| mureinsunmeth.top/f/ySQ8*Ziuz8C1lz5t6UlssB*CrXUbJK1tr5jikwstgnnEXjS9LC2Sdmnc8_kU0hT_rSlTY2tRuVibCrE1xkQsmm3PzTLLbfrMGYerXPgEy3SYUqoH9laIZKz1C6iqUG5c3EkyfMMkUAGnO53p6MSHaHfZiQ_qLcTc*mpM_2U3F7p3dwlLW550Cjpo3p_e7BkiPlHaPRP3VpueUsLYx_VANQ |  23.83.67.164 | | 416 B |
URL mureinsunmeth.top/f/ySQ8*Ziuz8C1lz5t6UlssB*CrXUbJK1tr5jikwstgnnEXjS9LC2Sdmnc8_kU0hT_rSlTY2tRuVibCrE1xkQsmm3PzTLLbfrMGYerXPgEy3SYUqoH9laIZKz1C6iqUG5c3EkyfMMkUAGnO53p6MSHaHfZiQ_qLcTc*mpM_2U3F7p3dwlLW550Cjpo3p_e7BkiPlHaPRP3VpueUsLYx_VANQ IP23.83.67.164:0
File typeHTML document, ASCII text Hash53a26ad52721e7cfc7b4d0757ab444e8 0a66adbbb8e645723a6e19a71861701094fda5aa 490daecb685110d5830b63541b3b673c9a16bd9227c9c95347ff0f7b96d5be2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /f/ySQ8*Ziuz8C1lz5t6UlssB*CrXUbJK1tr5jikwstgnnEXjS9LC2Sdmnc8_kU0hT_rSlTY2tRuVibCrE1xkQsmm3PzTLLbfrMGYerXPgEy3SYUqoH9laIZKz1C6iqUG5c3EkyfMMkUAGnO53p6MSHaHfZiQ_qLcTc*mpM_2U3F7p3dwlLW550Cjpo3p_e7BkiPlHaPRP3VpueUsLYx_VANQ HTTP/1.1
Host: mureinsunmeth.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Jun 2024 21:11:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 02-Jun-2024 21:11:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyEsKwjAURuHciwTEIvzYBXQFoa110KmdtwNXUKpIIOSGJPWxe%2BvgDL6jlOKyANuAom9MX5uuNc2lAz3B4wRePPQo8T1%2FQRFcn8HR4zAlJ9Ugq8%2FbX7D7G2RxvDr7qW7i1mzFJ%2FDWfpAYJM75AQqawFk0g9O9VKCXPv0ActkemA%3D%3D; expires=Sun, 02-Jun-2024 21:11:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| eg2.musalsalatflah.com/watch.php?vid=cb6e328fd |  104.21.35.148 | | 167 B |
URL eg2.musalsalatflah.com/watch.php?vid=cb6e328fd IP104.21.35.148:0
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
GET /watch.php?vid=cb6e328fd HTTP/1.1
Host: eg2.musalsalatflah.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 01 Jun 2024 21:11:22 GMT
content-type: text/html
content-length: 167
location: https://ak.glersooy.net/4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207
cache-control: max-age=3600
expires: Sat, 01 Jun 2024 22:11:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cwpnA5bs4nA7HqR%2FgBRbqNooxtF0rO%2F7BXEVVfI%2B0beBCOXK%2BxankXB14SLXCnZ1HgZLzbDfifQqAN5oLl3jRbRBjqAMAbBxhQ32C7RwyZeolEvZwoKjrGCzKKRu%2BzM1TVPT7jlxSJhK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88d2321dc809b4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| mureinsunmeth.top/favicon.ico | 23.83.67.164 | | 1.4 kB |
URL mureinsunmeth.top/favicon.ico IP23.83.67.164:0
File typeMS Windows icon resource - 1 icon, 16x16 Hash011201ab56695ce86ea2f190bce2670b bb8fad6accf293e619360935047c23f00da3c769 a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: mureinsunmeth.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; GL_GI10=eJwVyEsKwjAURuHciwTEIvzYBXQFoa110KmdtwNXUKpIIOSGJPWxe%2BvgDL6jlOKyANuAom9MX5uuNc2lAz3B4wRePPQo8T1%2FQRFcn8HR4zAlJ9Ugq8%2FbX7D7G2RxvDr7qW7i1mzFJ%2FDWfpAYJM75AQqawFk0g9O9VKCXPv0ActkemA%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Jun 2024 21:11:22 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Fri, 31 May 2024 11:50:53 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6659b99d-57e"
Expires: Sun, 02 Jun 2024 21:11:22 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
|
|
| ak.glersooy.net/4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207 |  23.36.76.219 | | 14 kB |
URL ak.glersooy.net/4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207 IP23.36.76.219:0 ASN#20940 Akamai International B.V.
File typeHTML document, ASCII text, with very long lines (18639) Hash725bf4b40b171fc782525c8df994d4eb 69b6991c61dc7a9c09c9e333d0228efcaf85fe95 9aab762e4cda026ae5555955a5324db39f6a854fd55c6eea1d145c1995382e17
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207 HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 9a4db4f3ea6042242e4983840ca23e54
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
expires: Sat, 01 Jun 2024 21:11:22 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:22 GMT
content-length: 13609
vary: Accept-Encoding
set-cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; expires=Sun, 01 Jun 2025 21:11:22 GMT; path=/; secure; SameSite=None
oaidts=1717276282; expires=Sun, 01 Jun 2025 21:11:22 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2
|
|
| ak.glersooy.net/sftouch?userId=00806ecb30c04a5ce29b060cfc1147d5&z=6592928&p_rid=37a65755-a961-49fe-9599-20ffbc9e172d&p_src=sf&branchId=0&rb=x-SRroS1cKlXuiN1HudlcY1QTYmOmP97QxBg73WJpZmQb14KPHz4huuuapVA0Z9H14CRQ7EwGQMK1IbS_OmneC8t1D1ttPUgOfnHeQeDIsfzmx2GKOuf4AnA4_cSPRhZw549GCrOGhazGnXfWnKqgVZ1_tEhjaZG5bFEWZGzpuNlXDh_767f36Kj5e_ZLqf_govLISE-wRqr5Cexz0KODcp_NUljaoHSfmgzHqgyv7p3EbkB5WGtSw== | 23.36.76.219 | | 2 B |
URL ak.glersooy.net/sftouch?userId=00806ecb30c04a5ce29b060cfc1147d5&z=6592928&p_rid=37a65755-a961-49fe-9599-20ffbc9e172d&p_src=sf&branchId=0&rb=x-SRroS1cKlXuiN1HudlcY1QTYmOmP97QxBg73WJpZmQb14KPHz4huuuapVA0Z9H14CRQ7EwGQMK1IbS_OmneC8t1D1ttPUgOfnHeQeDIsfzmx2GKOuf4AnA4_cSPRhZw549GCrOGhazGnXfWnKqgVZ1_tEhjaZG5bFEWZGzpuNlXDh_767f36Kj5e_ZLqf_govLISE-wRqr5Cexz0KODcp_NUljaoHSfmgzHqgyv7p3EbkB5WGtSw== IP23.36.76.219:0 ASN#20940 Akamai International B.V.
