| goagretoak.com/img/dating/location.png |  172.67.141.119 | 200 OK | 1.5 kB |
URL GET HTTP/3goagretoak.com/img/dating/location.png IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typePNG image data, 61 x 98, 8-bit colormap, non-interlaced Hash66875cfbf3b97c6e58aae28214e8adef 7bfcfa2c8d5ea6c1a4a64ed7f2c85261213c4cf5 4e4d3c81874840a43119f58352787b0091a22499ad67694a1c4f531f0b47203e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/location.png HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/png
content-length: 1517
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-5ed"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kQld8vIFfSnJ%2B8PZkWt5XigA4bJf7hG2uGokKfyXzcE%2B%2B9qc8syqwZT0RUfhbE8hO3o%2Bp4M0rwoP77%2ByGjCAvkos%2FvnbA7lRWs3mfaw3UXiWP%2FS%2BNr2pKY9gL0Vyy6P8tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee7894b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/milana.webp | 172.67.141.119 | 200 OK | 8.5 kB |
URL GET HTTP/3goagretoak.com/img/dating/milana.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x375, Scaling: [none]x[none], YUV color, decoders should clamp Hasha720c0311818090ac5d0011ac1ee9169 23303f8fa9932fe369b39e9c92503147cb6b9526 d47c3085088b0964867de396473c6552befe6f13ad3946718f76f7ff8a781b6d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/milana.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 8522
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-214a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fzKy48b%2BebDuRIYlNCSQxXmc2QW6A7mGjeVCT4hQMs9D%2BP4mDWVVfp%2BXk2adfj5Afog7TGJF0MN2KPHIob2je4EdTHtXX4NoBGjrxR%2BiJFsioz%2B%2FPjTbuw3gDJM1oxMRdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee7898b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/anna.webp | 172.67.141.119 | 200 OK | 14 kB |
URL GET HTTP/3goagretoak.com/img/dating/anna.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x499, Scaling: [none]x[none], YUV color, decoders should clamp Hash2de563c3cbee5c2322c8ac8a2b081cd0 f281d6a51e1f9910211fa24f9f8c6b2b893fe76c b6fc298a9e5ceb3e5533137e2439179adc97db2278cdf2c07baac25e711bab27
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/anna.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 13976
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-3698"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDwMXwaqwK8ovK59%2FrVNTj63vGo9eBRFyczzTDtSyJJUUUuRuyyZ0j0ZTPauaPFd89eKHqwyB8j0PwVVMZ3E9bxHwdFv72FWcQKrnlfMpdC1NdqlryZD1nhalZwqqJddmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee7895b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/adriana.webp | 172.67.141.119 | 200 OK | 10 kB |
URL GET HTTP/3goagretoak.com/img/dating/adriana.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp Hasha72acf36a318a48fae3269a70e595350 c89b823e53a6aca172a8998621f7767838586c25 5800f01a47e4c9266b23e3c9bc9d1cba7ca6a7860405d70bbe67c47bcea2cec0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/adriana.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 10520
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-2918"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D91Knm6mDaIwNj19Oez%2BF3CgJ9nU5bk%2FYO7uGcb02R22oawvmjjv56zVrOOduDUMzzW7Xc%2FJOJGmH6BIFUKzF9cdeEqFjzYwzNLvIhd00hg%2FW2xyRNPFwz7WVYdBafutKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee789bb4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/jayden.webp | 172.67.141.119 | 200 OK | 4.9 kB |
URL GET HTTP/3goagretoak.com/img/dating/jayden.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x241, Scaling: [none]x[none], YUV color, decoders should clamp Hash1b1a762ced577ff1ae9c8e28f871f413 dd14acfc0e7b93dc6d2ca9ef13bbfd8682f62eba 7ab7205c68dd0cc636ba0be7046e43f266c131cd8725cc9857b7bb801f3113c3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/jayden.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 4912
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-1330"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KPlOudFBpEkOn5o%2BUOqjhRICt8Lp%2Fe%2B7hMK7EXmeHZhhLho0pkigGsDthJqdVn4FlW1M8kfOyC5SdIhhBogrmYGp46mFm1KarbZKJvApadaj2YT5iLvxxz2zhA7aIY20Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee789cb4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/jessica.webp | 172.67.141.119 | 200 OK | 20 kB |
URL GET HTTP/3goagretoak.com/img/dating/jessica.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x390, Scaling: [none]x[none], YUV color, decoders should clamp Hash32015af3744ecf213e5d89661f763e88 258614fc256b6fac24fb952e4c0364ccfd309553 d9d561a628dfa01b112d7ab632da73d2270de5fae7549cc196ed0112fbbb9ebb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/jessica.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 20200
