Report - forwardtrk.com/show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls

Report Overview

Submitted URL
forwardtrk.com/show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls
IP
172.67.209.70
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 01:37:42
Access
public
Website Title
Participate in Our Exclusive Online Survey: Share Your Insight
Final URL
eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
94

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
eerickog.com	unknown	unknown	No data	No data	24 kB	429 kB	104.21.9.170
forwardtrk.com	unknown	2014-12-27	2015-01-02	2023-11-05	549 B	1.4 kB	172.67.209.70
arleavannya.com	unknown	2024-01-22	2024-01-22	2024-04-22	2.5 kB	3.9 kB	139.45.197.248
ofklefkian.com	unknown	2024-01-25	2024-01-25	2024-04-23	534 B	545 B	139.45.197.251
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-23	458 B	741 B	139.45.195.8
mr.macgsapptrck.com	unknown	2022-04-07	2022-06-02	2024-03-18	569 B	463 B	34.141.179.97
psoampoa.net	unknown	2023-08-16	2023-08-17	2024-02-22	550 B	982 B	139.45.196.64
gzzvps.com	unknown	2023-08-09	2023-08-10	2023-11-24	491 B	1.2 kB	139.45.196.64
datatechonert.com	46154	2021-12-24	2021-12-24	2024-04-22	568 B	480 B	139.45.195.253
cdntechone.com	64371	2021-12-24	2021-12-24	2024-04-21	398 B	20 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	gzzvps.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-23	medium	arleavannya.com	Sinkholed
2024-04-23	medium	arleavannya.com	Sinkholed
2024-04-23	medium	arleavannya.com	Sinkholed
2024-04-23	medium	arleavannya.com	Sinkholed
2024-04-23	medium	arleavannya.com	Sinkholed
2024-04-23	medium	ofklefkian.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed
2024-04-24	medium	eerickog.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	Size	First Seen	Last Seen
	eerickog.com/_next/static/chunks/pages/_app-0f814bf65bb937b6.js	40 kB	2024-04-24	2024-04-24
Pretty URL eerickog.com/_next/static/chunks/pages/_app-0f814bf65bb937b6.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:52 Last Seen2024-04-24 08:54:56 Times Seen4 Hash 649804f3281026754527e570b07d551b 54462d1b3add95899433716bcde17544f776758c e7803952bd4f44ad5a04f512815505e81c32c128aaa61eeb68e97d5ca812293b Loading...

	eerickog.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js	12 kB	2024-04-19	2024-04-25
Pretty URL eerickog.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 12:10:19 Last Seen2024-04-25 10:28:24 Times Seen29 Hash 97a720cc805d2afba1d18c848124b92e 600abde3f10a7008dcf63a06a38ddcee64d57824 67f19c84ea29e05d552357bf00c539946706d764dbe36d184af3b711ebd663b2 Loading...

	eerickog.com/_next/static/chunks/main-beb6af9e60a8e042.js	109 kB	2024-03-02	2024-05-05
Pretty URL eerickog.com/_next/static/chunks/main-beb6af9e60a8e042.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-02 21:14:49 Last Seen2024-05-05 20:11:44 Times Seen377 Hash 49c6f57370e917bd37dc7d4d4d0bdb56 f5b56f5b9498f3500055c5614808903d85303991 0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4 Loading...

	eerickog.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js	925 B	2024-04-09	2024-05-05
Pretty URL eerickog.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-09 23:02:31 Last Seen2024-05-05 20:11:44 Times Seen237 Hash 3d657d2d17983fccaac3b0512a0f9460 06faa560e966627855c424e23fbb0bb5aadde083 b9e3997d6a87385dd604b65dfa962fe50944dfc158c2e82c945d6b8664e2f81e Loading...

	eerickog.com/_next/static/chunks/3091.c21155d8b2396207.js	2.4 kB	2024-04-24	2024-04-24
Pretty URL eerickog.com/_next/static/chunks/3091.c21155d8b2396207.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:52 Last Seen2024-04-24 16:09:36 Times Seen6 Hash 586fb15e9ba1ed8668fed6c8656bf0c2 b14b27975ee87739dee0e2737c2a348c8a5b8bb2 a60fb82e056de2c7a5d3535ae69a3b562d34e7367653bd77ffd90a7ec49afcee Loading...

	eerickog.com/_next/static/chunks/1155-583789f39fbca4d3.js	65 kB	2024-04-24	2024-04-24
Pretty URL eerickog.com/_next/static/chunks/1155-583789f39fbca4d3.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:52 Last Seen2024-04-24 08:54:56 Times Seen4 Hash d1b9c2180b8a1044493574202e4e6764 df3bce9ad71114de9408d34178cbcd7e8fecadbc 1b4ae3890096039116579befc0c26b8c1ff9e23f9c92553c0f69d3fc1f975fd8 Loading...

	eerickog.com/_next/static/chunks/6223.36a8be3b6724c1ee.js	3.8 kB	2024-04-13	2024-05-05
Pretty URL eerickog.com/_next/static/chunks/6223.36a8be3b6724c1ee.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 13:54:11 Last Seen2024-05-05 20:11:44 Times Seen219 Hash c1f7e2120e9f45cf822bbe5e23ab5711 e5ab7ffa55c8122915c064b4e81387ff71ca018c 492f9bfb9b36328df2670323687dbb0d0ac9499199fe5bac3c7eb91dde9a34aa Loading...

	eerickog.com/_next/static/chunks/5927.10a9d67f6732d4d8.js	18 kB	2024-04-19	2024-04-25
Pretty URL eerickog.com/_next/static/chunks/5927.10a9d67f6732d4d8.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 12:10:19 Last Seen2024-04-25 10:28:24 Times Seen30 Hash a430ce709a2b2e9b144810c17115f6c7 b0d435157a5614b2d58efdc0f2b5d94bfbfb5c2b d2461dafb3c86b97148ce5a6fe69d9f050cfe2aba4ba5fa311ebc3349504a7e2 Loading...

	eerickog.com/_next/static/chunks/2610.1baf2de4c8779a0e.js	13 kB	2024-04-19	2024-04-30
Pretty URL eerickog.com/_next/static/chunks/2610.1baf2de4c8779a0e.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 12:10:19 Last Seen2024-04-30 15:34:30 Times Seen127 Hash 285f6dd54ac88cdc30a796895c98adb3 f4ff40359e70d2a28b3ba2773e180ac93ce29a37 6dff74775e02f0f3618dcd683ce01b570ed044fca2a250051e6f7e6bb0cc2974 Loading...

	eerickog.com/_next/static/chunks/9787.32846937d0160cf7.js	1.8 kB	2024-03-22	2024-04-26
Pretty URL eerickog.com/_next/static/chunks/9787.32846937d0160cf7.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-22 08:23:18 Last Seen2024-04-26 09:26:44 Times Seen79 Hash 0b47bad6a8778bdc8cd3dec268938624 246ca006b4bdb919f3f1e8fd567a8631f5a136d9 1bb773520bd8d662232b89b67a6ae04556b715b90239d9c443502219b71a2471 Loading...

	cdntechone.com/stattag.js	19 kB	2024-02-07	2024-05-05
Pretty URL cdntechone.com/stattag.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-07 19:13:47 Last Seen2024-05-05 20:11:44 Times Seen791 Hash bec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a Loading...

