| aibsidraimso.com/img/dating/jessica.webp | 172.67.191.229 | 200 OK | 20 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/jessica.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x390, Scaling: [none]x[none], YUV color, decoders should clamp Hash32015af3744ecf213e5d89661f763e88 258614fc256b6fac24fb952e4c0364ccfd309553 d9d561a628dfa01b112d7ab632da73d2270de5fae7549cc196ed0112fbbb9ebb
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/jessica.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 20200
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-4ee8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5%2BykEdVZLIOz8VmI0VBn14gtIjhls841cv8RT0mavJDuLrxFXUnSaO037jStzqvb4BEtNcEPg6up3v9%2B5aXTY0yKpsb3OgyXaio3mzw7tatVX0w5u%2BI5WDOinDIvxuvmsng"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed2656c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/location.png | 172.67.191.229 | 200 OK | 1.5 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/location.png IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typePNG image data, 61 x 98, 8-bit colormap, non-interlaced Hash66875cfbf3b97c6e58aae28214e8adef 7bfcfa2c8d5ea6c1a4a64ed7f2c85261213c4cf5 4e4d3c81874840a43119f58352787b0091a22499ad67694a1c4f531f0b47203e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/location.png HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/png
content-length: 1517
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-5ed"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FXBqHtKP%2B%2BZUWD8HD5DtLXqQp7QndGbrxRDKQScNxDa663M1GgS5HUS2uW8sZ4vH%2BuUM3E29o2IQjM4DL2lvlj2aAY4Ia8x3SbE79Y8bF8eVeZKpqW7hrDlFSn0u84OnsrcY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed2756c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/anna.webp | 172.67.191.229 | 200 OK | 14 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/anna.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x499, Scaling: [none]x[none], YUV color, decoders should clamp Hash2de563c3cbee5c2322c8ac8a2b081cd0 f281d6a51e1f9910211fa24f9f8c6b2b893fe76c b6fc298a9e5ceb3e5533137e2439179adc97db2278cdf2c07baac25e711bab27
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/anna.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 13976
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-3698"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kFdYezF2o%2BN4rvG%2BrYNSRPpzY3UvLLyBiQ7r0s96ZiJ0IaVXs7FDJ3bZMiJHVVxCqVtND0KY2lLvO6ezC0eIc6793G%2Bi9XCFGPlbmFQd0xcrpoeI9O8pdFQOlTIfmQVqfiLi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed2e56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/jayden.webp | 172.67.191.229 | 200 OK | 4.9 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/jayden.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x241, Scaling: [none]x[none], YUV color, decoders should clamp Hash1b1a762ced577ff1ae9c8e28f871f413 dd14acfc0e7b93dc6d2ca9ef13bbfd8682f62eba 7ab7205c68dd0cc636ba0be7046e43f266c131cd8725cc9857b7bb801f3113c3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/jayden.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 4912
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-1330"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8IiZmnMG%2Bl4gA7%2B4i0tenglMzua0VljfluGT6u1WNoJJ52uj1y7OEXexWkMCILDcloT3TMCoTRDRsNVpKQPNYNqn%2Bsn78baM%2BNGHW5ViIv0r3ucRtchyKoS2OTUGX2WQfXTM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed3456c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/milana.webp | 172.67.191.229 | 200 OK | 8.5 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/milana.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x375, Scaling: [none]x[none], YUV color, decoders should clamp Hasha720c0311818090ac5d0011ac1ee9169 23303f8fa9932fe369b39e9c92503147cb6b9526 d47c3085088b0964867de396473c6552befe6f13ad3946718f76f7ff8a781b6d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/milana.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 8522
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-214a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hnz1QScYNCHtCID9THbwltU1IrIYHC%2FGVHTOt8gpyJWYs%2BT1xSvXyK2enLPfGwF6M6NA%2B7jMNIW2F8PPwh8eBPj3hPSZ5WV0RBacSTlQKr6RMkgHtUrMVKyd8FS6mv2RXqKV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed3156c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/tiffany.webp | 172.67.191.229 | 200 OK | 17 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/tiffany.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 507x500, Scaling: [none]x[none], YUV color, decoders should clamp Hash121e18066a90b04b590f94d59737fb63 85be91d1428a759286aa1b9cc827c978c522415d 3cfacc85bcfc651f7052c2cc7b378ae530f27b39e88ca4e58b67816f497bad30
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/tiffany.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 17412