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-4ee8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MtAD35L1u8lYmo7vMJ6QFXg7rTjcXSwPI1qJuTEBlA0HwQRbZ2OFvNiyHyiaqrm70Z%2FjbUas9bJMnjLYZMsT6Xr0%2BQ%2F2cwQWULa4iojaL9nEO7IVkg%2FLhmsUk7%2B%2B1lnWoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee7893b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/melisa.webp | 172.67.141.119 | 200 OK | 33 kB |
URL GET HTTP/3goagretoak.com/img/dating/melisa.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 554x414, Scaling: [none]x[none], YUV color, decoders should clamp Hash41c64b4dd274f6057d54efcc99fc9c27 dfabde2e691ff0f264258a0f3974a5d6a36d66ae d31231e53199c4e75d6f82e839cdb38984b266121574c55ce85c1612f78b4278
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/melisa.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 32782
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-800e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wynp38yk07bz35fTtgUvWsukblrWeqeeaw1I94A7bblJO0bvj2Q%2FgrQiKfXOx9bOEp5hN%2FCUR4WXEoyzz7z4eAInQ1AQ6U%2BanfJXj6hr4qgjIEPbxkv0LViVQE5S4ubZhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee789db4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/tiffany.webp | 172.67.141.119 | 200 OK | 17 kB |
URL GET HTTP/3goagretoak.com/img/dating/tiffany.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 507x500, Scaling: [none]x[none], YUV color, decoders should clamp Hash121e18066a90b04b590f94d59737fb63 85be91d1428a759286aa1b9cc827c978c522415d 3cfacc85bcfc651f7052c2cc7b378ae530f27b39e88ca4e58b67816f497bad30
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/tiffany.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 17412
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-4404"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NRMzGFAtb0FifHwSgJSMzQyvcQbfuDXAHFb46dEpH2EOxq%2BP7xMgQZ0moVOz9R6Dy%2BIcDSBYEISIFD29CXO0cQNTuP8%2F80qu8PnZoe40pa%2Bgw%2FSAba9G%2FitKJZqHy6Jgtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee78a0b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/jasmine.webp | 172.67.141.119 | 200 OK | 32 kB |
URL GET HTTP/3goagretoak.com/img/dating/jasmine.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x620, Scaling: [none]x[none], YUV color, decoders should clamp Hash933dec2aaa8b66537ee5dbec726302b7 9d60a68e7a99263f101289bfb941c656f14d2333 03a5e38911a4cf7978c712bd809511e68327f909d5a5249df9bd75ae54f7897b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/jasmine.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 31474
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-7af2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=udj4OdvPYy035Z8w0WnjR981hDnU2vbbLhwv8RjgxwrtH2NB%2Fp7zu7SAB8F%2BOPWo6xEjyG2eT%2B5Fsi%2ByA%2BX8O1azC8S42rrz72qeler31%2BV8JV73VNN4PzGDjFMOX4LRbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee88a1b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-react-dom.production.min.js.c3329619.js | 172.67.141.119 | 200 OK | 48 kB |
URL GET HTTP/3goagretoak.com/js/v-react-dom.production.min.js.c3329619.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (65440) Hashf5e47be85ac64238a6511377c99bef6b 14202f5ec5092ffcb622a84db5877f1c99493b4c 198b63ec93086fb7042c6052dc6558626c506852de0903547cd1b2d52780839e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-react-dom.production.min.js.c3329619.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1f94f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=125RGRR4dyXf%2FkjJh1dXaZpxGh%2BiFSYJrQhwa23J0rofJzqwPtoP%2B%2BiRJ%2BnOAoJzcx4ehYEfl6%2Fdq1X7P4%2FaBJvHfv3C0OzdMCHlsLQHJdPQ252tEWbhbFEtb0Fe%2F2QbNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee688cb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/css/survey-dating.77b63812.css | 172.67.141.119 | 200 OK | 6.7 kB |
URL GET HTTP/3goagretoak.com/css/survey-dating.77b63812.css IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeASCII text, with very long lines (16783) Hashd620d358aeca0f4d02962c27f079a242 4134001e1e4582d640872424567e1def7e235e80 f1a9d47b3f153990f65d7c83331b1a49c0a0b2bf0c17c1444bb6416e73669624
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/survey-dating.77b63812.css HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: text/css
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-6c95"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YjDf%2FDIbeAZ06ik2LH8ZGPk7ZLa8vTN%2BX%2BToOyuuuera02EHzMa7caMHWFm%2Br3D6GnMzK4MLcEboPBa28N0Ah6sYk3Z%2BrKj6OrG2ygc%2Fz1%2FWNm0JWbWbhwUlNTUMoXGWiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee7891b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/dating/map.webp | 172.67.141.119 | 200 OK | 19 kB |