	eerickog.com/_next/static/chunks/7903-dd238946c7924507.js	32 kB	2024-03-21	2024-05-05
Pretty URL eerickog.com/_next/static/chunks/7903-dd238946c7924507.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 14:18:29 Last Seen2024-05-05 20:11:44 Times Seen493 Hash b5dd343db67bd22544d11da18268f5c3 069b5b221dd75af58d93192460778b3d07835e74 6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5 Loading...

	eerickog.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000	27 kB	2024-01-20	2024-04-24
Pretty URL eerickog.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 15:21:24 Last Seen2024-04-24 10:44:05 Times Seen134 Hash 4d5fdbf5a5eaf9b73b515e58aaea8ab1 af206657baadc54af340d9b32738e9797934eaff 05b026bb4f34d6fd3b5db29bffb1ba5be6f9b11d954fa44fd4d57acd997ecb2d Loading...

	eerickog.com/_next/static/chunks/webpack-b5b3ca56f779a8e2.js	6.1 kB	2024-04-24	2024-04-24
Pretty URL eerickog.com/_next/static/chunks/webpack-b5b3ca56f779a8e2.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:52 Last Seen2024-04-24 08:54:56 Times Seen3 Hash f99df043321da0cf02f0558f6861c251 9438d401ae6b6a14ceeebf758000d0c2ea10afed 35bd27b2443f3951979888efac2b938a10fac77d78b0404d3b988f30e43622b5 Loading...

	eerickog.com/_next/static/chunks/framework-3281cb961088a9a3.js	26 kB	2024-04-02	2024-04-25
Pretty URL eerickog.com/_next/static/chunks/framework-3281cb961088a9a3.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 14:06:40 Last Seen2024-04-25 12:54:20 Times Seen93 Hash 499fb17b15c09c2d76681f27dde9a031 5564d317c33112db56918ec372d392caabec70f2 9350c53e2fe847ec629962106d01d6af28a0d9c69feb57e7609b3c096935cdb2 Loading...

	eerickog.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js	662 B	2024-04-18	2024-04-30
Pretty URL eerickog.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:03:12 Last Seen2024-04-30 14:45:16 Times Seen112 Hash 06062156d99da1c306ff5966000be2c4 3c128ded6b30d8bcfb9a85b8f1d7551400c4eb60 9e0349f7ac8b75e95aff12e66f57065f040d20165ea783fe17366bea6a56751d Loading...

	eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js	1.6 kB	2024-04-24	2024-04-24
Pretty URL eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:52 Last Seen2024-04-24 08:54:56 Times Seen2 Hash 7819e598f1620db610c833509a6872e8 3b14925dfd50cd9d50a52b48b17fac861c649eef 031af9fd7af8d4650b41ba35c2afd96b7b64d82dc0c721b4da88a73ca73da038 Loading...

	eerickog.com/_next/static/chunks/4981.3c1daeeee82e08ea.js	22 kB	2024-04-02	2024-05-05
Pretty URL eerickog.com/_next/static/chunks/4981.3c1daeeee82e08ea.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 14:06:39 Last Seen2024-05-05 20:11:44 Times Seen334 Hash e5a18eccb2797e5391d6ce697f63eaba fd0cfa9d1d8af22b690973928c5d65b6be83389b 865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84 Loading...

	eerickog.com/_next/static/chunks/1706.8b7dd24879347088.js	20 kB	2024-04-24	2024-04-25
Pretty URL eerickog.com/_next/static/chunks/1706.8b7dd24879347088.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:52 Last Seen2024-04-25 10:28:24 Times Seen24 Hash 7cd1db24e089a8319084d97207e5bab9 da0814161e7abc9c852b7219ad17af3db13774e7 46d44f30314f990c43945d6bc834b31b3051d68836c384244a632195e22df8e6 Loading...

	eerickog.com/_next/static/chunks/86.bac2ba45e7336f6e.js	3.1 kB	2024-04-24	2024-04-24
Pretty URL eerickog.com/_next/static/chunks/86.bac2ba45e7336f6e.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:52 Last Seen2024-04-24 08:54:56 Times Seen3 Hash e5801768f6202c7eda9d144df55580d9 38118bde241df2b929fde9bede0f6eea9a7540a2 7ecb9e6309acf74b2c6d7fefc6ae3e6a644bd68077fc94cb1cc60a29a02a5bd1 Loading...

	eerickog.com/_next/static/chunks/3978.f48a53d50c258a97.js	3.0 kB	2024-04-13	2024-04-26
Pretty URL eerickog.com/_next/static/chunks/3978.f48a53d50c258a97.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 13:54:11 Last Seen2024-04-26 09:26:44 Times Seen53 Hash 0c60c4b03a77633fc4177d0ffaa530e1 61f40dca0463045927e933959e5f16280db6403c 2f592be0eab537bef0500f89410df1783c7cccef79e8586ba30e53e63c78247e Loading...

	eerickog.com/_next/static/chunks/825.dc2233ab620d87e2.js	40 kB	2024-04-24	2024-04-25
Pretty URL eerickog.com/_next/static/chunks/825.dc2233ab620d87e2.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:53 Last Seen2024-04-25 10:28:24 Times Seen24 Hash 72ac5913c12eaedbe7594c6acf1a627f 544008497f3ce02575d0fdd1df7aeecdb0b4d08b 2b3a1eabd05bc09901c3dcfc74e0ecadce09d0d29e9ddaf90f53fe22e169f05a Loading...

	eerickog.com/_next/static/chunks/2090-5c4f654224750f4b.js	11 kB	2024-04-24	2024-04-25
Pretty URL eerickog.com/_next/static/chunks/2090-5c4f654224750f4b.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:53 Last Seen2024-04-25 12:54:20 Times Seen36 Hash 48a7086ede3da4d57eaa11bf2ba435dd a58e6ce70f2675ce2fdcaff04a63d33c4bc0744d 59750f2431678c96646d026ec016eeeb91df7913acfe972f7e9a3110b302dc3f Loading...

	eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js	182 B	2024-04-18	2024-05-05
Pretty URL eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 11:58:16 Last Seen2024-05-05 20:11:44 Times Seen288 Hash d78f02cd11637a888af548f5e270c3af 9c90b573305ec9d6d2e7e74837c641a863d991b4 2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517 Loading...

	eerickog.com/_next/static/chunks/2734.c0427a5c5baaafc8.js	4.1 kB	2024-04-24	2024-04-24
Pretty URL eerickog.com/_next/static/chunks/2734.c0427a5c5baaafc8.js IP 104.21.9.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 03:37:53 Last Seen2024-04-24 10:44:05 Times Seen5 Hash 0090151da59b46cc16e7ee05588abdfe 9d911a00f095a2249106b95936a20b3db4d790fc ac8bb98afa86aac2a865c219363f54e4d6d9922210c484c3c863153dbca9ed8a Loading...