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-4404"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COVwLVu6P783kB0mFjiJiSD6AhBZuM3iZ17J0%2FqfAnFK%2FHD0yHy%2BQv485XysVX2cmfeR4fM6qoOs0e4%2Fch4lX1vP%2Fj8EdXNtGT%2Bsi7nOARhno08XD5kMm9%2BtJnqJxjNkhiTM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed3956c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/adriana.webp | 172.67.191.229 | 200 OK | 10 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/adriana.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp Hasha72acf36a318a48fae3269a70e595350 c89b823e53a6aca172a8998621f7767838586c25 5800f01a47e4c9266b23e3c9bc9d1cba7ca6a7860405d70bbe67c47bcea2cec0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/adriana.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 10520
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-2918"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bgL%2FfSXgzfa%2Fc%2Bh50i2yOyjW2wRu5qN%2FDLSRRN%2Fb0ZZxRbPbMN%2FP0WWMxbqJzSDENAKbwytCJgCj6Z8mgOBXUif3kVpo%2FuQnSjU3I4LN2JZh5xAySysLn9nBOlhNYyq5eT3j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed3356c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/jasmine.webp | 172.67.191.229 | 200 OK | 32 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/jasmine.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 500x620, Scaling: [none]x[none], YUV color, decoders should clamp Hash933dec2aaa8b66537ee5dbec726302b7 9d60a68e7a99263f101289bfb941c656f14d2333 03a5e38911a4cf7978c712bd809511e68327f909d5a5249df9bd75ae54f7897b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/jasmine.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 31474
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-7af2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YgI0stMuPsVzihrefzJrfTbHMoKMi3ZVHIL0ddKIDk%2BBebZyrEdcQPLfIzdVzaj5G1FT8wQ7%2FiE6Ib2qJJ6w9SQHREh2NdzTWqP2Q5T9U%2FnKATwIfW29qJN77w1JLCxICMkx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed3a56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/melisa.webp | 172.67.191.229 | 200 OK | 33 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/melisa.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 554x414, Scaling: [none]x[none], YUV color, decoders should clamp Hash41c64b4dd274f6057d54efcc99fc9c27 dfabde2e691ff0f264258a0f3974a5d6a36d66ae d31231e53199c4e75d6f82e839cdb38984b266121574c55ce85c1612f78b4278
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/melisa.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 32782
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-800e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q0Q4XweDAbuwSbW0P9%2BDeQ80JVIRgd5JPBfDSVPrK3B6HaK%2FuMaUtxOQtzBq55fEPUj4eA9VU5IUmI%2FoqGtcyAxgd0896x3VChOIzstWvW4SGeWhobeDdMYaxUyvpL6K%2FhFd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed3756c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/dating/map.webp | 172.67.191.229 | 200 OK | 19 kB |
URL GET HTTP/3aibsidraimso.com/img/dating/map.webp IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 580x580, Scaling: [none]x[none], YUV color, decoders should clamp Hashc0c1ccee54f80a107e8424ca1c3c72d2 191ad2c877f7904c22ec5c4e46262d97ff843a53 b2e5f5af4ce01433609251c3fb4e83c8bad2b9cd1ccd51d3d8249dd29f2d16de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/dating/map.webp HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aibsidraimso.com/css/survey-dating.77b63812.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: image/webp
content-length: 19442
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-4bf2"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1717
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7QZbdzKhDBG4TgOtYrOAqMAQ43ScXvjW3B%2FcEG24MtsDn4nfj9Yva2dSlpH80wLZ5Si9Dp8mIvmyAy3Ny1QuoXISxruMRROarpzVmy0QIvQnVnychbaEyA0abUS156%2BT6LWY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e13ecc56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=zliuqbr2bgdytfeggt3ho8z78myfr4sr | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=zliuqbr2bgdytfeggt3ho8z78myfr4sr IP139.45.195.8:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashc5ce196e3f4dd65cbde4280c153297cd da00559a6d9e2c31d6d3b55d09c0eaadfb31faab 5f03fa89843486d43732807eb1dd9812c1c4e886751a2ecfafa825ab4b8e4356
GET /gid.js?userId=zliuqbr2bgdytfeggt3ho8z78myfr4sr HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; expires=Thu, 08 May 2025 21:48:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| aibsidraimso.com/js/v-index.js.da9f7529.js | 172.67.191.229 | 200 OK | 14 kB |
URL GET HTTP/3aibsidraimso.com/js/v-index.js.da9f7529.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (40985), with no line terminators Hash47a5b821c80a532b5e989cf87d451283 c0f9e87128e1d7d634649fb3c7b6c08f714e79bc 2526538666fe9c7811b9afaf71794b4f8cb4f0751f62872e1a0d8c3a6c131f07
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.js.da9f7529.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40988