URL GET HTTP/3goagretoak.com/img/dating/map.webp IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 580x580, Scaling: [none]x[none], YUV color, decoders should clamp Hashc0c1ccee54f80a107e8424ca1c3c72d2 191ad2c877f7904c22ec5c4e46262d97ff843a53 b2e5f5af4ce01433609251c3fb4e83c8bad2b9cd1ccd51d3d8249dd29f2d16de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/dating/map.webp HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://goagretoak.com/css/survey-dating.77b63812.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: image/webp
content-length: 19442
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-4bf2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FjeAFclnyxs2El0wLTu3d02pfYzFvwoU6%2Fvu5%2Bf0%2BnZS5DmdL6MSrvsK4hMJ4s2T03QpEgIG6FMDVO%2BNdc7vG33pkWoVkt%2FV8s2flwIFZp6bkQfPwWE8WFhd10GCnuhJEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7efa9a7b4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=r0pmy5s0e0y57fcqdq10cz2j3qacg15i |  139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=r0pmy5s0e0y57fcqdq10cz2j3qacg15i IP139.45.195.8:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashe45519fd6bde76681ae9d902ed4040cd bec4fc35d34a41b14010c6711e497f54bede29aa 746936a2c10b85ecdcfc0da6c49a17e64223a549a62b542d65d3fed024052cbc
GET /gid.js?userId=r0pmy5s0e0y57fcqdq10cz2j3qacg15i HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://goagretoak.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; expires=Sat, 26 Apr 2025 07:37:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| goagretoak.com/js/config/dict/cookie-consent-1.json?v=10 | 172.67.141.119 | 200 OK | 2.9 kB |
URL GET HTTP/3goagretoak.com/js/config/dict/cookie-consent-1.json?v=10 IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
Hash4f1c632e971c4261f927ed0cf67bfdee 18c72b10719ca98b61b1f1f84e4b01f0ed8b3763 2bfa8e9b4326caea44f0d0c0345a31f34f19d47ae2e60fbc7c557df9ceffdca6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/json
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcG4rYwmzi6l5P5SrVg5%2BrRIKdyUu%2BnZ0iuWFSNxDkqCG%2B3AIa22shEgDaj%2BCbFelDXw5nekrYCQgu4YT1MYHezuuIHPO6U8RsxQD%2FpPkYYL4LzQ83fvUkjN%2FjyTs2ScoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7eff9f0b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-length: 0
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 814
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 2e18a49037ac07f414d687767e3441cc
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| goagretoak.com/js/_rtc.f86a36d7.js | 172.67.141.119 | 200 OK | 5.7 kB |
URL GET HTTP/3goagretoak.com/js/_rtc.f86a36d7.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hash128d6eec0793a7e02c314d2f6245f260 c9f09311c3f229b770f38d0cc69b422430f1c748 bf1606ac64db254cc565a094e7162a96f31f7e48ddece56fc92c654559e5abb8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/_rtc.f86a36d7.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-2fbe"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0H76iy7tawd66AucmKU6P%2F553HZTVsmYK1cHOoP2tuM8gw12bzdzeO%2BcNWt1IwwB5sXJpJbi5DMogggQKqXopD%2F020MpHLZAzrqiIWh1gWTg9OIPwdx3IcJJa3R5RQOJMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee687cb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/config/sd/sd-2061-en.js?v=10 | 172.67.141.119 | 200 OK | 1.2 kB |
URL GET HTTP/3goagretoak.com/js/config/sd/sd-2061-en.js?v=10 IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (4102), with no line terminators Hash306ffe3db62c8ee54aae3cccae340139 3d888c81c48864da77e1c44a598bb715ec8f4163 8036db28e2f73a0594ee02549154b66d836578f55513d3cf5ce22111c2c9e97d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/config/sd/sd-2061-en.js?v=10 HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-1020"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rvexsf5%2BHCNuh1bI%2FHCw3a0H%2BqTXYoBsU48%2BeAdqB7eTfnztR%2FTUHnnoA7Tr0FIPv%2BL4jyfadMzmZKEaWMhkDJgw1x389I7Q8TKCAtk4QIfzsEvELuvFljukgcxz1pglWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7efb9b9b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-dom-to-react.js.26fdf751.js | 172.67.141.119 | 200 OK | 660 B |
URL GET HTTP/3goagretoak.com/js/v-dom-to-react.js.26fdf751.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (1085), with no line terminators Hashb9187a6f31bd6c7c0cfe0bcb37ecf60a 1150c33a65703059e43c0d85b1680aa04d4d60e6 a5f216a4ea67c8f005b6cededba525ee330a2d4f8caedc8232f44e4e163e5ebd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-dom-to-react.js.26fdf751.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-43d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4RRmwxCiz7Mnf2t0fOlxf6nqr%2FSIAPuOXbqcZd%2B2yv2GkVbNk3VQsf7CpHn%2BUpLpezsfNh5tsmCdjpS382DZk7krwbymrh0T4JloXleJz6RUbd2LAaec45p66E1pDJxjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f10aefb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offpichuan.com/track?offer_id=2061&z=5424146&request_var={zone_id}&variable2=16aef1m7vtlc802a&oaid=r0pmy5s0e0y57fcqdq10cz2j3qacg15i | 139.45.197.237 | 200 OK | 182 B |