HTTP Transactions (53)

URL IP Response Size

mr.macgsapptrck.com/click?pid=100&offer_id=21975&sub6=1257083737&sub2=100_1315937

34.141.179.97

302 Found

0 B

URL User Request GET HTTP/2
mr.macgsapptrck.com/click?pid=100&offer_id=21975&sub6=1257083737&sub2=100_1315937
IP
34.141.179.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerSectigo Limited
Subject*.macgsapptrck.com
FingerprintE1:13:28:36:A1:E8:95:BC:B6:38:55:17:C7:05:FF:CE:71:1F:F3:70
ValidityThu, 18 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=100&offer_id=21975&sub6=1257083737&sub2=100_1315937 HTTP/1.1
Host: mr.macgsapptrck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forwardtrk.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 01:37:16 GMT
content-length: 0
location: https://psoampoa.net/link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6628624c7dc81c00014cd2a4; expires=Thu, 24 Apr 2025 01:37:16 GMT; secure; SameSite=None
afoffers={"21975":1713922636}; expires=Thu, 24 Apr 2025 01:37:16 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

psoampoa.net/link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4

139.45.196.64

302 Found

0 B

URL User Request GET HTTP/2
psoampoa.net/link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4
IP
139.45.196.64:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectpsoampoa.net
Fingerprint1A:44:D0:AB:41:1C:DD:6D:91:6F:94:75:EB:87:00:2D:68:D9:0B:CD
ValidityFri, 12 Apr 2024 05:30:01 GMT - Thu, 11 Jul 2024 05:30:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /link?z=6422583&var=&ymid=6628624c7dc81c00014cd2a4 HTTP/1.1
Host: psoampoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forwardtrk.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 01:37:16 GMT
content-length: 0
location: https://gzzvps.com/link?z=3956710&var=6422583
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
link: <https://gzzvps.com>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=04804825e4504096f11d67a49c47dbca; expires=Thu, 24 Apr 2025 01:37:16 GMT
oaidts=1713922636; expires=Thu, 24 Apr 2025 01:37:16 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

gzzvps.com/link?z=3956710&var=6422583

139.45.196.64

302 Found

0 B

URL User Request GET HTTP/2
gzzvps.com/link?z=3956710&var=6422583
IP
139.45.196.64:443
ASN
#9002 RETN Limited

Certificate
IssuerLet's Encrypt
Subjectgzzvps.com
FingerprintFE:B2:4C:CB:93:D5:8B:C0:E0:D6:4A:DC:14:CB:3A:B4:8A:D8:7E:4F
ValidityFri, 05 Apr 2024 05:23:04 GMT - Thu, 04 Jul 2024 05:23:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /link?z=3956710&var=6422583 HTTP/1.1
Host: gzzvps.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-length: 0
location: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
link: <https://eerickog.com>; rel="dns-prefetch preconnect"
referrer-policy: no-referrer
set-cookie: OAID=0480483d530c4d07fbd200f458c2d63a; expires=Thu, 24 Apr 2025 01:37:17 GMT
oaidts=1713922637; expires=Thu, 24 Apr 2025 01:37:17 GMT
OXCCLK=4105106.1; expires=Thu, 24 Apr 2025 01:37:17 GMT
allcnt=1; expires=Thu, 24 Apr 2025 01:37:17 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

eerickog.com/img/rain/dollars-1.webp

104.21.9.170

200 OK

10 kB

URL GET HTTP/3
eerickog.com/img/rain/dollars-1.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image
Size
10 kB (10546 bytes)
Hash
a5bef813a0113d018592091106451c8b
59365e96c4abca5eb98a0c56db0af0bb5cbffebb
036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rain/dollars-1.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 10546
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fk6Eq79103XOqQo2qbL64N5L%2B8RZ1hAJJoyfePQO2y2JG05%2B7gBfZkocCYcGLJ4kCfO%2FKTV%2Ftknd468S%2FO%2Bn06sKZY0MElhGpG3hZYeURae5HFU7LZE9IWJI0s%2Fn848%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0498e10b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/img/rain/dollars-2.webp

104.21.9.170

200 OK

8.1 kB

URL GET HTTP/3
eerickog.com/img/rain/dollars-2.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image
Size
8.1 kB (8140 bytes)
Hash
8b4203d496c3f52b116af082a0cd4017
de5369e9459e240950bb7eb5261eaac1db26907f
8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rain/dollars-2.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 8140
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dd5I7oTRcydWunthKMHjEufELUh7EKWGLRtIm%2BQlS3jggJQxgYaPbf9UCBpJsXvz%2BmFxYM5iuJesktvr0OAerE%2FBCbF4%2Bvm8U4xoXtfyCqAIZBN%2BgeD7XK%2BtVu4IzVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0498e20b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js

104.21.9.170

200 OK

6.0 kB

URL GET HTTP/3
eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
ASCII text, with no line terminators
Size
6.0 kB (6041 bytes)
Hash
d78f02cd11637a888af548f5e270c3af
9c90b573305ec9d6d2e7e74837c641a863d991b4
2357fd3fc3972384c0c7a714da244191da43a7bf5d91fd865a30d2deb0b6b517

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/SvPrY0nXpsuijobtZfca-/_ssgManifest.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-b6"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTpb814z8M1M%2BTPPhQRBOETeyh5J%2F4fcUiVO5m%2Bo3qFTdYxqvvpc5N70F7FNhVJfNio8ERvw31OI%2BlZbuWt%2BK8FOtg9qx54VYmB2hjs9UP%2Bzix6jiSQxlI%2BaKifi5SI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0428b40b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/86.bac2ba45e7336f6e.js

104.21.9.170

200 OK

3.7 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/86.bac2ba45e7336f6e.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (3054), with no line terminators
Size
3.7 kB (3727 bytes)
Hash
e5801768f6202c7eda9d144df55580d9
38118bde241df2b929fde9bede0f6eea9a7540a2
7ecb9e6309acf74b2c6d7fefc6ae3e6a644bd68077fc94cb1cc60a29a02a5bd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/86.bac2ba45e7336f6e.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-bee"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zyKHUJXvO8cPbR%2FMZRespC2gpCVNlgzN4YgGXbrMU%2FgPOsf9QGmt0JdwxCYtnn%2Bg7ZoJAmBa5%2Bk71wqbwRGbA5tLFHBMM5%2BGh0gL%2F68B9CZhx4poeSRc%2FovmNYwyF%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0519000b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/1706.8b7dd24879347088.js

104.21.9.170

200 OK

7.8 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/1706.8b7dd24879347088.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (19738), with no line terminators
Size
7.8 kB (7782 bytes)
Hash
7cd1db24e089a8319084d97207e5bab9
da0814161e7abc9c852b7219ad17af3db13774e7
46d44f30314f990c43945d6bc834b31b3051d68836c384244a632195e22df8e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1706.8b7dd24879347088.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-4d1a"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6y9b1pikc8cSty5AT%2Fi5wvpfM0KrQMMTkRMsdZM8sYBr1looYi8m%2FYhMA%2F9Q3hCS4CRaGrywEQ0eivAS%2BmzQ7FV926EQ0QFjfMcQgXAlHU2OeCtBm%2BXKMCh38cDgwAM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a80b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/3978.f48a53d50c258a97.js