etag: W/"662b7651-a01c"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J6gB4x78TDYPzzha0m4nmVoebZe%2BSIgbMyNvYZE%2Bw6DOqldGnRIwLt7U%2B7ikAr4NOWCJ7E%2BRhHz0TJhYDFVmrEUJw6iejc8i94P7a7maMbP6INPdkqvTfUdNkWXsOuu6K%2Fxx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfcd0856c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/s-storageService.js.bb9f7a22.js | 172.67.191.229 | 200 OK | 819 B |
URL GET HTTP/3aibsidraimso.com/js/s-storageService.js.bb9f7a22.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (2170), with no line terminators Hasha804db09269d602a8a7a50877b60fc86 7aa84eb6c94037c3bfabdf407060ba7b9ca73ff3 f5e3a988f32cdcd8ccdff165e33a1807acdde6426cecbb464c315306ff5e6f6f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-storageService.js.bb9f7a22.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7652-87a"
last-modified: Fri, 26 Apr 2024 09:39:30 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zHErYG7zvFGUtIwj%2BBDS6hILE1zMVp3fTPnAo97wYKlOmrdn9x5OdERexCmbONtkq7oRfj6yVULrjrIgT4yNoX%2BRZihiUvvTt78klzc01Foi3btWZa6e0fIcMWjPgJpGw5Qh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfcd0956c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 741
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 45baef0b0241ed6948d89a4ab3684e82
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-length: 0
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP139.45.197.248:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-length: 0
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| aibsidraimso.com/js/v-react-dom.production.min.js.c3329619.js | 172.67.191.229 | 200 OK | 42 kB |
URL GET HTTP/3aibsidraimso.com/js/v-react-dom.production.min.js.c3329619.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashc53e5e3d8c5ca5f1c4edbce65426edfc 36cc2e7e0b893d82bf5f457c7a62374019d0f7aa ed83bf6bc001bd6f841c76b67aedfd3bc02cb28fb5537a1d55804f5ad0515e39
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-react-dom.production.min.js.c3329619.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=129359
etag: W/"662b7651-1f94f"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2FxlqDsSjwQnUzsG41WmO%2BQmfn%2Fecp%2B4FUcAFZf7LhvTq%2BXwDAZcNkhvKXAR45x44yPz6Hb8O883U30nOnfe9eJ%2BZ2LzXM6yT9t0yikRrAZxJ3hPTtyXfGzmULRgBEM0ELh4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd1256c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-html-to-dom.js.ff1ae7e0.js | 172.67.191.229 | 200 OK | 260 B |
URL GET HTTP/3aibsidraimso.com/js/v-html-to-dom.js.ff1ae7e0.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (364), with no line terminators Hashe7384582d95265db33b2a41c0a31f41b b609bec5a8718ab1c9c27a197a15e9a434c36dde c631c08f52c7380fc8f8f0247d68f9171ff8e63d41d7885b992f1374af5a995a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-html-to-dom.js.ff1ae7e0.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-16c"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6387
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ruqRMuat0NBbffY7%2Bq7jjW9uJW7isjGF6BFlIWn2BPXq5%2FmmR4ikbyl04t%2BWEu7jnpk3aTuG9jD1UwSMjU2kwJQcsGCzi4p8PPVte6KDwLhUcCGo2SLfEsMG3Kg0%2F0GnCZOj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8bd56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 821
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: c8e36166b4a1f44b54fffad983d92704
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 177 B |
IP139.45.197.248:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd0772218af510e4d684d6d362654b50b 695c414dd14162915520c5d7b078dc5db13336b2 aabfa27fcfd0b8b04efb721f3db9da912c86272468c25256c3b1e0a7a83db2a6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 155
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-type: application/json; charset=utf-8
content-length: 177
x-trace-id: 788f304b53bbca2002d8d5bec6d439f0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 822
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 4af6214ab3e8a7fad0ef5f7f8d431ea0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| aibsidraimso.com/js/v-utilities.js.d1112fc4.js | 172.67.191.229 | 200 OK | 1.3 kB |
URL GET HTTP/3aibsidraimso.com/js/v-utilities.js.d1112fc4.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (2577), with no line terminators Hash18cb151303391373ec2138ce7f10bd7f c3d6fdc026a675d23ac14beebd3a46e3e72e9dc4 93cc28fc75a9cbc865ed918e1a8d139ecf52c3a7d9a2caef63ed7092f69ee142
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-utilities.js.d1112fc4.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-a11"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1858
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ClX9k71%2Fj2avJfWvQZ8sGU621kMJeZ5UeuTjtHBNnSYO%2BkHW8tbOIztgXTzzuRzdoNxI7TbDqF3lW4kT%2Bd24H3TOYRLvZ7PVecn4brCzpaDqjqwXK4X9TB2B0vE%2FRziZacy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8b456c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-constants.js.49317f47.js | 172.67.191.229 | 200 OK | 356 B |