URL GET HTTP/2offpichuan.com/track?offer_id=2061&z=5424146&request_var={zone_id}&variable2=16aef1m7vtlc802a&oaid=r0pmy5s0e0y57fcqdq10cz2j3qacg15i IP139.45.197.237:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
Hash518fbbd5a95951cd6212498955368d69 f6b781a48dee7d09f5b29745c4ced1397642bbe1 f8c19e1cf3423fb386d154c3effb94bc2774d81de6af91588f731e2ce2b6a4f8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /track?offer_id=2061&z=5424146&request_var={zone_id}&variable2=16aef1m7vtlc802a&oaid=r0pmy5s0e0y57fcqdq10cz2j3qacg15i HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/json
content-length: 182
x-trace-id: 5153edf239d0d26dcc0c3956beb11933
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| goagretoak.com/sw/sw6009598.js?var=5424146&var_3=null&var_4=null&ymid=%7Bzone_id%7D&ab2_ttl=5184000000 | 172.67.141.119 | 200 OK | 523 B |
URL GET HTTP/3goagretoak.com/sw/sw6009598.js?var=5424146&var_3=null&var_4=null&ymid=%7Bzone_id%7D&ab2_ttl=5184000000 IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
Hash974d9ab521e5b53f28cd067e9a1f5307 6e9be61dd2031241ab2ceb2fb30ee98b5f545cb6 79421ee0caf588ae686414ee177b8c6f2e2bf0119820d9e2f41a3f59fc8fbcb5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /sw/sw6009598.js?var=5424146&var_3=null&var_4=null&ymid=%7Bzone_id%7D&ab2_ttl=5184000000 HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=My%2FaWDPKQUzl9lbXwZ%2BruoWSAWodqoDyip9Guu4EhhxRBPTb%2ByntlovhujWkW8MXm%2BVLE5L33R7CqbZfYJzxL0AILVv5RbV6rZMiPyvuV8qAr1vJIQwFAh54DC4lRsW9bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f1ebdcb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-length: 0
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6009598&is_mobile=false&domain=goagretoak.com&var=5424146&ymid=%7Bzone_id%7D&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6009598&is_mobile=false&domain=goagretoak.com&var=5424146&ymid=%7Bzone_id%7D&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest IP139.45.197.251:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=6009598&is_mobile=false&domain=goagretoak.com&var=5424146&ymid=%7Bzone_id%7D&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-length: 0
x-trace-id: 6833d74812f186259736fd78cb5d4982
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-length: 0
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 815
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: dfb8a3eed3a03dfa8f986712c5fe4f61
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1742
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 5be906d64dd94e4c0d3567b4063e39d5
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=db412588-c8f7-4cc9-8e59-1b8c94abe9ec | 139.45.195.253 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=db412588-c8f7-4cc9-8e59-1b8c94abe9ec IP139.45.195.253:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=db412588-c8f7-4cc9-8e59-1b8c94abe9ec HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1480
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 26 Apr 2024 07:37:11 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://goagretoak.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| goagretoak.com/img/fav/heart-apple-60.png | 172.67.141.119 | 200 OK | 1.4 kB |
URL GET HTTP/3goagretoak.com/img/fav/heart-apple-60.png IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typePNG image data, 60 x 60, 8-bit colormap, non-interlaced Hashf4471d411b901f4ffadfe746f4301a94 5eeccf4b904e8d7c08637ff7ea86a349ba61fd34 7c57c6ba7a764d7e5199abf41c8ae69dbc759bc31367ed49cfa9e02c44621e84
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fav/heart-apple-60.png HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:11 GMT
content-type: image/png
content-length: 1430
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-596"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JmU9%2Fkv%2FKgvRZTeyMXWLzfODaztrfrH%2BX591DfCEK7SV8ImfyLZwFsfXEZq8%2BUQq897GZCKgPWiv5sxrzGItbSrAFbjU2ZdSl3w7BcJR2REyZm4mNASUtCWwLmWLPVCEng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f55ffbb4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/img/fav/heart-16.png | 172.67.141.119 | 200 OK | 324 B |
URL GET HTTP/3goagretoak.com/img/fav/heart-16.png IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashb4cd647d8f4287b5bfb000409bf3f467 2ecdf76086a51393192e3a963207ce1123c5bfa4 1ea844325ec9fc0f9c3b94ae21ba4673b11632ea8a5a7b588b125d5439525ca0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/fav/heart-16.png HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:11 GMT
content-type: image/png
content-length: 324
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-144"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mWx%2FV25Nw6S3%2B3pmfNgs7Ln88Ul%2BczyG%2FswjX2zDVUwQHYbM7HrQTJYQSZCCd5IkmZ5HD6pQ%2FtUiN08nk1iJ8Ap%2BOJlZc66ADhjXfIU7FRgc03ga1z96PpSQw8VYhUgfZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f55ffcb4f3-OSL