104.21.9.170

200 OK

1.6 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/3978.f48a53d50c258a97.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (2955), with no line terminators
Size
1.6 kB (1593 bytes)
Hash
0c60c4b03a77633fc4177d0ffaa530e1
61f40dca0463045927e933959e5f16280db6403c
2f592be0eab537bef0500f89410df1783c7cccef79e8586ba30e53e63c78247e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3978.f48a53d50c258a97.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-b8b"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NwMtzbAwsCXW7znWJHoYg50aMXrLq87V%2BNJGTawOg%2BTZv0SDLyE7gZQqriQmrq%2Bt0GbGxNohnWCEQsvuVBgFDXLiMTF36LI5ykeWrJC5KcmSGIupH7kzgpoFKQxpBKI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0519010b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/img/comments/finance-survey-people/person-2.webp

104.21.9.170

200 OK

2.2 kB

URL GET HTTP/3
eerickog.com/img/comments/finance-survey-people/person-2.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.2 kB (2220 bytes)
Hash
8f8ffbb278de1342e5cf44cd0c677c23
1b4b4428e409479cc8a8acfce6f537c2aeea7556
ac4284ed6941963c4fa0db306537f42f3a0b1fa18710bc7b9e1e62188961d83a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-2.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 2220
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-8ac"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqGwXm6RO2I2iTWNa%2FuZ2FHz%2F53DEa0aYAHFm35n4UVDG2hSwhG5CWirokSZwy3%2BP8wdgkHQJEl0tWs0%2F1GZ9iq9KUF0cOhkGpNj1lBdNqWw%2FFyYAp0DKNtA7NOgf4Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689330b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/pages/_app-0f814bf65bb937b6.js

104.21.9.170

200 OK

14 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/pages/_app-0f814bf65bb937b6.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (39639), with no line terminators
Size
14 kB (13959 bytes)
Hash
649804f3281026754527e570b07d551b
54462d1b3add95899433716bcde17544f776758c
e7803952bd4f44ad5a04f512815505e81c32c128aaa61eeb68e97d5ca812293b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-0f814bf65bb937b6.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-9ad7"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G1IzvAJoOYy4WSuYZEC%2FHi8229RBdHWjcwBD3J10QZuDrQsscJkE%2BTnweIyUi9njVfOnDcSjrljS7C%2Fiiwe2IeNolpBcImrnc81NudeWbSkI6YiqSaaiuEjBKad67v8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418ad0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/main-beb6af9e60a8e042.js

104.21.9.170

200 OK

34 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/main-beb6af9e60a8e042.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33809 bytes)
Hash
49c6f57370e917bd37dc7d4d4d0bdb56
f5b56f5b9498f3500055c5614808903d85303991
0409ec519061477c75738733ce598796a11cd445e95df1cd3e72d0ef58136fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-beb6af9e60a8e042.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=108887
etag: W/"6627bca2-1a957"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c4fz6yXOHU9z0cKsJEEnipRdgeJ6Wts6e8xhezGpEMFWtUO%2BpfP8hhhzT935AKXlPCAapndUoJwOu3tlZEP5qeKDcSNgeWntehp7igcO8B6BTiO9CEstQ1v3FHMgLyE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418ac0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/7903-dd238946c7924507.js

104.21.9.170

200 OK

14 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/7903-dd238946c7924507.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (31896), with no line terminators
Size
14 kB (13536 bytes)
Hash
b5dd343db67bd22544d11da18268f5c3
069b5b221dd75af58d93192460778b3d07835e74
6347f1d4083f7a0a2ac3d8b12aae8832d9ea6914aa6e137d16a4d41869d14ea5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/7903-dd238946c7924507.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-7c98"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QN5qakQw1fIFgjBNImnQ73lVAjnB%2F1FQlRfI6%2FN3K0TxSRLZ5yIX2vS1ZrSyM%2Fo21rtBX378OxHwy9nQuvM6HqEEWtjOJv76TKZf%2B9tTvb17rfGyzBagncFuCgv9iDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418ae0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/webpack-b5b3ca56f779a8e2.js

104.21.9.170

200 OK

4.7 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/webpack-b5b3ca56f779a8e2.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (6098), with no line terminators
Size
4.7 kB (4717 bytes)
Hash
f99df043321da0cf02f0558f6861c251
9438d401ae6b6a14ceeebf758000d0c2ea10afed
35bd27b2443f3951979888efac2b938a10fac77d78b0404d3b988f30e43622b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-b5b3ca56f779a8e2.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-17d2"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dsz9Fw6S8nOUWd0OOU7DoUHM8A%2BsLerBPC5P3oQVeQt55bF%2FmldiC5Z7HoEJMIyAhuOywsFipxikIPcfy8RBL664YkmSHEA5%2BlliUdAvJcZhaIUkJi6uZmpsv3PHmk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408aa0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/img/comments/finance-survey-people/person-6.webp

104.21.9.170

200 OK

2.4 kB

URL GET HTTP/3
eerickog.com/img/comments/finance-survey-people/person-6.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.4 kB (2440 bytes)
Hash
7be25941ac032fcec25b1bb4ede296d2
cfc4fb3733844326076b6d7632087204c0bea34d
0ff9d28c4ab7516d2790e8df4d325cf602bc8f9eb787a7cd9b6554edd9530e4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-6.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 2440
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-988"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qe1%2FPj60kZc1ZwVrFvDxqsAPOotrmm9%2FnxtB%2F%2Fv6Q4GpJmGG1pELIbzejcWOJzr8oy7LYBU5xJUaomLRHHGepkfx1Fj96iQk9mDhOimmA1WOMzCEeirWlXoXVwaqzEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0639240b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/825.dc2233ab620d87e2.js

104.21.9.170

200 OK

8.4 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/825.dc2233ab620d87e2.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (39469), with no line terminators
Size
8.4 kB (8382 bytes)
Hash
72ac5913c12eaedbe7594c6acf1a627f
544008497f3ce02575d0fdd1df7aeecdb0b4d08b
2b3a1eabd05bc09901c3dcfc74e0ecadce09d0d29e9ddaf90f53fe22e169f05a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/825.dc2233ab620d87e2.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-9a2d"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Po502DXlzOMs8VrQmsIj5SoZ%2FfCi0Gf2mnuCktvnIfnA9TwdI9YdeMkPMSlJXnrzBU0VfMmOR4MTDKHbUDjnj4SpJLyYgsntluyqXA%2FglPeSo2NpZorbjFkmCDP1MaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a90b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/6223.36a8be3b6724c1ee.js

104.21.9.170

200 OK

2.9 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/6223.36a8be3b6724c1ee.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (3822), with no line terminators
Size
2.9 kB (2867 bytes)
Hash
c1f7e2120e9f45cf822bbe5e23ab5711
e5ab7ffa55c8122915c064b4e81387ff71ca018c
492f9bfb9b36328df2670323687dbb0d0ac9499199fe5bac3c7eb91dde9a34aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/6223.36a8be3b6724c1ee.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-eee"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DsNNJ5SGqTRwYRtd0Os00g1sDRtsY4gXfVl7X5IHbOMD5JwT5Cxw3tKy6vvPxxeO691%2FczMI%2BV2B%2FcmaiunwYBcSTJQ94HzX4abgBKiJECOCnNYesJp7elwa2oNTkbw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0529030b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

forwardtrk.com/show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls

172.67.209.70

792 B

URL
forwardtrk.com/show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls
IP
172.67.209.70:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
792 B (792 bytes)
Hash
79394eb6c5aae4f49942439f24ab00fe
71ee90d06a2c0bb75253e07aefed9fe3da0b21eb
cb0e579ab706f5f6cba3f691ff9254fe0c27fa44d45327cf2526354472a8d545