URL GET HTTP/3aibsidraimso.com/js/v-constants.js.49317f47.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeASCII text, with very long lines (600), with no line terminators Hash973e735a355fd5b10428c250e8fd7236 bd3fb14c90e2700400c69b15a84e317d52493bd9 16f1d5ca604ad59b9e5b484b1a0cf2d43eebda055ecee80ac847fbcc4437f0b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-constants.js.49317f47.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-258"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1858
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eclzkee1j147DiB0MVXzKgj3TGZqtL6WRHUw66BZl0bSfbGEg4aoXn7Jvhyj1dV%2BIgQCm9RQLfPUexZDWuzQ2BlUWlJRgJtupdwELJiCAQJ%2BM3VUavFZYosItpj5YKg0K0ze"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8c056c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1756
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 296feb8e20f8e7fdecb39ab856b61708
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=e5a66c03-9218-470e-a341-f4194cf98286 | 37.48.68.71 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=e5a66c03-9218-470e-a341-f4194cf98286 IP37.48.68.71:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=e5a66c03-9218-470e-a341-f4194cf98286 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1622
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 08 May 2024 21:48:46 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://aibsidraimso.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| aibsidraimso.com/img/fav/heart-apple-60.png | 172.67.191.229 | 200 OK | 1.4 kB |
URL GET HTTP/3aibsidraimso.com/img/fav/heart-apple-60.png IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typePNG image data, 60 x 60, 8-bit colormap, non-interlaced Hashf4471d411b901f4ffadfe746f4301a94 5eeccf4b904e8d7c08637ff7ea86a349ba61fd34 7c57c6ba7a764d7e5199abf41c8ae69dbc759bc31367ed49cfa9e02c44621e84
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fav/heart-apple-60.png HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:46 GMT
content-type: image/png
content-length: 1430
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-596"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rHyDLizBF1U7tSvToNPDc7ZOPaMUVf%2FvzUt3WLtREYiG1OtccChymD14ABd4YUHLSjhssJdBf9ZiPo0Cc0tu%2Bi%2BCz7FBcSqM%2B1%2FR6pBCUZaCTtjsFvZQ4%2BUylHg0qyjgKII9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e6fd5856c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/pfe/current/stattag.js | 172.67.191.229 | 200 OK | 7.7 kB |
URL GET HTTP/3aibsidraimso.com/pfe/current/stattag.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (19053), with no line terminators Hash3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/stattag.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:46 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-4a6d"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6398
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2FvSMfxmhsrruQrfyOjjSiQBvCrPtrbBG3KtHSS9ejB%2FjHOVKF0qRN0LkpZ53BWXY8mHFhcGqtAG4v0IbwLHqUF36nwrn9rSUvti7Fv5zboJ1m2%2F2ePizhAK0xvykGktqaBs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e48ade56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-dom-to-react.js.26fdf751.js | 172.67.191.229 | 200 OK | 4.1 kB |
URL GET HTTP/3aibsidraimso.com/js/v-dom-to-react.js.26fdf751.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (1085), with no line terminators Hashb9187a6f31bd6c7c0cfe0bcb37ecf60a 1150c33a65703059e43c0d85b1680aa04d4d60e6 a5f216a4ea67c8f005b6cededba525ee330a2d4f8caedc8232f44e4e163e5ebd
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-dom-to-react.js.26fdf751.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-43d"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6387
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HTuJIv0IuZlFDoi2fFXInTJmqhJ%2BPYtRag1M2EN%2FSO5ef8cgMBs0cPT1LtxgPoNUob2sAk5VfOuqqDSLFAuq0FSM7f03K9aRp2wo7qCt%2Bujqo%2BHuyhIvchx2u96Htxi%2FpEBJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8b756c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6009599&is_mobile=false&domain=aibsidraimso.com&var=7450645&ymid=%7BSOURCE_ID%7D&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6009599&is_mobile=false&domain=aibsidraimso.com&var=7450645&ymid=%7BSOURCE_ID%7D&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest IP139.45.197.251:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6009599&is_mobile=false&domain=aibsidraimso.com&var=7450645&ymid=%7BSOURCE_ID%7D&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-length: 0
x-trace-id: 474ee0fd1935f67a124692ceedd389e4
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| aibsidraimso.com/sw/sw6009599.js?var=7450645&var_3=null&var_4=null&ymid=%7BSOURCE_ID%7D&ab2_ttl=5184000000 | 172.67.191.229 | 200 OK | 1.0 kB |
URL GET HTTP/3aibsidraimso.com/sw/sw6009599.js?var=7450645&var_3=null&var_4=null&ymid=%7BSOURCE_ID%7D&ab2_ttl=5184000000 IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeASCII text, with very long lines (1013), with no line terminators Hash521128090a8d0dbdb04609dc226d9817 1b85bbd87df784696a75274358803624dd8b0313 b6749a04b94d96a39fc29a946e37d4f166699ff60ef32a86b72f6513c4a63b82