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /sftouch?userId=00806ecb30c04a5ce29b060cfc1147d5&z=6592928&p_rid=37a65755-a961-49fe-9599-20ffbc9e172d&p_src=sf&branchId=0&rb=x-SRroS1cKlXuiN1HudlcY1QTYmOmP97QxBg73WJpZmQb14KPHz4huuuapVA0Z9H14CRQ7EwGQMK1IbS_OmneC8t1D1ttPUgOfnHeQeDIsfzmx2GKOuf4AnA4_cSPRhZw549GCrOGhazGnXfWnKqgVZ1_tEhjaZG5bFEWZGzpuNlXDh_767f36Kj5e_ZLqf_govLISE-wRqr5Cexz0KODcp_NUljaoHSfmgzHqgyv7p3EbkB5WGtSw== HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ak.glersooy.net
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; oaidts=1717276282
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2
x-trace-id: 16de31f90fcc384908285644d0e2f743
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ak.glersooy.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sat, 01 Jun 2024 21:11:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:23 GMT
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/img.gif?f=merge&userId=00806ecb30c04a5ce29b060cfc1147d5&z=6592928&p_rid=37a65755-a961-49fe-9599-20ffbc9e172d&p_src=sf |  139.45.195.8 | | 43 B |
URL my.rtmark.net/img.gif?f=merge&userId=00806ecb30c04a5ce29b060cfc1147d5&z=6592928&p_rid=37a65755-a961-49fe-9599-20ffbc9e172d&p_src=sf IP139.45.195.8:0
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=00806ecb30c04a5ce29b060cfc1147d5&z=6592928&p_rid=37a65755-a961-49fe-9599-20ffbc9e172d&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00806ecb30c04a5ce29b060cfc1147d5; expires=Sun, 01 Jun 2025 21:11:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ak.glersooy.net/favicon.ico | 23.36.76.219 | | 0 B |
URL ak.glersooy.net/favicon.ico IP23.36.76.219:0 ASN#20940 Akamai International B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; oaidts=1717276282
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
expires: Sat, 01 Jun 2024 21:11:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:23 GMT
X-Firefox-Spdy: h2
|
|
| ak.glersooy.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=37a65755-a961-49fe-9599-20ffbc9e172d | 23.36.76.219 | | 12 B |
URL ak.glersooy.net/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=37a65755-a961-49fe-9599-20ffbc9e172d IP23.36.76.219:0 ASN#20940 Akamai International B.V.
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=37a65755-a961-49fe-9599-20ffbc9e172d HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1624
Origin: https://ak.glersooy.net
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; oaidts=1717276282
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 12
access-control-allow-origin: https://ak.glersooy.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
expires: Sat, 01 Jun 2024 21:11:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:23 GMT
X-Firefox-Spdy: h2
|
|
| ak.glersooy.net/4/6799394?var=6592928&art=245&aofs=2&af=1 | 23.36.76.219 | | 14 kB |
URL ak.glersooy.net/4/6799394?var=6592928&art=245&aofs=2&af=1 IP23.36.76.219:0 ASN#20940 Akamai International B.V.
File typeHTML document, ASCII text, with very long lines (18639) Hash7845da99f8881d64bb8701015b800ec8 33fa11bb71f4b7149da8e4f972753bf6e8352e3b 60cdb1200ae96f531fff09a8a20da8cb2ae60670ce08ca14e1b871c317440193
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /4/6799394?var=6592928&art=245&aofs=2&af=1 HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/4/6592928?&utm_source=qv.shahidmosalsalat.me&utm_medium=ORGANIC&utm_campaign=ORGANIC&utm_term=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20%D8%B9%D8%B1%D9%88%D8%B3%20%D8%A8%D9%8A%D8%B1%D9%88%D8%AA%203%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%207
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; oaidts=1717276282
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: fd195591952441623b7d28b82793abf2
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
expires: Sat, 01 Jun 2024 21:11:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:23 GMT
content-length: 13930
vary: Accept-Encoding
set-cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; expires=Sun, 01 Jun 2025 21:11:23 GMT; path=/; secure; SameSite=None
oaidts=1717276282; expires=Sun, 01 Jun 2025 21:11:23 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| ak.glersooy.net/sftouch?userId=00806ecb30c04a5ce29b060cfc1147d5&z=6799394&p_rid=27d4784a-df03-4e62-9159-cba0e77d3052&p_src=sf&branchId=0&rb=ObWbVCI2GGRoel3lnLNRXEncrFplluMCVYhgX_1HAWpT3opPrO5mne_0Z_MVTHHauwLs6SiAJcYjJiBD9aVbBd5yRSerDTz3myfvZv1QBnq2gmvoky_CR0DLQRfWkGhTfJZDXhnAhsa2H7HXn-U23UhlSPCkPXSqNjE9miR0uPFO3oyO_KAvl0CHYCzPHrb_lK2t2QDb6gKiQ2eyTYXv749aj68RifZ85EiIqnkMSE3ybgoph3ic31SGeoAz3_oubUi1N3NUHsayMq6xRWh68eZGzT3_I29ggu9yxaDJJ_izsdQQZ3YmDekll2AuJzfCr7KPcaaAFG4Sfwq_08U0_bnls6MpaBSaa-MQEGuNpJMdPSUpgzU50vfWUeZ1xs1txSjU2LiSb45yph9pO7X4HtusrTNtmQOdInUxpPWI1QJnFn-l9jMepWjZPtWJT77wyLmL-GEe-j-9sY0gBY4W8UscZSTmMQ7Azth8ZYs2dtq6ulVGNBQdOPy_N_R7Ham19RZiQ5GBLiImSERrwKXEK6o2T96zl7eo2vsq5fYIsiGgZG4R2Oodk1nB4X0T-erpJ-jKY8Is55k= | 23.36.76.219 | | 2 B |
URL ak.glersooy.net/sftouch?userId=00806ecb30c04a5ce29b060cfc1147d5&z=6799394&p_rid=27d4784a-df03-4e62-9159-cba0e77d3052&p_src=sf&branchId=0&rb=ObWbVCI2GGRoel3lnLNRXEncrFplluMCVYhgX_1HAWpT3opPrO5mne_0Z_MVTHHauwLs6SiAJcYjJiBD9aVbBd5yRSerDTz3myfvZv1QBnq2gmvoky_CR0DLQRfWkGhTfJZDXhnAhsa2H7HXn-U23UhlSPCkPXSqNjE9miR0uPFO3oyO_KAvl0CHYCzPHrb_lK2t2QDb6gKiQ2eyTYXv749aj68RifZ85EiIqnkMSE3ybgoph3ic31SGeoAz3_oubUi1N3NUHsayMq6xRWh68eZGzT3_I29ggu9yxaDJJ_izsdQQZ3YmDekll2AuJzfCr7KPcaaAFG4Sfwq_08U0_bnls6MpaBSaa-MQEGuNpJMdPSUpgzU50vfWUeZ1xs1txSjU2LiSb45yph9pO7X4HtusrTNtmQOdInUxpPWI1QJnFn-l9jMepWjZPtWJT77wyLmL-GEe-j-9sY0gBY4W8UscZSTmMQ7Azth8ZYs2dtq6ulVGNBQdOPy_N_R7Ham19RZiQ5GBLiImSERrwKXEK6o2T96zl7eo2vsq5fYIsiGgZG4R2Oodk1nB4X0T-erpJ-jKY8Is55k= IP23.36.76.219:0 ASN#20940 Akamai International B.V.