HTTP Headers

GET /show.php?cl=true&l=1674211&u=1315937&id=51744&url=http://forwardtrk.com/h0tgirls HTTP/1.1
Host: forwardtrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 01:37:16 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iIR2VqLvRymG2PkMeBNp8DgtZQSNujSWLdNqF%2FPiMjJcAes7YXfDS738RBWK8jJOvrOUnXHdaLxHbpjfGZmDwyTTWVfAaUkoy%2FN%2FGJgPMzpb8Uu6aRYQGJgBsBRgEvzL2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925dfbecc4568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

eerickog.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js

104.21.9.170

200 OK

515 B

URL GET HTTP/3
eerickog.com/_next/static/chunks/8904.6fbc0cfd51623cbf.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (925), with no line terminators
Size
515 B (515 bytes)
Hash
3d657d2d17983fccaac3b0512a0f9460
06faa560e966627855c424e23fbb0bb5aadde083
b9e3997d6a87385dd604b65dfa962fe50944dfc158c2e82c945d6b8664e2f81e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/8904.6fbc0cfd51623cbf.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-39d"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FPk2F6UFby7iePS2Qwr5pVn7jvkBlibjXp8FcK1lMvkNRGpdlUT2DTPwkORxnNtM8dtSJj3qLi0b60rYsv1pH7avUdOXt06cllLsbkrt8JtvVuMw4DPTbwUec7hjTRU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0519020b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

arleavannya.com/sync-metrics

139.45.197.248

200 OK

0 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://eerickog.com/
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-length: 0
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-do

139.45.197.248

200 OK

0 B

URL OPTIONS HTTP/2
arleavannya.com/sync-do
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://eerickog.com/
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-length: 0
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Content-Type: application/json
Content-Length: 408
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 2ae3265f15737e3ad0225db35d2a3e62
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-metrics

139.45.197.248

200 OK

17 B

URL POST HTTP/2
arleavannya.com/sync-metrics
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Content-Type: application/json
Content-Length: 428
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: df5fc6fdb39c7db331de5c662a3304e7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

arleavannya.com/sync-do

139.45.197.248

200 OK

179 B

URL OPTIONS HTTP/2
arleavannya.com/sync-do
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerLet's Encrypt
Subjectarleavannya.com
Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47
ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT

File type
JSON text data
Size
179 B (179 bytes)
Hash
081142aa1c9267422ee7fd25ac457579
cf8a223610da412aab4cc9aec68f6f304258b3ce
58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Content-Type: application/json
Content-Length: 161
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 46adec4ae2d35102a09f497d65e1434e
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ef09a021-13b6-4335-aae6-88356aaf6ba7

139.45.195.253

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ef09a021-13b6-4335-aae6-88356aaf6ba7
IP
139.45.195.253:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27
ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=ef09a021-13b6-4335-aae6-88356aaf6ba7 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1484
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 24 Apr 2024 01:37:18 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://eerickog.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ofklefkian.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=eerickog.com&var=3956710&ymid=6422583&var_3=&var_4=&dsig=&tg=1&sw=3.1.473&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
ofklefkian.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=eerickog.com&var=3956710&ymid=6422583&var_3=&var_4=&dsig=&tg=1&sw=3.1.473&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerLet's Encrypt
Subjectofklefkian.com
Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02
ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=6679100&is_mobile=false&domain=eerickog.com&var=3956710&ymid=6422583&var_3=&var_4=&dsig=&tg=1&sw=3.1.473&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:18 GMT
content-length: 0
x-trace-id: f67758f440576f036889994378504e89
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

eerickog.com/favicon.ico

104.21.9.170

204 No Content

0 B

URL GET HTTP/3
eerickog.com/favicon.ico
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 24 Apr 2024 01:37:18 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ag4PeTBItVnkP2Jts7O5BjIvSKvO8HxFuaAigoXyA8rDodGTZFQTxS2U5Ko4bznZkQfnJ68mvuCxeaRiVEbH2pI639D9kCcX75ytiKUVrokyU%2FnvE1SviTumhZ%2BVQ5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87925e09d9f30b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/sw/universal.js?var=3956710&ymid=6422583&ab2_ttl=5184000&zoneId=6679100

104.21.9.170

200 OK

9.9 kB

URL GET HTTP/3
eerickog.com/sw/universal.js?var=3956710&ymid=6422583&ab2_ttl=5184000&zoneId=6679100
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
ASCII text
Size
9.9 kB (9867 bytes)
Hash
10b28f14a4642eb75e65f9babba5b2e5
83063f314d4e3f6568f4494abc796cdcbd87e3b4
0571c36e64ce7b589721a47fba1a604ca982a0b2a3694440db526d05dfb4e5a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw/universal.js?var=3956710&ymid=6422583&ab2_ttl=5184000&zoneId=6679100 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: W/"6627bca2-5b5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sa4ReusGmT6ze8qykXC8hh9Uuw8%2Bd6ZDn83LFPzpg1vYUeJZ3jA%2BXxhfp2HmVkmpMC6eb9eOYhCszWlh72K%2Biq5MTi3KvIkGJbgavmwUc75jdlzV8BJlPL28PvhBYXI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0849bb0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js

104.21.9.170

200 OK

13 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/1754.9cd5cec6a6099ad4.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (12011), with no line terminators
Size
13 kB (12664 bytes)
Hash
97a720cc805d2afba1d18c848124b92e
600abde3f10a7008dcf63a06a38ddcee64d57824
67f19c84ea29e05d552357bf00c539946706d764dbe36d184af3b711ebd663b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1754.9cd5cec6a6099ad4.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-2eeb"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHK4iR6lIPhsLEpIHrx2Aizo0Rrch3VP5B%2BGSXNFWJd9VUguaGAJdnlmttdiHUTobtKosBiodIJqb2wCWBYfKD5mBanm%2Fo6ZxKGxbI8JPdoWi1xOGdJkAOUW53bjKTM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e06e96d0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/rotate?zz=6543018%3B7000967%3B4326653%3B4949467%3B5381235%3B5381316%3B5381307%3B5381339&var=3956710&ymid=6422583&ab2r=&var_3=&var_4=&os_version=&uid=1ye1ho7ain7b95njmld2s0pn2j1ksd9