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw/sw6009599.js?var=7450645&var_3=null&var_4=null&ymid=%7BSOURCE_ID%7D&ab2_ttl=5184000000 HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:46 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1321
etag: W/"662b7650-529"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5307
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mpf0tQA%2FwgkPGn7uvI%2F%2FBOCXBh3RyDSi%2BcLoIB71J4MqTIRgKcj5ZuNrhKJso5iIkNJgt65gIHBUPzI6QpAY9vsVom2UHDgQt8lghz3gRam6iSJrpmJIoeboq%2B%2FfYRvI90AR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e3da1c56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/survey-dating.c1716d1d.js | 172.67.191.229 | 200 OK | 11 kB |
URL GET HTTP/3aibsidraimso.com/js/survey-dating.c1716d1d.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (10666), with no line terminators Hash0a2bf957221ea5d41092566e565df70d 482729d37a7b367483c26d849cd1b444c1e7c9e8 d24aaafbcf78cfb0a5dc7774000ba3a0af0b18f8e272e08866564bb4acd31c3c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/survey-dating.c1716d1d.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-29aa"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHyrMAw1OZavDxQ7PjHHggUzbRt8Qu3HNNO3ESnqg4H7fdE5tdoT%2BiJpR9pLDWwF8EVNbUuSWdhHTCNPWK6gnVgARNDQvRs2KDb32s7V2%2Fa06ELmmT1FiiEgEzCHjTJ3lqeT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd1456c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/config/sd/sd-2061-en.js?v=10 | 172.67.191.229 | 200 OK | 4.1 kB |
URL GET HTTP/3aibsidraimso.com/js/config/sd/sd-2061-en.js?v=10 IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeUnicode text, UTF-8 text, with very long lines (4256), with no line terminators Hashd6eff4cd72a173e43e019abbb79e5412 0ce63bd8cf3ec64d79d6a52656b2febc7d209762 75aff33001b426baaac9a4c8b1c197091b8fec531ca22aa1f4c7bab941991429
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/sd/sd-2061-en.js?v=10 HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7650-1020"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMNcVhtR93I1Yt1hfRcOxjWweZhuz3mh5JklwSaJkkXhDiWCZsJ6xLwSF0X4QbSFGgAOsMMjNlAAejZEddQClQxM219Dnq7863EgpJrDmyBkCqfIPOM2qT4gELzfEO0mI1JU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e14eef56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js | 172.67.191.229 | 200 OK | 330 B |
URL GET HTTP/3aibsidraimso.com/js/s-checkSessionStorageAvailable.ts.e8412d91.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash6eb1ccbb769935debb74de9858287720 5302f94074f05eb22f05368dfe3464b85c89fb48 1e016cce8f09ded837e6e46c9e26d5dddccc19bbfa89c9dc583c04d85e2c7bb4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkSessionStorageAvailable.ts.e8412d91.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7650-14a"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqNWV1%2BIgstMSR7jyLEqVFTK3wUYP3hqahf0QAAIt7NrezacA1zx8lMovk7k4x6i3ZLfWgAY0mFqwF0%2FewbNTnWyQ7vDfIrhPBQwelciI70VU4IqSvAq6MjZOATGjTV%2BAp2s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd0a56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-domparser.js.97173b2e.js | 172.67.191.229 | 200 OK | 1.7 kB |
URL GET HTTP/3aibsidraimso.com/js/v-domparser.js.97173b2e.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (1772), with no line terminators Hash46dd2964e007bc585a8f72ed695089e8 d02de9abf34cf05d707899e2562c067a8e5326bc 96d95d967e2f5ca4a1be19cf0d21f756ba2d0295ad5f4e967048054e85f6072f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-domparser.js.97173b2e.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7650-6b8"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6387
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U09d6yQPzjZ1OF6wZ9aKmCVWUJ0FM%2FGF7GlRMBXurr8uWJXCmwBAq69znshTfLF00%2FDW4zxL8lQLCd0QzH7hVytcvNYQWu%2Bpr0WKReHwpTMJnm6XiJpbaIlaZg6Va006EFQ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8b656c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/pfe/current/micro.tag.min.js?z=6009599&sw=/sw/sw6009599.js&var=7450645&var_3=null&var_4=null&ymid={SOURCE_ID}&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 | 172.67.191.229 | 200 OK | 27 kB |
URL GET HTTP/3aibsidraimso.com/pfe/current/micro.tag.min.js?z=6009599&sw=/sw/sw6009599.js&var=7450645&var_3=null&var_4=null&ymid={SOURCE_ID}&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (27174), with no line terminators Hash75c26ccd65e96e912725399ff3ce66e9 d300939979d2048844dc5ac80c51ed8121126f4e c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=6009599&sw=/sw/sw6009599.js&var=7450645&var_3=null&var_4=null&ymid={SOURCE_ID}&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
vary: Accept-Encoding
etag: W/"662b7651-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6402
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5LbRYcQfs407eVCiSGuSM85iEZTcB83oSULVb6pU8msJAI%2BkEntEoyCAw30e1aFDAns9XWiKiGkl1Dyn5BEKPgvyq2zShS5cCmdEVrogxxyMf7Ti%2FKmsf7LqpPpgPzfuHd4m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2a89856c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-node.js.28d8082c.js | 172.67.191.229 | 200 OK | 6.3 kB |