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/s-storageService.js.bb9f7a22.js | 172.67.141.119 | 200 OK | 2.2 kB |
URL GET HTTP/3goagretoak.com/js/s-storageService.js.bb9f7a22.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (2216), with no line terminators Hash803fe057e4762b54a284184815cfb62e e748b6c77988934fe2b458b61a93e35f22cfecbc 0552fbab13dd0597298180b4d1c5e1a8a2ca66e121e3ab892f100366c8d45d3c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/s-storageService.js.bb9f7a22.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9118-87a"
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1NCfqpxef8CoquHkGmpLw4QGaNyjcFzgoxuWrd2OnNnJBaOnovoaDAudeWUIzn%2FC8IWkdIjOCkqtCLxwzPcC6b8y0qIjxHztx9um1ygsJdbtri6%2F8s4YRsrKYj41Paekw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee687fb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-index.mjs.19622407.js | 172.67.141.119 | 200 OK | 35 kB |
URL GET HTTP/3goagretoak.com/js/v-index.mjs.19622407.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash1de1ec2d8e7940b88970d8fbce40ed6d 510aa24127fb8bc3578d9ca4628b2eea5a84ce01 b473156bef833bcfb2e84658093f1ebc1e64011dcba904e26ccb31f1cad8b762
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.mjs.19622407.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-89d7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qzmJxkg19zArtWmak0cpw0VJJcrPGvbP5IukYBXlMneOBv6LfRPRcGOk4R7OCsgA%2BYvHTGVH89AYEzi%2BbItxCrRnkp7zSWy9PHz%2BoRtIbAaoZ80SWdRsfXdvwt9s6t9k0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f0fad3b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-constants.js.49317f47.js | 172.67.141.119 | 200 OK | 600 B |
URL GET HTTP/3goagretoak.com/js/v-constants.js.49317f47.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeASCII text, with very long lines (664), with no line terminators Hashcf8c486ed295e4a6a30f4fb155bf9fd3 9942a3d40672242af15f2d5cc95df2c06872914f 83c4b13e336b66f673d082c8b9b2b20fb98772916cb5da52f9e48c929cafc9cb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-constants.js.49317f47.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-258"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1CVMe9RpjGAbRagB4d2pcwaGy7UiTpqRm6uGz2iL777qZJIxf%2F2G9ZDJjV1Yy7I8R14WkQjBvcsUhohcnlmpUEq1WJSRWL7gSdmqHk06Y1V7NI5%2B9GSCp9q%2BKpCjz4KY6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f10afdb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-node.js.28d8082c.js | 172.67.141.119 | 200 OK | 6.3 kB |
URL GET HTTP/3goagretoak.com/js/v-node.js.28d8082c.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (6337), with no line terminators Hashb11cf8c1d8d8183e4d11a8f17a41189c 2f912e66ec3992d21e66e7c8e4ff40a2142a4d64 9e69f7af4cfb7fa8b5eb0d67ed8a36f5d23c276ba29b7209565faefab84b71ba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-node.js.28d8082c.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-186b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HgBiRoXj%2BM%2BH%2Fc7fxuMzQJP06JPklnHn1ug01DjJY5uSnY6YOnA0tHb2ow%2BJ6rvtU9rQfhk3%2Blcae0jyFqxi9g2slwkr7sGcgA%2FdQMUZZtuFsMSDos%2B00%2BTgW5G1zK92mg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f0fad4b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-possibleStandardNamesOptimized.js.205abacb.js | 172.67.141.119 | 200 OK | 7.6 kB |
URL GET HTTP/3goagretoak.com/js/v-possibleStandardNamesOptimized.js.205abacb.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashf80cb2aef29b4a80d135d1a598ce1dfa 0653306df1fd8d8591f84661643825e41684d3f6 43c16ae11cea687efa4ca55dec516b23257c3fcb22c9d3541041f1816aaa7b5b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-possibleStandardNamesOptimized.js.205abacb.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-1d99"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bex0Rwi81CI%2FGzBj1xoJLplhT%2BoPP3OkCOIZsqEqbsyKVqI3ZNSE27kyqNDQTIZ7JtfQdG4ZjxlZpQr87eZVjmi1usYBI19kvj8foixidiNhPU3Urb9UKQdiZ0R7gEv83w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f0faddb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 | 172.67.141.119 | 200 OK | 13 kB |
URL User Request GET HTTP/2goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 IP172.67.141.119:443
CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeHTML document, ASCII text, with very long lines (12804), with no line terminators Hash9d24f696798ba9a843a74dd612dbabda 3f186113fdff0bbc2e63da541f9b7770b8bc9b9a b07865d16e2697889533fdef9a28f9038849626b1346def33949c87f8c17f319
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:37:09 GMT
content-type: text/html
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RVkDJTDX41UiIUzECN9FVK3VdcRAKvclfxlASXBVmyoEa%2B%2FQemoC2NkMZW82F05PbqVew9G6O2U0Af%2F75gZ6Xbeb3SIKz7YSYgjoEWRcxVa8FkJn8kZJ9O%2BHwcuSsbfQHw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ebcce6b4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| goagretoak.com/js/v-index.js.da9f7529.js | 172.67.141.119 | 200 OK | 41 kB |