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /sftouch?userId=00806ecb30c04a5ce29b060cfc1147d5&z=6799394&p_rid=27d4784a-df03-4e62-9159-cba0e77d3052&p_src=sf&branchId=0&rb=ObWbVCI2GGRoel3lnLNRXEncrFplluMCVYhgX_1HAWpT3opPrO5mne_0Z_MVTHHauwLs6SiAJcYjJiBD9aVbBd5yRSerDTz3myfvZv1QBnq2gmvoky_CR0DLQRfWkGhTfJZDXhnAhsa2H7HXn-U23UhlSPCkPXSqNjE9miR0uPFO3oyO_KAvl0CHYCzPHrb_lK2t2QDb6gKiQ2eyTYXv749aj68RifZ85EiIqnkMSE3ybgoph3ic31SGeoAz3_oubUi1N3NUHsayMq6xRWh68eZGzT3_I29ggu9yxaDJJ_izsdQQZ3YmDekll2AuJzfCr7KPcaaAFG4Sfwq_08U0_bnls6MpaBSaa-MQEGuNpJMdPSUpgzU50vfWUeZ1xs1txSjU2LiSb45yph9pO7X4HtusrTNtmQOdInUxpPWI1QJnFn-l9jMepWjZPtWJT77wyLmL-GEe-j-9sY0gBY4W8UscZSTmMQ7Azth8ZYs2dtq6ulVGNBQdOPy_N_R7Ham19RZiQ5GBLiImSERrwKXEK6o2T96zl7eo2vsq5fYIsiGgZG4R2Oodk1nB4X0T-erpJ-jKY8Is55k= HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ak.glersooy.net
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/4/6799394?var=6592928&art=245&aofs=2&af=1
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; oaidts=1717276282
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2
x-trace-id: 462f3b9a6b1dd00576579fe6b97279ff
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ak.glersooy.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sat, 01 Jun 2024 21:11:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:23 GMT
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/img.gif?f=merge&userId=00806ecb30c04a5ce29b060cfc1147d5&z=6799394&p_rid=27d4784a-df03-4e62-9159-cba0e77d3052&p_src=sf | 139.45.195.8 | | 43 B |
URL my.rtmark.net/img.gif?f=merge&userId=00806ecb30c04a5ce29b060cfc1147d5&z=6799394&p_rid=27d4784a-df03-4e62-9159-cba0e77d3052&p_src=sf IP139.45.195.8:0
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=00806ecb30c04a5ce29b060cfc1147d5&z=6799394&p_rid=27d4784a-df03-4e62-9159-cba0e77d3052&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/
Cookie: ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00806ecb30c04a5ce29b060cfc1147d5; expires=Sun, 01 Jun 2025 21:11:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ak.glersooy.net/favicon.ico | 23.36.76.219 | | 0 B |
URL ak.glersooy.net/favicon.ico IP23.36.76.219:0 ASN#20940 Akamai International B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/4/6799394?var=6592928&art=245&aofs=2&af=1
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; oaidts=1717276282
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
expires: Sat, 01 Jun 2024 21:11:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:23 GMT
X-Firefox-Spdy: h2
|
|
| ak.glersooy.net/?z=6799394&syncedCookie=true&rhd=false | 23.36.76.219 | 302 Found | 0 B |
URL User Request POST HTTP/2ak.glersooy.net/?z=6799394&syncedCookie=true&rhd=false IP23.36.76.219:443 ASN#20940 Akamai International B.V.
CertificateIssuerLet's Encrypt Subjectak.hetaruwg.com FingerprintEB:02:E8:72:04:03:16:11:50:AA:E8:58:B1:AD:39:7D:DF:D8:B1:02 ValidityWed, 15 May 2024 14:21:15 GMT - Tue, 13 Aug 2024 14:21:14 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /?z=6799394&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.glersooy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1296
Origin: https://ak.glersooy.net
DNT: 1
Connection: keep-alive
Referer: https://ak.glersooy.net/afu.php?zoneid=6799394&var=6799394&rid=ksX-wKK1z8yLZCaWKyzJyw%3D%3D&rhd=false&ab2r=0&sf=1
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; oaidts=1717276282
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: 348f4703fb25b3df66886a98324a52bc
link: <https://adxproofcheck.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://ak.glersooy.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sat, 01 Jun 2024 21:11:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 01 Jun 2024 21:11:23 GMT
set-cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; expires=Sun, 01 Jun 2025 21:11:23 GMT; path=/; secure; SameSite=None
oaidts=1717276282; expires=Sun, 01 Jun 2025 21:11:23 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 08 Jun 2024 21:11:23 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| adxproofcheck.com/js/s-checkLocalStorageAvailable.ts.7aa07c94.js | 188.114.97.1 | 200 OK | 269 B |
URL GET HTTP/3adxproofcheck.com/js/s-checkLocalStorageAvailable.ts.7aa07c94.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (330), with no line terminators Hash8de57a00642917ebb61c8ef182b9f4dd d5e1933e51027b5d937af4ef7118dd8670ec5fcf 7cacd74152cc4f7265653c07d3294405ff9bf1927a5d8cfa79b2ac8b1f8c73b3
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkLocalStorageAvailable.ts.7aa07c94.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-14a"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h9GodzsmYwcO6VKF9bLv4kRYQlrSTUcP6HOQCrZKI909PRshihChdMoPF8%2FsLA2Ev%2FAWXJbYmJMTO5%2BGoFbtIho2G9cty%2FSqsSd0QZe1y2LBQhUdc5oTcXgOxmT%2ByRabWo2I0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232268b2c5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/sweep/tokens10k.png | 188.114.97.1 | 200 OK | 82 kB |
URL GET HTTP/3adxproofcheck.com/img/sweep/tokens10k.png IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typePNG image data, 480 x 500, 8-bit colormap, non-interlaced Hash10337a4976db716ba3b8cad1f0f1f736 788015c74e561249cc5318fc178e564b68bce44d fef211dba7465da86e75019f78dcdf59af496394963b0bc6cc78b02286effe58
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/sweep/tokens10k.png HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/png
content-length: 82163
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-140f3"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAo807%2FWJ0%2Fgf3fqPpWZW2Q8xmzHR4%2Bt2xxPHB6hvXQpmERiAddtV9%2B6z6lRvW1nYgjZrD3gQKSsoWKxhrcWIzJ%2Ft2jVSfIv1FgZAUUdJx7I0If9Inbx43twfKpGHJzbmOusYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232291e4e5687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-redux-toolkit.esm.js.65f374d5.js | 188.114.97.1 | 200 OK | 4.8 kB |
URL GET HTTP/3adxproofcheck.com/js/v-redux-toolkit.esm.js.65f374d5.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash45f75750508ed74161fd5d1dd4812029 3d80ba5c54e603c31a53a7203e1411f424f0c03a 2ec14c8fbbc32a975328b8f108ebb8c8e5fdebb898356bb57a943fdb2fe24341
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-redux-toolkit.esm.js.65f374d5.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-2c37"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DiN9JDls3Z1htyB6MxYAdlLDxjnfVAHxbCNMPeT%2Ftj3NORnMrZmRytig2ZClGceAOFUp5vOt2%2Bi5YdmuFNWPF%2BLBnWr4z8jVCrSlf0ymsSA%2FOMYvAAr6RNTdrCrMRoy7MkTaXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232268b335687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO | 188.114.97.1 | 200 OK | 3.2 kB |
URL User Request GET HTTP/2adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeHTML document, ASCII text, with very long lines (7989), with no line terminators Hashe41dff2f4d9c2ae7bf3a59cf8b1ed81d d1b6189a98e19eaaf0cf8e7800302c9256cbb532 8ea2d761a4c59b7205b9568d9b03877910a5fe747289cfe5a56994b761b5ad83
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: text/html