URL GET HTTP/3aibsidraimso.com/js/v-node.js.28d8082c.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (6337), with no line terminators Hashb11cf8c1d8d8183e4d11a8f17a41189c 2f912e66ec3992d21e66e7c8e4ff40a2142a4d64 9e69f7af4cfb7fa8b5eb0d67ed8a36f5d23c276ba29b7209565faefab84b71ba
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-node.js.28d8082c.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7650-186b"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LTg2%2B7Kqk8pfjJFjZZEDKYT3dZdrJunhzLvaHUy84BcBweDdP%2BvZvKs%2FJ7QrWV1ZA3uP6qASwqjq%2BA5b3WNoFmgmfq5sXn1YbZCF2II2Z4cAQzkxqweMdKkj%2BxAYOsnSCWat"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8b056c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/SurveyContainer.e2959212.js | 172.67.191.229 | 200 OK | 57 kB |
URL GET HTTP/3aibsidraimso.com/js/SurveyContainer.e2959212.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (57082), with no line terminators Hash0df7a0f05192a1af311ce45d48639a89 df29dce5914578a52af5f516ccd18d289d808951 4cde10689c1ef6c2f58585483fae6d656ccfa1d16cc282dcfbe6cb89700ae2dc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/SurveyContainer.e2959212.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=57085
etag: W/"662b7651-defd"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6387
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bih25qtcMKpZ1v4sk7UollramYxMBzvpE%2BgcjnJEr%2BbLplhqdMKqJYoYwSGerfBZE9z3WD3vkSELU338cvGcNr7IG2%2FE1O%2FhNR%2BdIqtGslwsZyScCL025tFAgeuGIkLC%2Boyb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2c8c456c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/css/_core-survey.d3ac2ee0.css | 172.67.191.229 | 200 OK | 83 B |
URL GET HTTP/3aibsidraimso.com/css/_core-survey.d3ac2ee0.css IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeASCII text, with no line terminators Hash30d726a40ffe74d794b282ca1795b44c b43155653a1b9cc8d257687df9a75e0f204db348 4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"662b7650-54"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6425
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FOm1bfKcsxs00fA5rnnyT16%2FkRG5Kfxu9AXWRC48bHIzHaIBQ1A8bkxB5g%2FKznHjDBKrfebBkYcDhOzdmjDUxJ2BGnFwzxSZ8YXPtKKOzqRHNxkG3JNc0mG5ZnMcXf2htSEB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd1756c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/_core-survey.1b09882a.js | 172.67.191.229 | 200 OK | 170 kB |
URL GET HTTP/3aibsidraimso.com/js/_core-survey.1b09882a.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
Size170 kB (169673 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_core-survey.1b09882a.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=169676
etag: W/"662b7651-296cc"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Yrlzijm0aQPKnzSCZio8%2FdTlZMkTuAmSgqh9qam3vQGHDdkfIilkVUqranfbXDRhRg9bQBlEz6jJSxpn%2F3xWutvAImwW6FOJlcvfwXriKJEyWwajS%2FaW9k2RYsosJ7Iy6nG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd1356c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-possibleStandardNamesOptimized.js.205abacb.js | 172.67.191.229 | 200 OK | 7.6 kB |
URL GET HTTP/3aibsidraimso.com/js/v-possibleStandardNamesOptimized.js.205abacb.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashf80cb2aef29b4a80d135d1a598ce1dfa 0653306df1fd8d8591f84661643825e41684d3f6 43c16ae11cea687efa4ca55dec516b23257c3fcb22c9d3541041f1816aaa7b5b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-possibleStandardNamesOptimized.js.205abacb.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-1d99"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9jAooi9NiVtAqTF5Rdkl3nlTcux0tO3QaH0CGt%2B1gkC9Z%2F21EsTf9jiTFqI3spMDqFRBhWsPw8jdIYLHFcriOKiAA1qtNkBS3VzB97U04Rnhsmu7uOrJoyK%2B3TIWP743NrPP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8b256c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-attributes-to-props.js.a2e7cd04.js | 172.67.191.229 | 200 OK | 702 B |
URL GET HTTP/3aibsidraimso.com/js/v-attributes-to-props.js.a2e7cd04.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeASCII text, with very long lines (718), with no line terminators Hash4f868b7a0330d32e1450766a54886355 4b5952301185e7b02e2cdcba80f4aea3de700c47 2435c4b396d0b35fca9f618a201479cdcd64e84d43a386eec071a4082d7a781f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-attributes-to-props.js.a2e7cd04.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-2be"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6387
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EsVhQ1OVMqUfLyN%2B%2BXpA5t5AGaCHy6e9zCiuj7HoXgP2xDBxO3fQWCi58oWEfANG%2FcO9DTh%2BYd4sSTikG5MmbpsDuEsdz%2Fnfr9n1l%2BvPNgo5W1ubcWPothLGU1pRedARNlFR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8bb56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 | 172.67.191.229 | 200 OK | 13 kB |
URL User Request GET HTTP/2aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 IP172.67.191.229:443
CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeHTML document, ASCII text, with very long lines (12804), with no line terminators Hash0b39dd8a9fcdebe718018f5c5bd97135 c168b54e019fae2227ed5cc031999737b1138a7d e649b73707b480d573816cf0e615dfef195abb6576d8e4a4e59e0d955dca49ca
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: text/html
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMXIOsZLPL07JHpwxjlsUFrOdSh%2Bk7AxAdUvKDrKHv%2FsRgpWmxoQy2DxYF9KRkfsFUKW5Oon3lwqhdJXVRyOc2K5IZsnUYzBQJX17%2BE1MpYrIPt33abHuprHOBtTr5HL5Vlc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dccb4d1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| offpichuan.com/track?offer_id=2061&z=7450645&request_var={SOURCE_ID}&variable2=xreqv663bf324000f5e44&oaid=zliuqbr2bgdytfeggt3ho8z78myfr4sr | 139.45.197.237 | 200 OK | 182 B |
URL GET HTTP/2offpichuan.com/track?offer_id=2061&z=7450645&request_var={SOURCE_ID}&variable2=xreqv663bf324000f5e44&oaid=zliuqbr2bgdytfeggt3ho8z78myfr4sr IP139.45.197.237:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashe6246b04b7d99b675f7086e756e1f242 9f3b5f5cb9b34830dc20448a0acc83bcce5d2727 5ecadcf1c19edd16643f48e47f530b024c97a5653f98a47e14c61d5270dd7881
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?offer_id=2061&z=7450645&request_var={SOURCE_ID}&variable2=xreqv663bf324000f5e44&oaid=zliuqbr2bgdytfeggt3ho8z78myfr4sr HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:46 GMT
content-type: application/json
content-length: 182
x-trace-id: 93fea73a04edaf22ae9c6b0d064fbd86
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aibsidraimso.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| aibsidraimso.com/js/config/dict/cookie-consent-1.json?v=10 | 172.67.191.229 | 200 OK | 6.8 kB |
URL GET HTTP/3aibsidraimso.com/js/config/dict/cookie-consent-1.json?v=10 IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators Hash4b2ff958e811a50d2f641818590b443d 6abae297812bb55fad869e953e7fdf7469cbe1ae 9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/json
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HXYDnTbE8%2BVGR0keCcG%2FDYSJT8MZE1zZZVLHQoewYwW%2Fh08S8p%2F9n3pxk9m3Jgseo7EVUlDlkKz9fMcZZ%2FPmRGJSE9YYQCHqCLycXmVew7I4lJDxFZHhcvJjrtaYtJ84eV%2Fy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e17f3956c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/_each-land-config.3299fec3.js | 172.67.191.229 | 200 OK | 72 kB |
URL GET HTTP/3aibsidraimso.com/js/_each-land-config.3299fec3.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash0ba3468fb169d838d511e11b5b33eaef fb53785cd4dcc6e5cf0fcebfcafed46a3968cbe9 6de414b4180a6f11c4f5a9ba570d5e97ac8e596b1f9c1bb86872a11ecd416384
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_each-land-config.3299fec3.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=72043
etag: W/"662b7651-1196b"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73pywyIQtmMnSfmIFiVJx7gyf%2FhdCEapQ4DEQsJngchIp%2Ba%2Fk29nLoEnmkEK868S4tTehjcgt2wL9VRso0TAm%2BOaBP4E7juor7YIeDYNNQXtAwWOSC5AZ7rzO%2FjiyPPL%2F9Qt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd1156c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offpichuan.com/rotate?zz=5473375;5473392;5473395;5473420;5473382;5473415&var=7450645&ymid={SOURCE_ID}&uid=zliuqbr2bgdytfeggt3ho8z78myfr4sr | 139.45.197.237 | 200 OK | 2.7 kB |
URL GET HTTP/2offpichuan.com/rotate?zz=5473375;5473392;5473395;5473420;5473382;5473415&var=7450645&ymid={SOURCE_ID}&uid=zliuqbr2bgdytfeggt3ho8z78myfr4sr IP139.45.197.237:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2685), with no line terminators Hash7b2b2a38a995629cc8737e1b18f9d73c ceeb2e7d567c4e9745c150ef22d4cfdc08fa8618 4164742813c8f333c8578c48cae5b6bb46a23bc35af4bd3847fb605666840c9d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=5473375;5473392;5473395;5473420;5473382;5473415&var=7450645&ymid={SOURCE_ID}&uid=zliuqbr2bgdytfeggt3ho8z78myfr4sr HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aibsidraimso.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 21:48:50 GMT
content-type: application/javascript
x-trace-id: 891bcbe84014a44459504d4c49ef5c02
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://aibsidraimso.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; expires=Thu, 08 May 2025 21:48:50 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| aibsidraimso.com/css/survey-dating.77b63812.css | 172.67.191.229 | 200 OK | 28 kB |
URL GET HTTP/3aibsidraimso.com/css/survey-dating.77b63812.css IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeASCII text, with very long lines (27787), with no line terminators Hashee945ebf4de130e4e4c6f3c53d2f3733 bf062d5689ab9d5c5b2e6bd0c055416198f896ca fc4662f6f7d5aac7cda0f7fc07c042c5334cb74a9fd6aea1526026be698cfc0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/survey-dating.77b63812.css HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=27797