URL GET HTTP/3goagretoak.com/js/v-index.js.da9f7529.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (40911) Hashf0c16b073e12930f7cbd321dd6f8f9b9 af74daaab1c8cb17152c3352d40ab89afea0b29d 9058ace69791e8a1eb5f9849c20a6dcd6e0f9018696ed0e563c3da7082aec861
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.js.da9f7529.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-a01c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YdfP6Ix5I4nrYNwbTmWvKUL7V26IRBvoTbJagKrMG6g4MWVN8%2BJqmTYmu8DoLvfUNQ%2FSYFeKX6p5Bn3q90sTll7dd3ubSVy0BKQFW0lRat%2BTOKyVZX8DNpzGBR39r17K8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee687eb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/_core-survey.1b09882a.js | 172.67.141.119 | 200 OK | 170 kB |
URL GET HTTP/3goagretoak.com/js/_core-survey.1b09882a.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
Size170 kB (169676 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/_core-survey.1b09882a.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-296cc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I4%2FIfwv1PTvu72vRCnVsMYQm6eRBYAzRO0zpH4N3cV%2BWKxRt0T0mQtr%2FN5BUrSPXbGppV34JW9aX0oRMBrdNbinm8jaE%2FzvG%2FXdqwhXOfzhhdjx%2BvAHzXwDo6RqSAil1lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee788db4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 177 B |
IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
File typeASCII text, with no line terminators Hashe36ffa66ee82acf3ddd2e9c1978d44e3 060b9cc0a732af23d20fba23040f46338121a9cb debfb37496de8fbb60a47d25218610ff1132dd2e410631b9287d18da51d1af9d
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 155
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/json; charset=utf-8
content-length: 177
x-trace-id: 6ab6b44918a6079648ac7010dc3c90bb
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| goagretoak.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js | 172.67.141.119 | 200 OK | 330 B |
URL GET HTTP/3goagretoak.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash6eb1ccbb769935debb74de9858287720 5302f94074f05eb22f05368dfe3464b85c89fb48 1e016cce8f09ded837e6e46c9e26d5dddccc19bbfa89c9dc583c04d85e2c7bb4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkSessionStorageAvailable.ts.e8412d91.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-14a"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P6FJAvrtd13gtGMJ4CEH%2BrBwJMfplVTgw%2BC3zyBdoHCzbnfaBCT9Iulks9XirojP7wkXwoiS8bLPTfn03sCy8Y9%2B5sNcWr7%2Bpb56wKYNpLi%2Fekh9WiSQCM%2FTgqt9cVA8ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee6880b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js | 172.67.141.119 | 200 OK | 330 B |
URL GET HTTP/3goagretoak.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash9a78659da737fccc89546e61f0eb6213 84e705584bdbc81715e0326742f426c2f472d3a9 bb46fe2e65cc91e5a01a8e731754fdc9b8f30813835a673bd96b48672ac82d60
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkLocalStorageAvailable.ts.f2fef93d.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-14a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2F%2BBNFw9Mbhobumm9QGLUS%2FMDKDNuTBZGgINpr69A0Fvnq23CjFQ0TWlQI7PWBklQUrbUhFGTMwUfzYovKB8eT0vryOLRcahVgPbWU%2FpKC%2FI7hpWeVbRZQetMKvLizx5rw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee6885b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-redux-toolkit.esm.js.fe3487ca.js | 172.67.141.119 | 200 OK | 11 kB |
URL GET HTTP/3goagretoak.com/js/v-redux-toolkit.esm.js.fe3487ca.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash5aa3676547abc9a38889c09e69ca968d d19ea919192e86f97c34c0a5959ad05c52299aec 21648e7ba668a077e403b6bd1a38f05d55d987737b959d57e3b3c53787107eb7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-redux-toolkit.esm.js.fe3487ca.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9118-2c37"
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UgIHQzdGUeoGRaAsj8aytcvMUjE82rvQ1hWT4M%2FzTuXIkk6AGki%2Bgwt3pMBCM%2BCt3yVPCl%2F7h7x9yQAbBSdfjDI9g4J3fcuQTELuPl7uh2aOEp025Uf7%2B9%2BbEUhXZWjQYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee6887b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-utilities.js.d1112fc4.js | 172.67.141.119 | 200 OK | 2.6 kB |
URL GET HTTP/3goagretoak.com/js/v-utilities.js.d1112fc4.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (2645), with no line terminators Hash3f45699a0edf3555d230727e3e1ba866 f30b9f52153e77b9ce60a30ecb15f36657792908 1b312ac32a5c37ffe1c4bf861a048a76d807155fe494adf5dd356d067367f488