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ckh1eyuX0Of3AznQ3tkBYD7JMn3nqtysgsH9PUhI9NgLz1zmgnuO1%2Fn%2FPReWXhtJcC5sg6Lt0HUFHY72xCr%2BDCsNqWmIjrA28zBzJAn6Gd2VA0S9yacNi%2FsWWkuCaVPFDiWidQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23224fe5db512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| adxproofcheck.com/img/comments/person-sweep-1.webp | 188.114.97.1 | 200 OK | 862 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-1.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x52, Scaling: [none]x[none], YUV color, decoders should clamp Hash384118eb5e49870ad443d90051c692cb 35a73704dcf55b3232f2e9cfc333ff2ecfdcc19f 1ae21006f04f15e16a8057644615cdf8a8a9b39db706f53ba9a925327a6a1635
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-1.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 862
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-35e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=86FxGAzZvfHzeWyfgZJm7ilGYOJwaxghHoPAD%2FFFL5x0AoIibVK8d42G6vrTZqAYJ3Y74EVIFZS69xM2UwEz6ryTKr70zL4XUL0mv7RkyzlBMed3SsQlKXETZXo0xFaQT3k3Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229af175687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-2.webp | 188.114.97.1 | 200 OK | 538 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-2.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashe4d97f0d392aca4fa78b0928438d0168 55f713d8826a9a65e11fddf4c5fa4ea5939953b2 7058be64334990621fbc8cc06782aac5116c6e8a6d7700d892cb8b36f06c5866
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-2.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 538
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-21a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q6XNr5drmcavBGFlrGPz1IvAk3SEuZTXGvdx2FnQmb1rb%2FqVsw5E1SbenCDgEGiErSqwbnNLqbgx%2Bqn2ltmYbI%2BUbKRaSNeIYBmc8uGm1VZlVOfmXTKmlv%2F%2BqY2rYUhUDD3wFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229bf295687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-3.webp | 188.114.97.1 | 200 OK | 582 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-3.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash8347ebfbfa18beba17d356a3dbacb100 f1d66a05e07953cea27fe277e72a495a8e3de2e7 318e494a7bcf7cb28173e54feebeb44ba93b4c17a423c7036d2fcac40e4db6cd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-3.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 582
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-246"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=otTRGWkd1fSfgG0m9Wv4HzlaDO2fyMb%2BpIXg59IgFx8%2Fm93xxGtIlmkaDg%2FSInjcrJ9CxRFJd5Nr2bfTCE7zx%2BYA3HAXvT0AkLJ8qj%2F87ITsQY5994neFZwL5Kpw1xDRe5OaMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229bf2c5687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-4.webp | 188.114.97.1 | 200 OK | 800 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-4.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashb1c95558f71bd6614c52433c225b6a28 7c903c12b48199ac1e1b3c8846baf12693b97a28 8e5987af9fd886b03617f6e4980035a877697b9ccdeb9f002c41baa1d6ee8912
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-4.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 800
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-320"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fa7SP8AyY8qrktG19lJXKCcJFJX4NZR%2FkWYDW7p%2BDUZYBokz27yxoWMznGTZlQOFinOPO0u%2B%2BKX1rCRlu%2FJvwq3I0ahsglL3UgyYY9FxFjSs0qRQSQw9DkeOT1W%2FJ9I9wpiJNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229bf2f5687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/sweeps-survey.5c58cdcb.js | 188.114.97.1 | 200 OK | 6.1 kB |
URL GET HTTP/3adxproofcheck.com/js/sweeps-survey.5c58cdcb.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (5840), with no line terminators Hash50e99d81c3c1871eb6f0d5ad6f6feb20 7e4edaad10ca1fa0e44709b8e9e6d21a6e06e23c 14000f4a95d6418928f18c1f0761c300304e75482254175c7ccbe1ffb7844547
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/sweeps-survey.5c58cdcb.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-16d0"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1181
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gi8ANuHCNRhIdadcvk7ivV%2FXFEy%2FyMTSoHvzc%2Bm5mAFhk7X4z6TW%2Fm3McX3RCVMus3lQpB96XpS5m2CU1z%2BGgI0qjHNRKYp9n4EoR%2FS5E5WUDZySTGLi4skSh1q%2BdB%2ByrCAmmg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232269b4e5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-5.webp | 188.114.97.1 | 200 OK | 588 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-5.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash25e1107a0e365082ccd6093e0073f05c 7b0d3c741f2bbabbcac99f29bee8cf2f9eaa1841 935ec86b128c0bb7bfafc5915a46c0c3709c47b90509e26e4c994d8ef5587cf2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-5.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 588
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-24c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=58gCLAr%2FUKe%2ByYvvUMaBpCjKxGYPoDT1JnSGTFBcZjlTHh1Ft%2BoYbF9GZdkCSaIETbzXpWoHXgC1%2B%2Baze6Aa73Jy9GFKTAFN%2BqvsucLGSoxObNx7cLVAfD429I5%2B2C7HC0IW2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229bf3f5687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/config/sd/sd-99275599-en.js?v=10 | 188.114.97.1 | 200 OK | 2.3 kB |
URL GET HTTP/3adxproofcheck.com/js/config/sd/sd-99275599-en.js?v=10 IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (5160), with no line terminators Hash63e0501690e404a4c6edbf6548fde80a 6688eb6af3076c4e81223ce2ffa50b721ea582d8 826e072176a81be95b1fcf9776c3eaeec0df9d61785b5015a9a0c2f87f3ff8ec
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/config/sd/sd-99275599-en.js?v=10 HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-1428"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5265
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTYLSmVbgunX9uQpO%2Fpu73DLbHy9GKg6GQuFr8nvFE1Mze6oPoIe5eeKMeNPdSE%2FY9sB1it2p9PL2SDigShoM0URZj%2F1hckgv19dGlgFfbNl1yX4IOGwJy33sDdwTaMH2oswjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232279c805687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-6.webp | 188.114.97.1 | 200 OK | 462 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-6.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashdfb961fdb848e75591268fde9c186902 2218e96a5c5081f5bef43fda74fd8f0cbb025003 4cf92de9b24fb1484bc1d97880c20589e113b9b1f065df1963e0648f3a38474d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-6.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 462
last-modified: Thu, 30 May 2024 10:57:40 GMT
vary: Accept-Encoding
etag: "66585ba4-1ce"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5Hefz5lVI%2BrYrpzGSfqO3cM5wAjTbWCiyrkw6FKQBOswfVAcjYl%2BaMukVpQOWRYjkn8SRBycnfB13%2Fa3CwzXbdepbHlycES%2BdX49R1ueZ1t%2FmKbNr1QmH8NE16sJd4uR3hvYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229bf405687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-constants.js.e058ee35.js | 188.114.97.1 | 200 OK | 373 B |