104.21.9.170

200 OK

5.1 kB

URL GET HTTP/3
eerickog.com/rotate?zz=6543018%3B7000967%3B4326653%3B4949467%3B5381235%3B5381316%3B5381307%3B5381339&var=3956710&ymid=6422583&ab2r=&var_3=&var_4=&os_version=&uid=1ye1ho7ain7b95njmld2s0pn2j1ksd9
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (5107), with no line terminators
Size
5.1 kB (5063 bytes)
Hash
37fe7bcea9f19e11d02d31d29933bb80
a11884930a7ccd09ef6ffeec3b67b727d54b7894
f15ea4ef25ab09d2defd8712f1d837907e3c28e718ee13345e1fce10f1a0e8dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rotate?zz=6543018%3B7000967%3B4326653%3B4949467%3B5381235%3B5381316%3B5381307%3B5381339&var=3956710&ymid=6422583&ab2r=&var_3=&var_4=&os_version=&uid=1ye1ho7ain7b95njmld2s0pn2j1ksd9 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
DNT: 1
Connection: keep-alive
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin
x-trace-id: 85c966d6ea73ff6fc2371f7451274932
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
access-control-allow-origin: https://eerickog.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; expires=Thu, 24 Apr 2025 01:37:18 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YL7qnRa5jjAegU63tXoC7XnO%2Ba2VV%2BmJVbcUNb7cMypfVJ3rSHbUDqc3kQVdg4GxXyTE5q2xq5lcbgiuX6yakhNRmq8OFARnEBstjp4IAYe%2BeJiBfPlA7Q5i0Ny5bQw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0749960b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/img/comments/finance-survey-people/person-1.webp

104.21.9.170

200 OK

1.4 kB

URL GET HTTP/3
eerickog.com/img/comments/finance-survey-people/person-1.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.4 kB (1402 bytes)
Hash
c5da2ea294623650bae71fc84401cf60
f1f62ea011cf81953cefe28254c134e992453b91
09a846c5b1af2c6100ff3193789be1e0e21ba9fc45c268f76f2007c78f1e4ac1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-1.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 1402
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-57a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iMF1z8EMQkaAfOGlx6V8w48Qg3iNT3Y7VkPbbbmzMjAtM6332T2No%2FEC7PVZ1u%2BQr2tn9pjYceeRKS%2Bbd73IiFCG3BsDlbBheiRJOc%2BN3hGLhw6mHL7dxs3fL1vx9eM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689380b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000

104.21.9.170

200 OK

27 kB

URL GET HTTP/3
eerickog.com/pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (27012)
Size
27 kB (27013 bytes)
Hash
4d5fdbf5a5eaf9b73b515e58aaea8ab1
af206657baadc54af340d9b32738e9797934eaff
05b026bb4f34d6fd3b5db29bffb1ba5be6f9b11d954fa44fd4d57acd997ecb2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?sw=/sw/universal.js&var=3956710&ymid=6422583&b=8160420&campaignid=4105106&click_id=806812208932856583&ab2r=&rhd=1&var_3=&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&btz=UTC&bto=0&z=6679100&cdn=1&domain=ofklefkian.com&ab2=&ab2_ttl=5184000 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/javascript
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: W/"6627bca2-6985"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lszaf9btXkbhfTZuNWkOftRH%2Fi8MWbKb7dpjekTUdjhxaN4T3yEcx0Ze9bCRkdScE0o%2FRV2idDBXuZ%2FWIzOTRJBkDf2pZS4fyXOWVXtcC3mxDUn2LAPSxOSq9187%2BKM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0789a00b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=1ye1ho7ain7b95njmld2s0pn2j1ksd9

139.45.195.8

200 OK

64 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=1ye1ho7ain7b95njmld2s0pn2j1ksd9
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
64 B (64 bytes)
Hash
e910490c78deccc487ee304de46d3738
0960b80125058b729d4f9c96c2d3014070e0bcf1
97be82c00dedcb2ab7ed1bbbdafdb287765a78131b2be72d4cb57f01ed716434

HTTP Headers

GET /gid.js?userId=1ye1ho7ain7b95njmld2s0pn2j1ksd9 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/
Origin: https://eerickog.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/json; charset=utf-8
content-length: 64
access-control-allow-origin: https://eerickog.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; expires=Thu, 24 Apr 2025 01:37:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

eerickog.com/_next/static/chunks/9787.32846937d0160cf7.js

104.21.9.170

200 OK

1.8 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/9787.32846937d0160cf7.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (1771), with no line terminators
Size
1.8 kB (1761 bytes)
Hash
d269bc24ab428864c8a5d9fd90d791ae
ff1943ecbdb21dd40483e22778b0826bce974cde
086e81568c991bb4f9d7f9bcb854f1f2bf66b7397b1eef5b0753889ccb86cb30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/9787.32846937d0160cf7.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-6e1"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2BIEahDFTkHFsvwN7hWsLtdX0w4iA69iddbPjQU9zOX2kaCmKz8qwzr7GI9ANPHfYIDxuRadX98%2BnJxKa1awktZM93OnaJun1Ppww4xlUApMg2tK%2FOiyzRE66HF637Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0569130b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js

104.21.9.170

200 OK

1.6 kB

URL GET HTTP/3
eerickog.com/_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
ASCII text, with very long lines (1697), with no line terminators
Size
1.6 kB (1605 bytes)
Hash
f04c2c67c01e953b9905a6d2cf3ff213
1325595e714d656cd1c55a083a38200caf7b4c37
6b48b4aa73ef1ddfbfca4feeb48bdf145394fd598bd598b8c6e762d90d8aa5b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/SvPrY0nXpsuijobtZfca-/_buildManifest.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-645"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9Dqlm9EiKBKmHr0u8KqLieR%2FT4TlLqkL2mTzgP%2B52dmq5p3mBbmz8tdnPsv8uwNjuhxcCiFFM41VmC5YoNUPjokxjKqZrGqip4aYlS7DiGPal8yKaZtEhJP9FvN1zM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418b20b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/css/0bc0cde260d08b97.css

104.21.9.170

200 OK

1.8 kB

URL GET HTTP/3
eerickog.com/_next/static/css/0bc0cde260d08b97.css
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
ASCII text, with very long lines (1841), with no line terminators
Size
1.8 kB (1841 bytes)
Hash
ff1d3d5d24ca0172d59b02e7505ddaa1
41e83ee08e21f369886b0fdad0ba01d8b20897b6
939b17f98d9d3585510edafa70c73c6619ea20d9b401b4396041272bed67ecf6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/0bc0cde260d08b97.css HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1843
etag: W/"6627bca2-733"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59HskaOFSMVHqYwya3tDHqQXtBlCBX63IEs2ovxWuOhNg%2FcpdnRsN%2B9GvowhBAArT1BQB7Dg5f%2B1iUsshnWlsMhJUg6RIdCHqkWgvPfVOkzRH9FYIpHWYGnVs%2B2Zq8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a50b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/5927.10a9d67f6732d4d8.js

104.21.9.170

200 OK

18 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/5927.10a9d67f6732d4d8.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (18514), with no line terminators
Size
18 kB (18514 bytes)
Hash
a430ce709a2b2e9b144810c17115f6c7
b0d435157a5614b2d58efdc0f2b5d94bfbfb5c2b
d2461dafb3c86b97148ce5a6fe69d9f050cfe2aba4ba5fa311ebc3349504a7e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/5927.10a9d67f6732d4d8.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-4852"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=waa%2BC3qkY6w%2FAV0WfXJY%2BDV8VIiYHzqj9gDur6PUu8WHK5RbIRu8DBrHuglPnQCBZoRQ2Lgss%2B6sHvyOummktI3ANFzeGq3Uy4ZdsDY5JZHzf4PtK7fjA2wBp2jiVZE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e05490b0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/finance-survey/icon-survey.svg

