3.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 1454
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-5ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hx3010QUKs0E9RqgOkjv0sLeGDoiiVykWFBpgtoZii2NPHwNo%2BaWpgyvE%2FU%2ByC7Ex47RJAoqAl94gp2%2BlVQ2L%2BxmIaGi4Cc9CMsTBO1kY2lhTiTKAbsyXEiHIwwi57w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689360b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/comments/finance-survey-people/person-5.webp | 104.21.9.170 | 200 OK | 2.4 kB |
URL GET HTTP/3eerickog.com/img/comments/finance-survey-people/person-5.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash188dfcdf19da1d86ed162d54ed03536d 98b1baefbb803548b2894547091b4c7773406524 4f8251665e3cc796f127ea6cbdc00a9ec450adff16acb4ec74463c446b6f4ba6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/comments/finance-survey-people/person-5.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 2384
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-950"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZAKYecKbUJSZXebdqxV%2FVk%2BKyYiUcC9Inz0X4El%2Bxn5iiCFxXfRCrvWFrui8jKgFyt%2FXIXQeBvdC4XOPD1pKC8WDMKc2qQ6hXv6RidIu%2BJA4ZYLZdnvI%2B%2Bg5Jx5g9ew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689340b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/_next/static/chunks/framework-3281cb961088a9a3.js | 104.21.9.170 | 200 OK | 26 kB |
URL GET HTTP/3eerickog.com/_next/static/chunks/framework-3281cb961088a9a3.js IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeJavaScript source, ASCII text, with very long lines (26042), with no line terminators Hash499fb17b15c09c2d76681f27dde9a031 5564d317c33112db56918ec372d392caabec70f2 9350c53e2fe847ec629962106d01d6af28a0d9c69feb57e7609b3c096935cdb2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /_next/static/chunks/framework-3281cb961088a9a3.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-65ba"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qgnRB0QHykWSVxO%2F%2FIqy2XG2CD0OCW7E%2BXxo1Cd4HcLTp9BuYmcqdEcDo%2BsIuX84aRmfh9jHZC5hbDDC7wrPe81OV7JJ9LQqqmWSA3R7uO6miu99HhAA8n6TfSkc4iY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408ab0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| eerickog.com/img/rain/dollars-3.webp | 104.21.9.170 | 200 OK | 5.9 kB |
URL GET HTTP/3eerickog.com/img/rain/dollars-3.webp IP104.21.9.170:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjecteerickog.com FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2 ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/rain/dollars-3.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 5938
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDV6VnGgosORv94V%2F1daJZ0y7nBUrSK4NTqTDhgtrriJ2nUgW223Ib1ckgN6nTeSNz0Jt16uZxmKhnZ1Pf%2FHwiYbgvY1CDsm%2FOJoFXizYiqg1kgRV497YYC6DeeNXTg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0498e30b65-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdntechone.com/stattag.js | 188.114.97.1 | 200 OK | 19 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP188.114.97.1:443
Requested byhttps://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4907
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4KWsCnm0955It1RuABUhEe3wNKIclZjyWagaoiC9q1PgRcuChIrcxXMF5khF9vV6XTCbWN04mtJD9Jeq6afz4ZlSmKX%2FTpD6kXiORDL97juaG%2F1sKLnWmpKNyYh2ljrEng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87925e06cd00712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|