URL GET HTTP/3adxproofcheck.com/js/v-constants.js.e058ee35.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeASCII text, with very long lines (600), with no line terminators Hashfb3e192e2f0edf8facef0b39f205c237 781de3316d2109760cc176c98e3b0ce0b5325b3e 09eda5386f1afc5171198e19e1d4f304955a3b4cb786c143c029805e9b86019e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-constants.js.e058ee35.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-258"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C1NWWX0S374sD7KMqkLub4ywC8aNkR2wgRYoH3w53oQcNJywABoX5mXd1DjpO6siUV4q73JMJerRePjc4Yj52pwhVzdMg%2Fbvywipv224EVcG7CF6xx%2BMBhEqH4LL9SixvM0Owg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232289d9a5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-10.webp | 188.114.97.1 | 200 OK | 572 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-10.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash206819c13484a7a818f1e4499be3704e ada2f34308d6eaa0d004ed0c732e5a3aa7fda1db f4eed862cbcf8f9ce2bde63cf3e13e73ed3e58ac93ec4bb14301b248c4d58e1f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-10.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 572
last-modified: Thu, 30 May 2024 10:57:40 GMT
vary: Accept-Encoding
etag: "66585ba4-23c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AFKFE4gXjo47cJZuJ%2FXJjHHslAzAwbA4%2BUc8E9bY9Hj%2BLgthYa1mWTlkTD5Oe49W03SZMEdWOT9yw6aa0cVGh3kAizJJBd9exZTItLYtla0ubY3QGj4dvJmCx38r1djEtxr%2Fjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229ff885687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-html-to-dom.js.41c62096.js | 188.114.97.1 | 200 OK | 928 B |
URL GET HTTP/3adxproofcheck.com/js/v-html-to-dom.js.41c62096.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (364), with no line terminators Hash790982f83e9bf26232429fdc916eb13c 8d1989f828d088f2acb20bd68aff9020f8d79fec 1cc41ce6a200895f2d508d8fdfbd4162a3c99c32616aedb6cf3a608b2aec1a3d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-html-to-dom.js.41c62096.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-16c"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tUU3uuoX8v3xVMPOiAyLHjiX%2Buk8xwKbypnursizW21sAkNC8IZuGa9ZyWLrZHG5rEG%2BA%2BWtVaNDi59NqkG7u12s2q38QYv8ZRqE97%2B83sjkI7QK1T1ePo6MYpBNjEPUW%2BLfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232288d965687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-9.webp | 188.114.97.1 | 200 OK | 818 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-9.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hasha61b1f29004e5a54130bc57051a49c0d 7f60eef07e311b3598895343111d90282a002ea0 b3de11ad2ace70aa9786af4a9e65db774466fe25aca16e16dabdfa7ec76b0a53
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-9.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 818
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-332"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bTzj1OkgXpRNcqi4G5Y0JlIQMuNsGbpeTUOCrAf56Lw4gZ8D3N3byoZd%2FwVNbluAtcjEGRueNKB3sRXjiq1E0E%2B0MdyfhG0wxJ68HGOVbTZQlEopK1IOU3SMIae8Hpquz9R9iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229ff875687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/_each-land-config.027f9fe4.js | 188.114.97.1 | 200 OK | 30 kB |
URL GET HTTP/3adxproofcheck.com/js/_each-land-config.027f9fe4.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashd2599524dcb05ff07fbc9d31da6d8fba 5bca3cf1aa25f5afdcb699e5b393aebb6754555d cabe7e16447c1ee54b51be4933b3982e3ade190aed64fcdea4916d4034613c91
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/_each-land-config.027f9fe4.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=72178
etag: W/"66585ba4-119f2"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v6eI8a8fPCBQts7gYSih0YEYZLpBQNkyKV9p7a5nKSwvkmknzDGVmNCJg%2BwxUSr4HvaexVCfwdvI2DZsRRYWJF0fnEuksd4CJiK32cOc0c51C96u2XQVPTuZp0YwgTKVXSAUcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232268b395687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 175 B |
IP139.45.197.248:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hasha7fbccd9aed97a405c912f014e54e33d d1f5a4e6a184f566d272fb282c7719dac8da4d38 27abda38a3b61986ba145f4fc9a02407cc4649fb26b3cec1a4bda41b7cba21c3
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 153
Origin: https://adxproofcheck.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/json; charset=utf-8
content-length: 175
x-trace-id: 3b77a4f66915fc381ad959e59b2d8c2b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://adxproofcheck.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| adxproofcheck.com/css/sweeps-survey.f5ae42b0.css | 188.114.97.1 | 200 OK | 35 kB |
URL GET HTTP/3adxproofcheck.com/css/sweeps-survey.f5ae42b0.css IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash895c99e8dc2cac2fe41b6e4623314c0e aa530776c5425e3f15a8ad66ee1bc43840172ac6 bb88f272fbb80a919f86655f6cffff6d8419f09b60e279c9727d904f16d73d9c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/sweeps-survey.f5ae42b0.css HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=93694
etag: W/"66585ba3-16dfe"
last-modified: Thu, 30 May 2024 10:57:39 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1889
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CTlFmBRPv4yKimlzkifwui7i5Ub0GYNzXWEn6%2FD6Ea9SBe%2Fawh92XdV6rRhisP5nuInYOKIpqRLZiCLTZKc5trrjiS1FNTvuuwrxLuVQV%2FfbQ65F0swY4RQxtssyyEppQ6QHOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23226ab5c5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/css/SweepHeader.8e7220ee.css | 188.114.97.1 | 200 OK | 824 B |
URL GET HTTP/3adxproofcheck.com/css/SweepHeader.8e7220ee.css IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeASCII text, with very long lines (369), with no line terminators Hashb3e63dbf70b8e4ad7c5ec23726112e15 e083def5d026fb5bc171c3043f714fd5d859f82b be1433fba47a27551a04629ff55f1a1d944922016569342433d79f0200d8959d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/SweepHeader.8e7220ee.css HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=370
etag: W/"66585ba4-172"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1087
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGROEbM4AUvbS8RwZMXbICTKHhzKeEqA9wMx%2F%2BLbkJ%2FBWp3V5AZhkSDwWFIrjjOZ9VGcoj5hTbm2xSdRsDxEmWPmkDFt0AsbRAm%2BfY3bOfceh88KwKJ7PACvqISnAcEai9cbow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232285d515687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://adxproofcheck.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Jun 2024 21:11:24 GMT
content-length: 0
access-control-allow-origin: https://adxproofcheck.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL OPTIONS HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 2636
Origin: https://adxproofcheck.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: fa83025b0bf093a3c1ef959d4e9a9d99
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://adxproofcheck.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| adxproofcheck.com/js/v-index.js.564ab778.js | 188.114.97.1 | 200 OK | 17 kB |
URL GET HTTP/3adxproofcheck.com/js/v-index.js.564ab778.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (40985), with no line terminators Hash5cf0322d59efc32b2eda19d4d0b513cd 38e7b80ba73d43e8bfbc30e023742f2f7eacf6bc ddf75b45ffbde28d182158133d69876a0565f3aed6735f2bd608f09fe7623d6e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.js.564ab778.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40988
etag: W/"66585ba4-a01c"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1878
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aSsfzTQpkAF5I12kxBL18fUWrI0JTag8JZYs1a0d2e9AKX4GaQ1FHMBjFytIUnVc7xovNoUeeGn2lqmLAtnz8DkNZ%2F%2Buv0fdB237wi2ADkOA1HWKy3G5t%2BHxqTYdDO1daQUWQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232266b145687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 | 139.45.195.8 | | 43 B |