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-utilities.js.d1112fc4.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-a11"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cbz7yewNo0zr11Haoxjud8EyD56TLi8eT3B1wPM8uI4ttDmBLbli02bVbASXDYfqLRfEbDLIT30U%2FbslSaioEwtV0zeSHCB%2BuFZ39FgtZcjg831bEBBugnqGca3abjlr%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f0fae0b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-html-to-dom.js.ff1ae7e0.js | 172.67.141.119 | 200 OK | 364 B |
URL GET HTTP/3goagretoak.com/js/v-html-to-dom.js.ff1ae7e0.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (373), with no line terminators Hash57f543d4f79657dc92755e2f2031da65 4884f924743049d7812b58958633a40f65e159b5 0fcc39a4a2b765b1ed92a6093fe6dc70e0a886914746f5af6fda6e3d1dc7417d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-html-to-dom.js.ff1ae7e0.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-16c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aow4gOrzkdGsyvXB3A7F7WCYHQflIpH%2F%2BhRjA00%2B%2Fi4pC48%2FX37eivYKYR10hhEfaOONHBIMCKZPACwGrfQ6Tgmv8ersMDZlHkNcRakZr3dAIlA0OGwFFGd%2BXJ5KqGz3BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f10af9b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/pfe/current/micro.tag.min.js?z=6009598&sw=/sw/sw6009598.js&var=5424146&var_3=null&var_4=null&ymid={zone_id}&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 | 172.67.141.119 | 200 OK | 27 kB |
URL GET HTTP/3goagretoak.com/pfe/current/micro.tag.min.js?z=6009598&sw=/sw/sw6009598.js&var=5424146&var_3=null&var_4=null&ymid={zone_id}&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (27174), with no line terminators Hash75c26ccd65e96e912725399ff3ce66e9 d300939979d2048844dc5ac80c51ed8121126f4e c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=6009598&sw=/sw/sw6009598.js&var=5424146&var_3=null&var_4=null&ymid={zone_id}&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PqDa%2BblwTAFJjE85NqYGq4b5iFUQMRy2ORvF7ZJz66tEGM6IsZivivj5qADAcOfO63OY0vRrk6ulYK2IWQsgP3oIEL4Qa7xyoJE9%2FkjiPWlAvpZ5aYooKOXuJ2m5r2%2FjTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f0eac2b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP139.45.197.248:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:10 GMT
content-length: 0
access-control-allow-origin: https://goagretoak.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| goagretoak.com/pfe/current/stattag.js | 172.67.141.119 | 200 OK | 19 kB |
URL GET HTTP/3goagretoak.com/pfe/current/stattag.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (19053), with no line terminators Hash3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/stattag.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-4a6d"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=07w5%2F%2BXnJTMGdNJhwYzqhjHyxXxC7DR1QcCXlx%2FyYdv4JOxHE2FwF2o%2BkHOWdpqa%2FWqfPOAu64U4Jd3mtpq%2FIHGUXd5CnkD9g0AHyM2wKX4TqkQkqJn5ANa8hwuVWKXbAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f2fd5bb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/_each-land-config.3299fec3.js | 172.67.141.119 | 200 OK | 72 kB |
URL GET HTTP/3goagretoak.com/js/_each-land-config.3299fec3.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash0ba3468fb169d838d511e11b5b33eaef fb53785cd4dcc6e5cf0fcebfcafed46a3968cbe9 6de414b4180a6f11c4f5a9ba570d5e97ac8e596b1f9c1bb86872a11ecd416384
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/_each-land-config.3299fec3.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=72043
etag: W/"661f9117-1196b"
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v1fMtJydi6l95ZQalVXrQC3JrPJ9%2FkffQI7%2BLeuILlpd06juuBLPSq33oMwRuTvCgbjqJgK%2BDghSfHZRsf3gcFOD2VJWA%2B7ddbGEPFrJdps5ChjXvgOz%2FNB42OPSV%2B17pw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee688bb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-domparser.js.97173b2e.js | 172.67.141.119 | 200 OK | 1.7 kB |
URL GET HTTP/3goagretoak.com/js/v-domparser.js.97173b2e.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (1772), with no line terminators Hash46dd2964e007bc585a8f72ed695089e8 d02de9abf34cf05d707899e2562c067a8e5326bc 96d95d967e2f5ca4a1be19cf0d21f756ba2d0295ad5f4e967048054e85f6072f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-domparser.js.97173b2e.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"661f9116-6b8"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcosvB%2BRVCdAqqX8%2BuEGBti4GMANOIxYR3avQndz%2FYrjMqKlXGQhA94lwQ7GG2Z2EOZsa25gv2b1EV9IvQ7Cg6IuLlcZbBROmWKN1ldZao6w2ON5Bxjx1gYUhn3Zyt%2FpdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f10aeab4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offpichuan.com/rotate?zz=5473375;5473392;5473396;5473420;5473383;7044710&var=5424146&ymid={zone_id}&uid=r0pmy5s0e0y57fcqdq10cz2j3qacg15i | 139.45.197.237 | 200 OK | 2.6 kB |