etag: W/"662b7650-6c95"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o2eI2X1vU9ZOaEoiyqNuWQcAkfHi0R6zIJuv%2FJrFMX3PAoRlPwPJUgJEvuPNiQvOABjjnLLUgrbmfNj8y%2BVXpbcauRdDZU6w7OGsEti9I6eWsq9yLeC4nzmjT700NJQJ3vn7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfed2556c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/img/fav/heart-16.png | 172.67.191.229 | 200 OK | 324 B |
URL GET HTTP/3aibsidraimso.com/img/fav/heart-16.png IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashb4cd647d8f4287b5bfb000409bf3f467 2ecdf76086a51393192e3a963207ce1123c5bfa4 1ea844325ec9fc0f9c3b94ae21ba4673b11632ea8a5a7b588b125d5439525ca0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /img/fav/heart-16.png HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:46 GMT
content-type: image/png
content-length: 324
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-144"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 633
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SlqlqqXsoaML4Q%2BreomsNwSgAtKmmA6k9u52D8e1K7m6IiM7Ky2Nlt2sVz8QrVNj3f6M74zXtiJPWf3pbGqnkQAwEvb1r3GRORXLW0%2Fehoedz2uBB8%2BHFw%2FzfhEoMm48I4qo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e6fd5a56c5-OSL
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js | 172.67.191.229 | 200 OK | 330 B |
URL GET HTTP/3aibsidraimso.com/js/s-checkLocalStorageAvailable.ts.f2fef93d.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash9a78659da737fccc89546e61f0eb6213 84e705584bdbc81715e0326742f426c2f472d3a9 bb46fe2e65cc91e5a01a8e731754fdc9b8f30813835a673bd96b48672ac82d60
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/s-checkLocalStorageAvailable.ts.f2fef93d.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-14a"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UtFG1yEvAwdgNqIgS3%2FwwaW4uSR3au9ge2yLwvHT%2FJnPO%2Bwel554p2NWwbiMIHAgETjNgTGBipjN6E6jzO1fgmH1UknF5UXbpIUPPWG9m8DSBkSflFY%2BgEMXWJjpFTBS8YtZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd0b56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-redux-toolkit.esm.js.fe3487ca.js | 172.67.191.229 | 200 OK | 11 kB |
URL GET HTTP/3aibsidraimso.com/js/v-redux-toolkit.esm.js.fe3487ca.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash5aa3676547abc9a38889c09e69ca968d d19ea919192e86f97c34c0a5959ad05c52299aec 21648e7ba668a077e403b6bd1a38f05d55d987737b959d57e3b3c53787107eb7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-redux-toolkit.esm.js.fe3487ca.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-2c37"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VbjLlJim04SwbbdRobdEewova7mabD6U%2F78dqoCDYDAF%2B0%2F0Nsgjnvd9v%2F6pv7Wfi%2B7abl9zppU5fCe4Af6R4SPx9rYl8kYb6Yi3nvx3cFQCjiDRA4eOPegQrfKe5ycgXduJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfdd0f56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/v-index.mjs.19622407.js | 172.67.191.229 | 200 OK | 35 kB |
URL GET HTTP/3aibsidraimso.com/js/v-index.mjs.19622407.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash1de1ec2d8e7940b88970d8fbce40ed6d 510aa24127fb8bc3578d9ca4628b2eea5a84ce01 b473156bef833bcfb2e84658093f1ebc1e64011dcba904e26ccb31f1cad8b762
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/v-index.mjs.19622407.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=zliuqbr2bgdytfeggt3ho8z78myfr4sr; syncedCookie=true; oaidts=1715204925; ID=zliuqbr2bgdytfeggt3ho8z78myfr4sr
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-89d7"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XOoBSR%2B10XtZ8jYCr3zZ%2F9BARrkBgdTwnlKVez%2BFuCZ1wwznDLJzBn2zwJO0vPbdp9xceXQyP46pLVNS6PEMZijdmDyDlJeJ9wf5ctZy6G%2Fpl9ahoMI9lKvZVs7AriaHkd3%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7e2b8af56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aibsidraimso.com/js/_rtc.f86a36d7.js | 172.67.191.229 | 200 OK | 12 kB |
URL GET HTTP/3aibsidraimso.com/js/_rtc.f86a36d7.js IP172.67.191.229:443
Requested byhttps://aibsidraimso.com/dating-survey.html?campaignId={campaignId}&creativeId={creativeId}&offer_id=2061&partnerId={partnerId}&projectId={projectId}&siteId={siteId}&userId={userId}&var={SOURCE_ID}&ymid=xreqv663bf324000f5e44&z=7450645 CertificateIssuerGoogle Trust Services LLC Subjectaibsidraimso.com FingerprintBD:83:C7:C1:64:0A:BC:19:2A:0B:2A:90:B8:FE:6A:47:E1:3B:CE:C6 ValidityFri, 19 Apr 2024 10:18:38 GMT - Thu, 18 Jul 2024 10:18:37 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hash128d6eec0793a7e02c314d2f6245f260 c9f09311c3f229b770f38d0cc69b422430f1c748 bf1606ac64db254cc565a094e7162a96f31f7e48ddece56fc92c654559e5abb8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/_rtc.f86a36d7.js HTTP/1.1
Host: aibsidraimso.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 21:48:45 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-2fbe"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJ3VFvx2EXGuix72%2Ff2HArSzW8OutOPFvJjR7AZSRy88%2BZZMOytK3fBqLJotLYZeQvRk0ETiDKrhuHu3c5iXCnOnHFVRDi9yqjJsz3yhFu%2F1poCmo%2FvetZVHfCZiVY9KLGGG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ca7dfcd0656c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|