URL my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 IP139.45.195.8:0
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Jun 2024 21:11:46 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00806ecb30c04a5ce29b060cfc1147d5; expires=Sun, 01 Jun 2025 21:11:46 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| adxproofcheck.com/css/_core-survey.d3ac2ee0.css | 188.114.97.1 | 200 OK | 83 B |
URL GET HTTP/3adxproofcheck.com/css/_core-survey.d3ac2ee0.css IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeASCII text, with no line terminators Hash30d726a40ffe74d794b282ca1795b44c b43155653a1b9cc8d257687df9a75e0f204db348 4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"66585ba3-54"
last-modified: Thu, 30 May 2024 10:57:39 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1889
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRR1%2BJ8Jmu6h40iv8hvHbkTVud05hC3TmrTQ02uwmNr7e6LhWP1DQKVjS2vT4VC8Ydg2VC%2BztVMYGIXUNlZCAku69shyfV7h89JBZ7FxHJfQfGOVJSNiT%2B6KT8A9j1ZN41DsBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23226ab5b5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-attributes-to-props.js.17ecd6c4.js | 188.114.97.1 | 200 OK | 702 B |
URL GET HTTP/3adxproofcheck.com/js/v-attributes-to-props.js.17ecd6c4.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeASCII text, with very long lines (718), with no line terminators Hash384f76195da18b5bc3b071a7ac7ee859 012670fe9418ceeeebbaf5e35d96da504aa32908 61c4a7ee1648073de4b23395a3b243e670f3468fd3d8fea5b77bbf8f39273fcd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-attributes-to-props.js.17ecd6c4.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-2be"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AgW99mYJ7%2F0l0Y9FQowWbtDG5D%2B5XhwFSmeUcwavfyAwnSXjmqvskdmm6kYjdQd3SnT5B19a5ONI3pQV8BgYpnOcC4OAX0SCPGql7h41%2FtGG%2FDGdiNQV9JDXmUsLC7RFoxYB6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232287d745687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-utilities.js.c297ac1f.js | 188.114.97.1 | 200 OK | 2.6 kB |
URL GET HTTP/3adxproofcheck.com/js/v-utilities.js.c297ac1f.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (2645), with no line terminators Hashf9f26c82c70f0bc53dcfc8e8c30b57ab e173815e056ef6470a6efe71e935576de8277c72 70426e85ca02d77cdacac63c59b9228b8b2de1e790712b0e588a92e958745e72
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-utilities.js.c297ac1f.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-a11"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 7080
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cciKvZg%2FiF95wUEo%2Bso2G%2FJ9xmV%2Bl52PzwNSFBst5kL8%2BEjvfBY%2FZsEcleD6X9oCnoOodYRQ3TNfQUitFA%2B2SfgesEE%2FfJuUAinMhFxx5s4H%2B9hOo%2B0GwyLJfMiAvo25UFy17g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232286d635687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/config/dict/cookie-consent-1.json?v=10 | 188.114.97.1 | 200 OK | 6.8 kB |
URL GET HTTP/3adxproofcheck.com/js/config/dict/cookie-consent-1.json?v=10 IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators Hash4b2ff958e811a50d2f641818590b443d 6abae297812bb55fad869e953e7fdf7469cbe1ae 9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/json
last-modified: Thu, 30 May 2024 10:57:40 GMT
vary: Accept-Encoding
etag: W/"66585ba4-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iy%2BxwlnDwI31CBcjLcVPKQYNP4zKpvtQPnk0BMfNoFWkplxLCzIMgSbUqMRIsOGqOowJNg4c%2FvERac12SFW%2ForDhCx2HL6Jx1RgkcGA86dySpVAnFdnjUhqLuuW3meL0xJugVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232280cf65687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/SweepHeader.3006e642.js | 188.114.97.1 | 200 OK | 1.0 kB |
URL GET HTTP/3adxproofcheck.com/js/SweepHeader.3006e642.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (1037), with no line terminators Hash79f23414733a7508676439a582c9a45b 85d05d689a028772e80ad85cbc42970c8a1c3132 331450214f455d32bc96b6c859b0360ed81687f0baa41acc2704a8dea8c4b398
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/SweepHeader.3006e642.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-3f1"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5uw59V5epfpnahlHOX7RT%2FV3wTjnxSSm4qQrmcO%2FrynHMxvK8L3NNYz1Goyz8h23IHhYv9sPebf0hFiiIYOkAQtPRfo9eopum1cO%2BCIMPNbmSevJJV7fluaRXwOtjYdf1dPKAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232285d525687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-node.js.54e753f5.js | 188.114.97.1 | 200 OK | 6.3 kB |
URL GET HTTP/3adxproofcheck.com/js/v-node.js.54e753f5.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (6337), with no line terminators Hash9b733234f107deedf31e2adf8b4f3563 fd059efb9c51a7f6e330feb3b0e2f141fcf3203f b55d1093055127bb017b19c2fb4b8ee00c656fa7b383d6e487855f7f725e4db8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-node.js.54e753f5.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-186b"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6m0pVeh8YB1g%2FraRjc4L4DinubiJty5GMfWl8NvPDIXe2PiXam1rWqBjYWe4OI8Kux8DyaYijxMjktvM9GIjcbB95dohVj8%2BUJ47iCjXjuMGFc1%2FFg8gyGcIs5KTheJXq2TT%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232286d5c5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/_rtc.2611b371.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3adxproofcheck.com/js/_rtc.2611b371.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hashf6b7d19f0c398a860d217719a4841163 e423e3ccd467cc0210bc97af3c38470c5fc5ae14 7c79454f0c16400a94e45739851a47748c145cae83ea8aaa5e4c51990cdeb200
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/_rtc.2611b371.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-2fbe"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1576
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZQdwe%2FcCQmq7vnJ2vvmVLYHB8iAWYP2WLZ%2Ftd2HwpA1ciLD1bSms8niZkOMNMKuAb8Qca37%2FaVHx2hT%2BhuEcQhsTpdbTtEW3J92dfp%2Fem3cg5friHum8jpsdzWF1C1ss%2F%2FFAeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232266b125687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-domparser.js.257fba11.js | 188.114.97.1 | 200 OK | 1.7 kB |
URL GET HTTP/3adxproofcheck.com/js/v-domparser.js.257fba11.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (1772), with no line terminators Hash5e80868b82449eb8f1dc764250ad62a4 7341d0ff7862457e7adbbf35dc8dc20703ad1ea8 1907bb666bab52d4fc47c2e9f0261ddf88cd95b5c1723c033153d2085c3bd081
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-domparser.js.257fba11.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba6-6b8"
last-modified: Thu, 30 May 2024 10:57:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bMcwuCGjQ8dwA8%2FT1oCblY8%2BE22rQzde7YeWcgz%2Bmv9UYCiFjhmAz9OFLIKxL9d6YusEOvCpbGmoZeOEncauCEUWyOJFRXQY9H2hSfkPg57cYFk2BHBA28B2N7ejmOxFcpouSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232287d705687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/SurveyContainer.97d9aeb2.js | 188.114.97.1 | 200 OK | 57 kB |
URL GET HTTP/3adxproofcheck.com/js/SurveyContainer.97d9aeb2.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (57162), with no line terminators Hash5ec2dad12c5b8ccdcd1d39b20b52227c 3bcec754fcc6bfcc4ed893205d4a01d4b19cf2bd db065e10b10fac0bb29a9ceefc7e9252f7db4dcc989454d0bade5924cefa51ba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/SurveyContainer.97d9aeb2.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=57165