URL GET HTTP/2offpichuan.com/rotate?zz=5473375;5473392;5473396;5473420;5473383;7044710&var=5424146&ymid={zone_id}&uid=r0pmy5s0e0y57fcqdq10cz2j3qacg15i IP139.45.197.237:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2665), with no line terminators Hashb83701b8dce7af5ace113f3ab63d3c7d 793b41969b16e2f6040370903377378aa6114365 30a962a1adef76c1a5d11ec62a9de3576560faeaf1578a5604fe32799a9a56e5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=5473375;5473392;5473396;5473420;5473383;7044710&var=5424146&ymid={zone_id}&uid=r0pmy5s0e0y57fcqdq10cz2j3qacg15i HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://goagretoak.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 07:37:11 GMT
content-type: application/javascript
x-trace-id: a0711094c96ae85e1d9529e9d6dee02a
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://goagretoak.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; expires=Sat, 26 Apr 2025 07:37:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| goagretoak.com/css/_core-survey.d3ac2ee0.css | 172.67.141.119 | 200 OK | 84 B |
URL GET HTTP/3goagretoak.com/css/_core-survey.d3ac2ee0.css IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeASCII text, with no line terminators Hash6a5389a102082103af302d75143e0dee 973aca6dfe59e2ffa6c60e28c38990c1eab24480 bbe86a1b8677d7959eb23b92c572e154a0067ad5263844e40f95d018857630fb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: text/css
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-54"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LLcwE5NFcs%2B8DjT%2FPqx16Dz%2BzsVlnLQGhoYqLLyg4gP%2BixUitcOUPllkf9X9quua%2BN%2BDokdSNqqKkVHYpA%2B6nIpsf2vhQWHg3%2F22Uy5KWl4tbJxvgF6Ep%2BTvljLxisLHZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee7890b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/v-attributes-to-props.js.a2e7cd04.js | 172.67.141.119 | 200 OK | 702 B |
URL GET HTTP/3goagretoak.com/js/v-attributes-to-props.js.a2e7cd04.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeASCII text, with very long lines (718), with no line terminators Hash4f868b7a0330d32e1450766a54886355 4b5952301185e7b02e2cdcba80f4aea3de700c47 2435c4b396d0b35fca9f618a201479cdcd64e84d43a386eec071a4082d7a781f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-attributes-to-props.js.a2e7cd04.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-2be"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2FfdZYuVksIwELxAc3X0TuUagoxT90vxz84dUQlNJI1aPVis6RcgwPT4LNI%2BEfB96z%2FeWYt92rE5YMlXRtPqZMqxZkW7dfcG%2BVUIq3FZoEmKGxT23fJuR%2FMRjALxX6J6vw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f10af3b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/SurveyContainer.e2959212.js | 172.67.141.119 | 200 OK | 57 kB |
URL GET HTTP/3goagretoak.com/js/SurveyContainer.e2959212.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (57082), with no line terminators Hash0df7a0f05192a1af311ce45d48639a89 df29dce5914578a52af5f516ccd18d289d808951 4cde10689c1ef6c2f58585483fae6d656ccfa1d16cc282dcfbe6cb89700ae2dc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/SurveyContainer.e2959212.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i; syncedCookie=true; oaidts=1714117030; ID=r0pmy5s0e0y57fcqdq10cz2j3qacg15i
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=57085
etag: W/"661f9116-defd"
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snQ%2BlVCw5n6ViswcfIu%2Bug858DPPCJ3sJjr034JeUBk8MhpZzrt3XqTHxTvaocSEFE5NoOmMDkwqoVaq3hOWDZxM3pLs74v95Ts4wrugi35MaLOval%2F0Pt%2B5dTNYwYALBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7f10b01b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| goagretoak.com/js/survey-dating.c1716d1d.js | 172.67.141.119 | 200 OK | 11 kB |
URL GET HTTP/3goagretoak.com/js/survey-dating.c1716d1d.js IP172.67.141.119:443
Requested byhttps://goagretoak.com/dating-survey.html?z=5424146&offer_id=2061&var={zone_id}&ymid=16aef1m7vtlc802a&utm_campaign={zone_id}&utm_medium=5424146&utm_content=zd_public_v2 CertificateIssuerLet's Encrypt Subjectgoagretoak.com Fingerprint6B:37:95:E7:D4:ED:D1:D2:40:28:BF:F0:C5:2A:4C:5D:56:B6:FF:89 ValidityThu, 04 Apr 2024 16:47:20 GMT - Wed, 03 Jul 2024 16:47:19 GMT
File typeJavaScript source, ASCII text, with very long lines (10666), with no line terminators Hash0a2bf957221ea5d41092566e565df70d 482729d37a7b367483c26d849cd1b444c1e7c9e8 d24aaafbcf78cfb0a5dc7774000ba3a0af0b18f8e272e08866564bb4acd31c3c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/survey-dating.c1716d1d.js HTTP/1.1
Host: goagretoak.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:37:10 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
etag: W/"661f9118-29aa"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBfDIOkWWqpkmrPALsB0Wv09bv0xhDoecwRt%2FMBsQw1ldwxHOYrTQSeLWM0agxe6bGMR%2BnhoVad75Xs2EIIg9BsowtOV93qD9LtfVEAdgq7GsiNJSvWuCxUNW%2FeB5qkEmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e7ee788eb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|