104.21.9.170

200 OK

2.7 kB

URL GET HTTP/3
eerickog.com/finance-survey/icon-survey.svg
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2674 bytes)
Hash
a000ba4d0e7570d810feafb22bc50bef
af8fce44a683d3dfebe69cbe856e747739c9a666
9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /finance-survey/icon-survey.svg HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/svg+xml
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: W/"6627bca2-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M0AVP3DP7uALV0NrhMN4W5hGqX191fp7rFjhMMQ%2FikimnTKG1KE4xnRihJDebqo1HkzrK3ls1CrA8JGx2NtePtKaU0kCZ%2FYsAe0V4FYo%2BG3OguvW8%2FjQI7vDTkfh1iY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0679320b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/2734.c0427a5c5baaafc8.js

104.21.9.170

200 OK

4.1 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/2734.c0427a5c5baaafc8.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (4183), with no line terminators
Size
4.1 kB (4111 bytes)
Hash
2ccceb54e595113f97529d0abcac6974
cc2193e9d9141a5e9cd10e3aa09c48ed40ffd197
e84010b7c11ac1e8a381c56e2483be7d2c48783e9356d31cf4c723338e7dd0f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2734.c0427a5c5baaafc8.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-100f"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oyX6EUPpc6iQGFIHwkfx1H4W%2Frukn2CuXtpRoVnaXB8vthNRBK1S70VlHHz1kmM7ptS2VHQKhfgri%2F3xElAZNVRiDVcroonmr3VqleMuDcQCDBcQPaf5tjaGcm4Bf2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0518fe0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]

104.21.9.170

200 OK

40 kB

URL User Request GET HTTP/2
eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type

Size
40 kB (39900 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2] HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: text/html
last-modified: Tue, 23 Apr 2024 13:50:28 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzfVUSuyrteOOCHu7cOyXR1KzmlcCcWfsQEuUU%2By8bYo1VpgRWk%2BPuUhZsJKDvRIaH0nIc4d7RK6OGWvB0qz1XGPKhFrEQAp6y4D0bqrn6jQLEfERwoiE1sMNk5DqLM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e02797856a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

eerickog.com/_next/static/chunks/2610.1baf2de4c8779a0e.js

104.21.9.170

200 OK

13 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/2610.1baf2de4c8779a0e.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (13124), with no line terminators
Size
13 kB (13124 bytes)
Hash
285f6dd54ac88cdc30a796895c98adb3
f4ff40359e70d2a28b3ba2773e180ac93ce29a37
6dff74775e02f0f3618dcd683ce01b570ed044fca2a250051e6f7e6bb0cc2974

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2610.1baf2de4c8779a0e.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-3344"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMEAe76D%2FnXgJqPqIpvpof2ibCfhxBGUjNPjyJZJpAMMKGi7rIpVN4U2Sn%2Bm8GRVAQJYW2bDg7aH2TlEPo2q1WNgGar%2BzKv3bc2cEvKXC7DOn7UsgqdDgRx97lNd0p4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a60b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/1155-583789f39fbca4d3.js

104.21.9.170

200 OK

65 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/1155-583789f39fbca4d3.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (65221), with no line terminators
Size
65 kB (65221 bytes)
Hash
d1b9c2180b8a1044493574202e4e6764
df3bce9ad71114de9408d34178cbcd7e8fecadbc
1b4ae3890096039116579befc0c26b8c1ff9e23f9c92553c0f69d3fc1f975fd8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/1155-583789f39fbca4d3.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-fec5"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=82foDSGzNK0UivZ7ty%2BK%2Bk4HIhxZU16TZqREstssTmmyF4dsTLURqcmREr711qFNeRnZjzUSMvb%2FG5WXQuRJEMCdTxV8uEoJpIQJGwk3dIIEdiN0FYf5iguWjU8hp6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418b00b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/3091.c21155d8b2396207.js

104.21.9.170

200 OK

2.4 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/3091.c21155d8b2396207.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (2429), with no line terminators
Size
2.4 kB (2381 bytes)
Hash
3b91a1044dbf61b756a3730050ebd45f
9336d892614e8c5ab834d493c1cc7c0aa8aacf1a
586c6e521c5ec066a20ba11265175c9c75446d1ae33fc954f14c7d4cd3be2a62

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/3091.c21155d8b2396207.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-94d"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vQ5D%2FG9bD75BC5pMBMlNmr9es%2BG0%2F9V%2FDu%2FjtXgHsHyVq9BlNkueAT9VevFGg5qIbBlPYyVZVF4AX3RSEFsp7Q1Ko6vuRojScfmi%2FdmC5FEwSndGmoKx4q6X7edc03I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0529060b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/4981.3c1daeeee82e08ea.js

104.21.9.170

200 OK

22 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/4981.3c1daeeee82e08ea.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (21617), with no line terminators
Size
22 kB (21617 bytes)
Hash
e5a18eccb2797e5391d6ce697f63eaba
fd0cfa9d1d8af22b690973928c5d65b6be83389b
865d0997740868b6c2804f1949e997d55baffc23023235d8af966f8b999c2b84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/4981.3c1daeeee82e08ea.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-5471"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SSF67pw9Gwqp7yvWnO%2Bkdof0ouwUVvO%2FD%2FeMyJ7LIk1dtVtfoEDBALeN9tDY9YBW92ZzNRXC%2FBlDWj8WvnnPjqY7LwcHXbtA6Wlmc1PIzCuGGWb12I0QCDUMx4ye%2Fsw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408a70b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/track?dry=true&request_var=6422583&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&var=3956710&var_3=&var_4=&variable2=806812208932856583&ymid=6422583&z=3956710&offer_id=1916

104.21.9.170

200 OK

211 B

URL GET HTTP/3
eerickog.com/track?dry=true&request_var=6422583&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&var=3956710&var_3=&var_4=&variable2=806812208932856583&ymid=6422583&z=3956710&offer_id=1916
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
211 B (211 bytes)
Hash
869d4bd28a00900a2f03c02593c0035f
aa1e13b9c923493dbc969e13136b726e022b50ed
a47c25ee66bb533638fe2c25fed9ceb47e9cc88559593763594af467b02c8f30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track?dry=true&request_var=6422583&oaid=1ye1ho7ain7b95njmld2s0pn2j1ksd9&os_version=&var=3956710&var_3=&var_4=&variable2=806812208932856583&ymid=6422583&z=3956710&offer_id=1916 HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
DNT: 1
Connection: keep-alive
Cookie: OAID=1ye1ho7ain7b95njmld2s0pn2j1ksd9; syncedCookie=true; oaidts=1713922637
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:18 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 45abd9e808ee85a4dfe08ffdbe26315b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://eerickog.com/
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4o%2BSJPUTG14HbnqueKWVb69vWWWL26R%2BGCr3yiaC%2FQ%2BBb7%2BewBlM%2Bb6bEiWldp%2F9f2%2FDiZNxlbWFVyx7OAa7nAyKfBJTwk%2Bi5dtYPuYoNgroYhSZjZrLzAXQlOaEAT0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0739950b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/2090-5c4f654224750f4b.js