etag: W/"66585ba4-df4d"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPCN5GLbcSJ5CJP5OB2Wn5hDkeki6pqIbHKmjZ%2B7QXHUR4MfEFOeZeiY2hIZSGZt8nYGCE1mLCd2zwjN2GZZzFmAkHSWIvg%2Bb8WOEsjvO6UBEQFbsVl0V4OdemMDnDyCc39CTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232289d9d5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-possibleStandardNamesOptimized.js.8dc3cc1e.js | 188.114.97.1 | 200 OK | 7.6 kB |
URL GET HTTP/3adxproofcheck.com/js/v-possibleStandardNamesOptimized.js.8dc3cc1e.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashfae9e9be0e85087353907b294f2cf483 be36b25de2157a32fc05bf92a8c877404ab7dd52 127c13bf9670e58da5d4e548d0322d25434bb0df4763de38ddbbcee05ec591e6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-possibleStandardNamesOptimized.js.8dc3cc1e.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-1d99"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OxgCJbqAOSK43q4zBowbae4qq7ut6anxnZSnQA7QZccgy%2BeU9%2BeXaAZwFBRaahtaWIWrPQ3OWHMmI3we%2BFNybm3tYacV2zkBEkg%2BzqtSjqRD9sF0f9U%2FNqeOhuwnK%2F1yFisO2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232286d615687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-8.webp | 188.114.97.1 | 200 OK | 696 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-8.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash6a6742fef0cd1bd74f6da94e9fb833e1 ccaae2ff48574bbb04072b2efc5864b9177017a5 96bf5ed5aa8149269a215cf19a17889c762b8cddb2fe36229849c8379c2d4aa6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-8.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 696
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-2b8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rBA3EjuqNC6EpFafUUoqkS44HO5BU9gqEY6uqWMaeLsFWjALP3gh2%2FHpRv9aDpfnK6NteIB1RzOrttF3XEyXQhTIxI13CCOcG%2F8f9c1p445CjdUfH7g04ARaPn9kkAo3CzOaFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229cf445687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-13.webp | 188.114.97.1 | 200 OK | 640 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-13.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash8532ec97225298a9c3ae5e393f62e462 fc26fa010830045fa91a16ac9b8c89c45bb35232 9c45568c99b7782b240341ba6729ecacc59d41a8ced9b9846ca4ac51e50c5320
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-13.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 640
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-280"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GXe9o60j8dITrdyOShs%2FqUVDj7MqphDAG3GzBBLt%2FTYV%2BjswXJ%2Fpvo1qKV5Gmzjg1H7NtpwANghERqw%2FlYre%2BoQOABU20qYNXib6ou94zHj22XeiMEuRekyLR2f8fyIpN8fcDg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d2322a1fc75687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/s-storageService.js.798885b7.js | 188.114.97.1 | 200 OK | 2.2 kB |
URL GET HTTP/3adxproofcheck.com/js/s-storageService.js.798885b7.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (2216), with no line terminators Hashbe14fc9c577a51d77e86a6cf9a74d9bd 042812ff523f9dbbd9f95198e815a1f8ea1523a1 2ee24184d084ce0e7071ad5000200abf6ede10dbbda2811ae6ee5f777721c5a1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/s-storageService.js.798885b7.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-87a"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j1gnES66v9mbk6j6rGDDXwFWn8q57X03ci2znjtzeEPaATqa8v3LcPDbUoAFffWwTJGT%2BS%2FoROhiKvbaz9j7tb38GVJEPXqgrd72ATLpoDIvUIbT4aJG4Nb9Z8O%2Fo00QysIS3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232268b235687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/_core-survey.2e57df15.js | 188.114.97.1 | 200 OK | 170 kB |
URL GET HTTP/3adxproofcheck.com/js/_core-survey.2e57df15.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
Size170 kB (169803 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/_core-survey.2e57df15.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=169806
etag: W/"66585ba4-2974e"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4478
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hIhH2%2BX0tKdwEP9eQwGwitmrVecDIPEonST0LyyIAUyOevzQuqXdxOfV6ZeKdpEzPRSNbEjzqEDDmN4zMcEpyYG5ZPjhgJd9FJ60ozVerc3RKGh4MlKR9vRNJ%2BQnox5y2zCTyA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232269b455687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=00806ecb30c04a5ce29b060cfc1147d5 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=00806ecb30c04a5ce29b060cfc1147d5 IP139.45.195.8:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectrtmark.net Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash56b6e31914788542d66345f808520c4b 0152973282f1305dd257e264e7ad42b41bcc8d3b 335c84260a5f9be450fb2378fdeb909706c35366af841c675fc5323735c82c3b
GET /gid.js?userId=00806ecb30c04a5ce29b060cfc1147d5 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://adxproofcheck.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://adxproofcheck.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00806ecb30c04a5ce29b060cfc1147d5; expires=Sun, 01 Jun 2025 21:11:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| adxproofcheck.com/js/s-checkSessionStorageAvailable.ts.382a336f.js | 188.114.97.1 | 200 OK | 330 B |
URL GET HTTP/3adxproofcheck.com/js/s-checkSessionStorageAvailable.ts.382a336f.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hashd7f48de281f3ccfe4e173420018737b9 aab7fb84fc6ed80eba839821415c9f49e60b5072 3cfde76f729fe3292653cbbcdc86fc398d186fb6a5e69955d9794984a2b2b14f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkSessionStorageAvailable.ts.382a336f.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-14a"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jAkak2BffCNyQPTeIdgCttK8nZ1U1etZx%2FRQIWTAd0de6o3Igd7GJrK%2BP4cwgBBSQuxcCGRWRJZk31rzKcSL4pVn2JPGY%2BCZXuGNJaugN70pg%2BLczPhfNXKLGnouC25%2BKkBOBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232268b295687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-11.webp | 188.114.97.1 | 200 OK | 502 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-11.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash7ec874233fc75e1ec8df712b7ebbd7d2 cc219fb2b7e6057a8303283023dd1aa09a082455 9bb6b14a5a503d3c52bc6fc2e7c236a90e7971ceb41cb99e5245fcfc39ef328b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-11.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 502
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-1f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W5j5EoET8Z9w6Cgz5KDAgPwC2ljxzCZ63DoAzlldEyEZu2UBdS3XlrYsTdh1CKWBnZKp7OAQvEF0M4Jmb1BlFT0P%2BxiTI4e6mXGdXsS2ulFO7LGuGA2qUQGxFJwlxndt9ZDD6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229ff895687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/config/comments/en-sweep.json | 188.114.97.1 | 200 OK | 4.9 kB |
URL GET HTTP/3adxproofcheck.com/js/config/comments/en-sweep.json IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeASCII text, with very long lines (5602), with no line terminators Hashe365b2a50ff785aa57118984ebc86b5d 0cf187164eaa42ff7e244ba653bbde659feaa5bc 3094a84e8e909474fae4e0db6685d9b407d4493efd9389efe35caf326c95a6f0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/config/comments/en-sweep.json HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/json
last-modified: Thu, 30 May 2024 10:57:40 GMT
vary: Accept-Encoding
etag: W/"66585ba4-12f9"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OeDVCTIeXMBZMYOlkWYlPBqes%2B4hcVO31ncDRk7u6qJheT0Lsj5AVjy2LQJxKDqpHbyA4WEX%2FnCsxLtlxO5DzBVkU1ktX5S9kbCez5Mw82gSlQu2UsVSBFK%2B1vTtEWPe26R6oQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232283d375687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-dom-to-react.js.d573974c.js | 188.114.97.1 | 200 OK | 1.1 kB |
URL GET HTTP/3adxproofcheck.com/js/v-dom-to-react.js.d573974c.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (1101), with no line terminators Hashd66c7d5172d8274224057084ac77888b 3aa2c4eb445022dd4ab17c49518ff3f419e38b47 e6a46a3f79f80e8eb20c37785b6ba734f0ece6561b12b76af0379632810f2d2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-dom-to-react.js.d573974c.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba4-43d"
last-modified: Thu, 30 May 2024 10:57:40 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ax8Q5sERi%2BxbQqYhepHaK7bcBYuqOLMx0XulxuP%2BFKszePuT9hS5VA1Ez22vO0s3Q2jUQrpp3phftAkf2MRmlj9Yz4JNi5L7f105NwEg%2BnSvE64hlQn28SgAuRwZ9vq%2F4JoTjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232287d715687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-react-dom.production.min.js.af37bfca.js | 188.114.97.1 | 200 OK | 129 kB |
URL GET HTTP/3adxproofcheck.com/js/v-react-dom.production.min.js.af37bfca.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size129 kB (129356 bytes) Hashe1a21dbe501a5f60090e03f5cdbb3cf9 1cf8d0e0db05642422b75ba6c8b447ec6bfd1583 794500cf1196925b566098b9dbefabaf55955bc94b600c4980243ec290aeb2a8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-react-dom.production.min.js.af37bfca.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:23 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=129359
etag: W/"66585ba6-1f94f"
last-modified: Thu, 30 May 2024 10:57:42 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1212
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wlO8GpnYTLKp244Xu6O%2BR5FnBit2ZLeM%2BUugz5bCW%2FM%2BOXMyrUCHlk2rRqpW9ip06tXy5FbjSB5gh2t3eDILs%2FTrz1ItGtl0p5kZxwcvfR1ml5tDljJo6U%2FVWWQ83RyWZFQh%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232269b3f5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/js/v-index.mjs.218f041f.js | 188.114.97.1 | 200 OK | 35 kB |
URL GET HTTP/3adxproofcheck.com/js/v-index.mjs.218f041f.js IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash7f9f30e6493c2c91b7cf58f1cc4b2a37 3808250a1d9867178f4f2a17619aebce30309e33 86e54c09e6f4d296f17f0b5c941522d33f4b1efaaa7381ce79a08ff3ef9e94e2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.mjs.218f041f.js HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"66585ba3-89d7"
last-modified: Thu, 30 May 2024 10:57:39 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NwJjHkb49KD%2Bg2j14d2VY4CEbOwtKC%2BiNC4yknjUMRZ%2Brt5UFPFNTVkiv%2FCZfEaHYlKLkJdrGuLvw8Qkjn4cS05avc1GPsEnxn9YocGaFF2cRVm%2FHLJw4mbkX060tMPdr2U%2B8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d232286d595687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/favicon.ico | 188.114.97.1 | 200 OK | 1.2 kB |
URL GET HTTP/3adxproofcheck.com/favicon.ico IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/x-icon
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: W/"66585ba3-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1897
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WG9RRR3BoXp%2FCPbIooL68Sx8UqHe%2Fe3nDAsqxWfMrGNpSbphXfWh8k2NCRK75NN6AAeqhy95hkLecWL9BGaz8m3ZmZdgHCwaQ%2BzyqIZujhzid83aoJYLySvoC9umiE867LJn%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d2322b99ed5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-7.webp | 188.114.97.1 | 200 OK | 610 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-7.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hasheb52e160b8ea5a1e0de8b2453f46d642 4d28311b4ca822a0a74e318c9d1f54def088b509 2e9c67781abf2cfbabb240bfd08ca836658063849f3303b85027203eec1d37c5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-7.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 610
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-262"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J7JgTeof1JGQRfebupte5OEEa6nZbmJgLlOLq6jF3S0vZqyxTTn5WAYRB8AoaBqD5oY5oLy87oJ1aqxRQACTWySc9j0rOlJwm15iWSBDuDSDrYt0fxnO3nl9IXL4PRePL31a3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229bf425687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-12.webp | 188.114.97.1 | 200 OK | 668 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-12.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hashc57b8a772545ee6e05fedb58c143beb1 6cb5aef79f86275a725cfdd406c7038b24d80aa9 03389ef007f0fd3486a5c71848fd2b67cc05341cf449bcdd34a81a1d4048b090
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-12.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 668
last-modified: Thu, 30 May 2024 10:57:40 GMT
vary: Accept-Encoding
etag: "66585ba4-29c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5794
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kVIHgtyB%2FIU%2FhcTeu9zJoLjW2nvqJKnjoUun9AmTpEUe7l5ROqKeVlo5V7%2F%2Fv4ZvBFsZ8NUIi6rf1X%2Bkrnk9kvg8BvbMI7zoEBXMeZjNuiDWYc6%2BJ06KJUeJmwoNMONuOhmcXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d23229ff8c5687-OSL
alt-svc: h3=":443"; ma=86400
|
|
| adxproofcheck.com/img/comments/person-sweep-14.webp | 188.114.97.1 | 200 OK | 626 B |
URL GET HTTP/3adxproofcheck.com/img/comments/person-sweep-14.webp IP188.114.97.1:443
Requested byhttps://adxproofcheck.com/policy-sweep-check.html?offer_id=99275599&geo=NO&oaid=00806ecb30c04a5ce29b060cfc1147d5&s=820878831434076445&z=6799394&b=20430602&var=6592928&campaignid=7970865&utm_campaign=6592928&utm_medium=6799394&utm_source=zd_7970865&utm_term=20430602&utm_content=zd_public_v2&country=NO CertificateIssuerLet's Encrypt Subjectadxproofcheck.com FingerprintF1:28:81:B5:CD:22:6C:77:9A:5F:C9:C4:73:C0:3E:51:52:F8:44:F7 ValidityWed, 22 May 2024 13:53:40 GMT - Tue, 20 Aug 2024 13:53:39 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp Hash7c494127025f1ec09a96c16bf0531a36 0c2f9302c41f99da9fb5eead2c364bdbdf435156 e6443a7cdcc5ee11ece88ce10824fd79851700e4bd3dc6259d1a816182b82e5b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /img/comments/person-sweep-14.webp HTTP/1.1
Host: adxproofcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00806ecb30c04a5ce29b060cfc1147d5; syncedCookie=true; oaidts=1717276284; ID=00806ecb30c04a5ce29b060cfc1147d5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 01 Jun 2024 21:11:24 GMT
content-type: image/webp
content-length: 626
last-modified: Thu, 30 May 2024 10:57:39 GMT
vary: Accept-Encoding
etag: "66585ba3-272"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2253
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sJLz8upfmYJxuTOO8SNJ4spP2Lu0%2Bdiudc3CwJKn8qCnDegb8Nt8jxuv88pavXoGG3hSS%2FEzbR05t%2FfHi1I6PAIerU5T5qyJvWCvn8RN4DooU14pLPKYLLrck7KTKqvTABfXdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88d2322a2fcd5687-OSL
alt-svc: h3=":443"; ma=86400
|
|