104.21.9.170

200 OK

11 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/2090-5c4f654224750f4b.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (10772), with no line terminators
Size
11 kB (10772 bytes)
Hash
48a7086ede3da4d57eaa11bf2ba435dd
a58e6ce70f2675ce2fdcaff04a63d33c4bc0744d
59750f2431678c96646d026ec016eeeb91df7913acfe972f7e9a3110b302dc3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/2090-5c4f654224750f4b.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-2a14"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3TvbK5J%2FSfZGJxUItZgv4a%2BiJUI7T6EtPNtzMk2NlrlAT2jdYxdpJEBmweiAx1kY5On2uf2eP968JZizYXUu%2BSA15FPFurUONdANQcUs0RH%2FNgTYDtNzxSGmHk%2FOQXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418af0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js

104.21.9.170

200 OK

662 B

URL GET HTTP/3
eerickog.com/_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (666), with no line terminators
Size
662 B (662 bytes)
Hash
49f9c13e383477050c867416e60b3222
eeb57b5af30601d21511ff1eb94001b86d0c6465
1430b1cd7eaade1b7ba5b3a245f9221c0f6067efd03fc812821d0762b5d10ad4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/%5BlandingName%5D/%5BconfigId%5D/%5B%5B...slug%5D%5D-eaddf0428a16426c.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-296"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UXTw1lNpUvMY9g7ECSQfRDl4RaBlWn6PijmWdkYbs8gH5UzZCV7z5LGLudbNI8Re45WVCZ7aHJorsZbAoVhV5bQcRxWhCXReLGJfdp6MZm872SoG9D7v0EzH%2FapYHE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0418b10b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/img/comments/finance-survey-people/person-4.webp

104.21.9.170

200 OK

1.8 kB

URL GET HTTP/3
eerickog.com/img/comments/finance-survey-people/person-4.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.8 kB (1798 bytes)
Hash
5dc160f6b521dc8f6c670b140b354fed
22e15cda82b532067b99932ec28f86ea2cc1ecbc
09c6c6de57458ec0c4e7a3d2375e0c7b9c037de9366b63e3685cc0ca94d838b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-4.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 1798
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-706"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apL%2F1GZIVZ%2BypCLMqTXBSewl1XXbOparuzkYSVis%2Fa7jR0qYIR0Nk7KU2WrgdgG8LEsEFBDywnLQ9xWQ%2BY9fjGgcFtqBkn8NSkGunHy5W82h2W51x5QG1ubBe%2FBFVEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689370b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/img/comments/finance-survey-people/person-3.webp

104.21.9.170

200 OK

1.5 kB

URL GET HTTP/3
eerickog.com/img/comments/finance-survey-people/person-3.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.5 kB (1454 bytes)
Hash
a747d227c2e10b5178fd942484301d7a
b3c5cf90dd5fd2c26c7b17dcb2d35b6dd47065be
9f4fb1281b7141b9dd48925953f7b039b6c411ea0e6e5b158d3e000d75316e9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-3.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 1454
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-5ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hx3010QUKs0E9RqgOkjv0sLeGDoiiVykWFBpgtoZii2NPHwNo%2BaWpgyvE%2FU%2ByC7Ex47RJAoqAl94gp2%2BlVQ2L%2BxmIaGi4Cc9CMsTBO1kY2lhTiTKAbsyXEiHIwwi57w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689360b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/img/comments/finance-survey-people/person-5.webp

104.21.9.170

200 OK

2.4 kB

URL GET HTTP/3
eerickog.com/img/comments/finance-survey-people/person-5.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.4 kB (2384 bytes)
Hash
188dfcdf19da1d86ed162d54ed03536d
98b1baefbb803548b2894547091b4c7773406524
4f8251665e3cc796f127ea6cbdc00a9ec450adff16acb4ec74463c446b6f4ba6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/comments/finance-survey-people/person-5.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 2384
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-950"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2651
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZAKYecKbUJSZXebdqxV%2FVk%2BKyYiUcC9Inz0X4El%2Bxn5iiCFxXfRCrvWFrui8jKgFyt%2FXIXQeBvdC4XOPD1pKC8WDMKc2qQ6hXv6RidIu%2BJA4ZYLZdnvI%2B%2Bg5Jx5g9ew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0689340b65-OSL
alt-svc: h3=":443"; ma=86400

eerickog.com/_next/static/chunks/framework-3281cb961088a9a3.js

104.21.9.170

200 OK

26 kB

URL GET HTTP/3
eerickog.com/_next/static/chunks/framework-3281cb961088a9a3.js
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
JavaScript source, ASCII text, with very long lines (26042), with no line terminators
Size
26 kB (26042 bytes)
Hash
499fb17b15c09c2d76681f27dde9a031
5564d317c33112db56918ec372d392caabec70f2
9350c53e2fe847ec629962106d01d6af28a0d9c69feb57e7609b3c096935cdb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-3281cb961088a9a3.js HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"6627bca2-65ba"
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qgnRB0QHykWSVxO%2F%2FIqy2XG2CD0OCW7E%2BXxo1Cd4HcLTp9BuYmcqdEcDo%2BsIuX84aRmfh9jHZC5hbDDC7wrPe81OV7JJ9LQqqmWSA3R7uO6miu99HhAA8n6TfSkc4iY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0408ab0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

eerickog.com/img/rain/dollars-3.webp

104.21.9.170

200 OK

5.9 kB

URL GET HTTP/3
eerickog.com/img/rain/dollars-3.webp
IP
104.21.9.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjecteerickog.com
FingerprintD6:DD:FE:16:73:42:40:1C:76:63:34:46:5A:B6:E4:1F:79:7E:30:E2
ValidityWed, 03 Apr 2024 06:06:31 GMT - Tue, 02 Jul 2024 06:06:30 GMT

File type
RIFF (little-endian) data, Web/P image
Size
5.9 kB (5938 bytes)
Hash
51ea76ff382bff8ef58a9943f7fd21d1
5c3d6ad6620fbde5ce3dddc88604e6d54621eba2
0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/rain/dollars-3.webp HTTP/1.1
Host: eerickog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: image/webp
content-length: 5938
last-modified: Tue, 23 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
etag: "6627bca2-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6399
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDV6VnGgosORv94V%2F1daJZ0y7nBUrSK4NTqTDhgtrriJ2nUgW223Ib1ckgN6nTeSNz0Jt16uZxmKhnZ1Pf%2FHwiYbgvY1CDsm%2FOJoFXizYiqg1kgRV497YYC6DeeNXTg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87925e0498e30b65-OSL
alt-svc: h3=":443"; ma=86400

cdntechone.com/stattag.js

188.114.97.1

200 OK

19 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://eerickog.com/finance-survey/12/1916/?s=806812208932856583&z=3956710&var=6422583&campaignid=4105106&b=8160420&ymid=806812208932856583&designId=[1,2]
Certificate
IssuerGoogle Trust Services LLC
Subjectcdntechone.com
Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB
ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT

File type
JavaScript source, ASCII text, with very long lines (18452)
Size
19 kB (19102 bytes)
Hash
bec2755dff94190fec0365b0db53807b
f98c36e7e9e06325d03fe39c3b98879062fc2704
ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eerickog.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 01:37:17 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4907
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4KWsCnm0955It1RuABUhEe3wNKIclZjyWagaoiC9q1PgRcuChIrcxXMF5khF9vV6XTCbWN04mtJD9Jeq6afz4ZlSmKX%2FTpD6kXiORDL97juaG%2F1sKLnWmpKNyYh2ljrEng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87925e06cd00712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML